Red Hat Enterprise Linux 8 Building, Running, and Managing Containers
Total Page:16
File Type:pdf, Size:1020Kb
Red Hat Enterprise Linux 8 Building, running, and managing containers Building, running, and managing Linux containers on Red Hat Enterprise Linux 8 Last Updated: 2021-09-15 Red Hat Enterprise Linux 8 Building, running, and managing containers Building, running, and managing Linux containers on Red Hat Enterprise Linux 8 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project. The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community. All other trademarks are the property of their respective owners. Abstract This guide describes how to work with Linux containers on RHEL 8 systems using command-line tools such as podman, buildah, skopeo and runc. Table of Contents Table of Contents .P .R . E. .F . A. .C . E. 5. .M . A. .K . I.N . .G . .O . P. .E . N. S. .O . U. .R . C. .E . .M . .O . R. .E . .I N. .C . L. .U . S. .I V. .E . 6. .P .R . O. V. .I D. .I N. .G . F. .E .E . D. .B . A. .C . K. O. .N . R. .E .D . .H . .A .T . .D . O. C. .U . M. E. .N . T. .A .T . I.O . .N . 7. .C . H. .A . P. .T .E . R. 1.. .S . T. .A . R. .T .I .N . G. W. I.T . H. C. .O . .N . T. .A . I.N . E. .R . S. 8. 1.1. RUNNING CONTAINERS WITHOUT DOCKER 8 1.2. CHOOSING A RHEL ARCHITECTURE FOR CONTAINERS 9 1.3. GETTING CONTAINER TOOLS 9 1.4. SETTING UP ROOTLESS CONTAINERS 10 1.5. UPGRADING TO ROOTLESS CONTAINERS 11 1.6. SPECIAL CONSIDERATIONS FOR ROOTLESS CONTAINERS 12 .C . H. .A . P. .T .E . R. 2. T. .Y . P. .E . S. .O . .F . C. .O . .N . T. .A . I.N . E. .R . .I M. A. .G . E. .S . 1.4 . 2.1. GENERAL CHARACTERISTICS OF RHEL CONTAINER IMAGES 14 2.2. CHARACTERISTICS OF UBI IMAGES 14 2.3. UNDERSTANDING THE UBI STANDARD IMAGES 15 2.4. UNDERSTANDING THE UBI INIT IMAGES 15 2.5. UNDERSTANDING THE UBI MINIMAL IMAGES 16 2.6. UNDERSTANDING THE UBI MICRO IMAGES 17 2.7. USING THE UBI INIT IMAGES 17 2.8. USING THE UBI MICRO IMAGES 18 .C . H. .A . P. .T .E . R. 3. W. O. R. .K . I.N . G. W. I. T. H. .C . O. .N . T. .A . I.N . E. .R . .I M. A. .G . E. .S . .2 . 0. 3.1. CONFIGURING CONTAINER REGISTRIES 20 3.2. SEARCHING FOR CONTAINER IMAGES 21 3.3. PULLING IMAGES FROM REGISTRIES 21 3.4. PULLING AN IMAGE USING PODMAN 22 3.5. LISTING IMAGES 23 3.6. INSPECTING LOCAL IMAGES 23 3.7. INSPECTING REMOTE IMAGES 24 3.8. TAGGING IMAGES 24 3.9. SAVING AND LOADING IMAGES 26 3.10. REDISTRIBUTING UBI IMAGES 26 3.11. DEFINING THE IMAGE SIGNATURE VERIFICATION POLICY 27 3.12. REMOVING IMAGES 30 .C . H. .A . P. .T .E . R. 4. .W . .O . R. .K . I.N . G. .W . .I T. .H . .C . O. .N . T. .A . I.N . .E .R . S. .3 . 2. 4.1. PODMAN RUN COMMAND 32 4.2. RUNNING COMMANDS IN A CONTAINER FROM THE HOST 32 4.3. RUNNING COMMANDS INSIDE THE CONTAINER 33 4.4. LISTING CONTAINERS 34 4.5. STARTING CONTAINERS 35 4.6. INSPECTING CONTAINERS FROM THE HOST 36 4.7. MOUNTING DIRECTORY ON LOCALHOST TO THE CONTAINER 37 4.8. MOUNTING A CONTAINER FILESYSTEM 37 4.9. RUNNING A SERVICE AS A DAEMON WITH A STATIC IP 38 4.10. EXECUTING COMMANDS INSIDE A RUNNING CONTAINER 39 4.11. SHARING FILES BETWEEN TWO CONTAINERS 40 4.12. EXPORTING AND IMPORTING CONTAINERS 42 4.13. STOPPING CONTAINERS 44 4.14. REMOVING CONTAINERS 45 1 Red Hat Enterprise Linux 8 Building, running, and managing containers .C . H. .A . P. .T .E . R. 5. W. O. R. .K . I.N . G. W. I. T. H. P. .O . .D . S. .4 . 7. 5.1. CREATING PODS 47 5.2. DISPLAYING POD INFORMATION 48 5.3. STOPPING PODS 50 5.4. REMOVING PODS 50 .C . H. .A . P. .T .E . R. 6. .A . D. .D . I.N . G. .S .O . .F . T. W. A. .R . E. T. .O . .A . .R . U. .N . N. .I .N . G. U. .B . I. C. .O . .N . T. .A . I.N . E. .R . .5 . 2. 6.1. ADDING SOFTWARE TO A UBI CONTAINER ON A SUBSCRIBED HOST 52 6.2. ADDING SOFTWARE IN A STANDARD UBI CONTAINER 52 6.3. ADDING SOFTWARE IN A MINIMAL UBI CONTAINER 53 6.4. ADDING SOFTWARE TO A UBI CONTAINER ON A UNSUBSCRIBED HOST 54 6.5. BUILDING UBI-BASED IMAGES 55 6.6. USING APPLICATION STREAM RUNTIME IMAGES 56 6.7. GETTING UBI CONTAINER IMAGE SOURCE CODE 56 .C . H. .A . P. .T .E . R. 7. R. .U . N. N. .I N. .G . S. K. .O . .P . E. O. ,. B. .U . I.L . D. .A . H. ., .A . N. .D . .P . O. D. .M . .A . N. I.N . .A . .C . O. N. .T . A. .I N. .E . R. .5 . 9. 7.1. RUNNING SKOPEO IN A CONTAINER 59 7.2. RUNNING SKOPEO IN A CONTAINER USING CREDENTIALS 60 7.3. RUNNING SKOPEO IN A CONTAINER USING AUTHFILES 61 7.4. COPYING CONTAINER IMAGES TO OR FROM THE HOST 62 7.5. RUNNING BUILDAH IN A CONTAINER 63 7.6. RUNNING PODMAN IN A CONTAINER 64 .C . H. .A . P. .T .E . R. 8. .R .U . .N . N. .I N. .G . S. .P .E . C. .I A. .L . .C . O. N. .T . A. .I N. .E . R. I .M.