Using buildah + podman + skopeo in a container workflow

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
this is gonna be a quick demo on how to use build a pod man and scope EO to replace the dr. Damon and client tools docker as it is right now it it runs as a daemon on your system it runs his route it if you do if you build images if you do like a docker build with the doctor file it worked it does that through the daemon if you actually want to run containers it does that through the daemon and if you want to push or pull images that all happens through through the daemon that's kind of a model as an entry point for all those things when really those things can be broken out and some of them don't require a daemon at all such as image building is really just you know manipulation of files on the file system and things like that so build a pod man and scope yo can I break those into three different roles so build handles the what you consider the docker build aspects of the container workflow in building images and pushing them pod man handles the actual running of containers and then scope yo can handle all the advanced registry operations like pushing and pulling from different registries and storage types and things like that so I'm gonna try to run through that in a simple demo real quick and kind of give you a feel for how all this works in a workflow so the first thing we're going to do is create a new builder container called called Builder based on fedora so this is a kind of equivalent you're familiar with docker file syntax the all uppercase from and then a source image that's what's happening here so if I do build images you can see that I've got this fedora image that this this bill this image that I'm building is going to be based off of and if we go if we do a building containers then we can see that we've created this container called Builder and it's in US here now docker build does this under the covers for every line in your docker file it creates a container you know applies the transform that the docker file line does and then commits the there's a commit between every line this just gives you a little bit more flexibility now you're in control of when the commits happen and there doesn't that there's nothing have to be a layer for every every command you run with build-up which gives you some flexibility in terms of how the container image is put together in the end so I'm gonna install Apache and I'm gonna cut here because this metadata update takes a little while all right and we got an Apache installed if you've ever written a docker file and you run any your package manager and then install a file a lot of times you'll see is some hack to get around a limitation in the docker file syntax where it's like DNF install whatever and and DNF clean and clean all and what that's basically doing is preventing docker from storing the metadata in a layer in your final image and because there's no way to control where docker commits in in building the container image but because we we choose when to commit you got you can run that in a separate command and there's not another layer of the image that you have to worry about so we're gonna write out a simple HTML file it's not valid of course but it'll work for our uses and then we're gonna copy that into our into our builder container so this is just you know source which is in our current directory and then location inside the container and then then we're gonna set metadata on it this is this will be very familiar for you're doing docker files there's port there's command entry point things like that so we're just gonna set those for our image here we're gonna there's a service running on port 80 and our our command to run when we started the container is Apache I'll set that okay and now that we've done all that we can we can run a build to commit which creates you know what you would consider to be a docker layer right and so this so instead of doing it on after every command we can do it all at once after we've done everything we want to do and we can that gives you more flexibility over where the image layers are you know where the image layering takes place so what this is going to do is it's going to convert my builder container into an image called actually I'm going to change this we will do just you need but over HTTP all right and if we do a build images after that then you can see our image right here and I don't need this one we'll do build remove image all right it's being used by a container of course so this is a good learning experience you just do build a containers and oh yeah okay remove our image okay there you go you can see that these commands look a lot like a docker see like commands right the the sub commands and that's meant to you know so you don't have to relearn all the sub commands you know you just use your muscle memory only the you could almost create an alias docker to build a docker - Padma and things like that so anyway where was I okay so if I do build containers we can see we have our builder image here now that we've already committed it to an image so we're free to build images you can see the image that we you know we did a commit to an image now this can be deleted because we've already we've done all the intermediate stuff and we've committed at the end now we don't need this container anymore so we can just do build remove builder and they gets rid of our you know temporary container that we were doing the build in now once you do that bilder is completely able to push to dr. repositories so I can do something like this where this is okay and we can push this is docker hub so this is a push to docker happier this upload takes a little while I think I'm just gonna hang out here so if we look at this image Bush here and I'm not an expert by any means but the way I see this going down is this first push this first layer that we're pushing is basically our from it's our Fedora based image or base layer I should say this next layer is the the culmination of all the transforms we put on top of that base layer which was install it you know installing Apache and putting the index.html file in there so all the file system level transforms that we made that's all in one layer and then these two subsequent pushes I believe are the setting the metadata the port and the command those are really small pushes there and I think they only affect the you know changing the metadata on the image and I think that's a requirement visitor that's why they're in different you know separate images but as you can see you have more control over the layering and you can push the docker hub and you know docker can pull this image down kubernetes can pull it down you know this is a this is a standard image format so yeah it just it just works so if we jump over to pod man we can it's a lot we can look at our images and this is our image that we built and so let's run that so we'll do that using this command you can see that this it looks very familiar in fact you could replace this with docker and it would work with docker so it's all very familiar so if we run that yes of course it's change this in my demo script here all right so even get the container ID back and so you know if you've got scripts that read the container ID from the run command on docker it'll feed back the same thing on pod man it's a 5-man PS now we can see the container is running here and we can do all the same things that we could do with the docker command line so we can go into the pod with exec my demo is the name of the container that I gave it there so we just go in LS want we can go VAR w w HTML there's our index.html file right we can do a pod man inspect to get the IP address of our pot here and if we want to verify that we can get the pit of our entry point command and we can do in in the center go into the network namespace this pit and run IPA and you can see that it's a adapter in there has that IP address it matches up here and if we curl from the host we should be able to hit our container at IP address I'll just do that and there we go we can get our index.html out of the container and one more thing that I wanted to do was show scope EO scope EO is kind of a advanced a registry management tool so it can do a remote inspection of images which is really handy if you ever wondered you know what tags are available in a repository inspect will give you all that information in a really nice in a really nice way in fact might just run that here so we'll do is go be inspect now CEO Pio uses a number of storage and registry formats and so you have to specify a kind of a format then docker IO the latest and it will pull all the metadata out of registry and so you can see latest is my only tag and it tells you when was created and layers architecture and everything like that so Sophie oh can be a very handy tool when we did our build a push build a push is it's not calling it's not exacting out to scope you but it's using the same functionality that scope EO uses and the the full command line to do that push with scope EO is this so there's not a notion of pushing in scope EO it's more copying from one you know registry or container or image storage format to another and so you can do scope EO copy and the format that build the the storage back in the building uses is called container storage and so you put that here and then its identifier in that storage type and then docker is the storage type for the docker hub and then you can use that as the push and so that will that will do the same thing as docker push this so that's kind of how these tools work together and I think it's really cool again scope EO and build our daemon lists pod man uses cryo and run C under the covers - to manage containers running on the system so it really breaks them out and gives you more flexibility all of these are built on top of a library called Lib pod which can be extended in your in your own applications so it's really cool I'll put the links in the video description below to these repositories check them out
Info
Channel: Seth Jennings
Views: 10,280
Rating: 4.9470201 out of 5
Keywords: kubernetes, containers, docker, fedora, overlay, images
Id: VR2kae40k_I
Channel Id: undefined
Length: 13min 8sec (788 seconds)
Published: Tue Feb 27 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.