Video: Better know a blogger: SJVN on Linux, Microsoft, space roadsters, and more
The good news about containers, such as Docker‘s, is they make it easy to deploy applications, and you can run far more of them on a server than you can on a virtual machine. The bad news is that putting an application into a container can be difficult. That’s where Buildah comes in.
Buildah is a newly released shell program for efficiently and quickly building Open Container Initiative (OCI) and Docker compliant images and containers. Buildah simplifies the process of creating, building, and updating images while decreasing the learning curve of the container environment.
Better still, for those interested in continuous integration (CI), it’s easily scriptable and can be used in an environment where one needs to spin up containers automatically based on application calls. There’s no requirement for a container runtime daemon to be running on your system to take up resources and complicate the build process.
There’s long been a need for this kind of program. All too often IT professionals — who should know better — deploy containerized applications, which have been built by others, without knowing what’s inside them. This makes as much sense as running an unknown installation program on Windows. While there are companies, such as Bitnami, which creates trustworthy containers, all too often people seize on the first containerized application they can find that meets their needs.
With Buildah, you can now easily build your own containerized application using just the components you need and trust. Red Hat‘s consulting software engineer Daniel Walsh, explained, “I challenged my engineering team to create a ‘coreutils’ of container images — essentially, a utility that could be used with existing container host tools like cp, make, yum, and more to build OCI and Docker container images. These images could then be stored at container registries and used by a multitude of container runtimes.”
Buildah was the result. Oh, and the name? Walsh wrote, “The engineers asked me what to call it and I responded: ‘Just call it builder.’ The engineers heard my Boston accent and `Buildah` was born.”
Buildah provides only the bare necessities needed to create or change Linux container images making it easier to integrate into existing application build pipelines.
Walsh added, “When we say ‘bare necessities,’ we mean it. Buildah allows for the on-the-fly creation of containers from scratch–think of it as an empty box. For example, Buildah can assemble containers that omit things like package managers (DNF/YUM), that are not required by the final image. So not only can Buildah provide the capability to build these containers in a less complex and more secure fashion, it can cut bloat (and therefore image size) and extend customization to what you need in your cloud-native applications.”
In addition, “Since Buildah is daemonless, it is easier to run it in a container without setting up special infrastructure on the host or “leaking” host sockets into the container. You can run Buildah inside of your Kubernetes (or enterprise Kubernetes, like Red Hat OpenShift) cluster.”
With this first 1.0 release, Buildah supports external read/write volumes during builds. This enables developers to build container images that reference external volumes while being built, but without having to ship those external volumes in the completed image. This simplifies image creation without bloating those images with unnecessary and unwanted production artifacts.
In addition, Buildah can help create images, which better comply with Federal Information Processing Standards (FIPS). With this, you can use Buildah to build and run containers in FIPS mode for customers that require FIPS-compliant applications.
Finally, Buildah now also offers multi-stage builds, multiple container transport methods for pulling and pushing images. By focusing solely on building and manipulating container images, Buildah is a useful tool for anyone working with Linux containers. Whether you’re a developer testing images locally or you’re looking for an independent image builder for a production toolchain, Buildah is a worthy addition to your container toolbelt.
Want to try it for yourself?
Run the following on a Red Hat, Fedora, or CentOS Linux system:
yum -y install buildah
I think you’ll like it.