SlideShare a Scribd company logo

Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building and Securing images

Mihai Criveti
Mihai Criveti

Friday Brunch - a Kubernetes Story - Day 2: Build containers with Buildah, Skopeo and Quay.io https://www.youtube.com/watch?v=ygJrzMIZiWQ In this workshop you'll learn how to build and manage containers, publish images to Quay, then install and deploy containers onto OpenShift. Experience new tools to build, manage and deploy containerized applications following best practices. Learn how to build containers locally with podman, skopeo and buildah, publish and scan containers for vulnerabilities - and deploy containerized applications locally or on cloud using Kubernetes and OpenShift! Mihai will take you through the process of: Day 1 = Build: Building and running container images locally with podman, skopeo and buildah. Building containers for years or just getting started? Check out these new tools that help you build and run containers locally, and how they can help you get started with Kubernetes and OpenShift. Learn some of the best practices on how you can build containers that run as regular users and how to automate the container build process using buildah. Learn about the Universal Base Image and how you can start your image builds from a known, trusted source. and then over the next two Fridays the story will evolve as follows... Day 2 = Publish: Publishing container images to quay.io and scanning containers for vulnerabilities and container best practices Day 3 = Deploy: Getting started with OpenShift using CodeReady Containers or OKD and deploying containers on a Kubernetes Platform (Red Hat OpenShift / OKD / CRC)

Software
1 of 65
Download to read offline
Friday Brunch - A Kubernetes and OpenShift Story Day 2 - Container Registry - Quay.io Mihai Criveti, CTO Cloud Native and Red Hat Solutions IBM, STSM, RHCE November 23, 2020 1
OpenShift Workshop Podman, Skopeo and Buildah Running Containers with Podman Building Containers with Podman from a Dockerfile Building Containers with Buildah quay.io tutorial 2
OpenShift Workshop
Workshop Overview Day 1 • Install podman, buildah and skopeo Day 2 • Publish images to external registries • Quay.io - Publishing Container Images to container registry Day 3 1. Install CodeReady Containers, Create a project called wordpress, 2. Create users and groups and setup htpassword authentication 3. Deploy mysql from registry.redhat.io/rhel8/mysql-80 and configure the secret 4. Deploy wordpress from docker.io/library/wordpress:5.5.0-php7.2-apache 5. Create a route and test wordpress, scale out 3
Resources and Links • https://podman.io/getting-started/ • https://github.com/containers/buildah • https://github.com/containers/skopeo • https://developers.redhat.com/products/rhel/ubi • https://quay.io/ • https://www.katacoda.com/courses/containers-without-docker/running-containers-with-podman • https://developers.redhat.com/products/codeready-containers/overview 4
Podman, Skopeo and Buildah
Podman Overview What is Podman? Figure 1: podman - manage pods, containers and OCI compliant container images How is Podman different? • Can be run as a regular user without requiring root. • Can manage pods (groups of one or more containers that operate together). • Lets you import Kubernetes definitions using podman play. • Fork-exec model instead of client-server model (containers are child processes of podman). • Compatible with Docker, Docker Hub or any OCI compliant container implementation. 5
Buildah What is Buildah? Figure 2: buildah - build container images from CLI or Dockerfiles How is Buildah different? • Containers can be build using simple CLI commands or shell scripts instead of Dockerfiles. • Images can then be pushed to any container registry and can be used by any container engine, including Podman, CRI-O, and Docker. • Buildah is also often used to securely build containers while running inside of a locked down container by a tool like Podman, OpenShift/Kubernetes or Docker. 6
Skopeo What is Skopeo? Figure 3: skopeo - inspect and copy containers and images between different storage How does Skopeo help? • It can copy images to and from a host, as well as to other container environments and registries. • Skopeo can inspect images from container image registries, get images and image layers, and use signatures to create and verify images. 7
Red Hat Image Sources Explained Red Hat Software Collections Library (RHSCL) • For developers that need the latest versions of tools not in the RHEL release schedule. • Use the latest development tools without impacting RHEL. • Available to all RHEL subscribers. Red Hat Container Catalog (RHCC) • Certified, curated and texted images built on RHEL. • Images have gone through a QA process. • Upgraded on a regular bases to avoid security vulnerabilities. Quay.io • Public / private container repository. 8
Universal Base Image - UBI Red Hat Universal Base Image - UBI Figure 4: UBI - Freely distributable OCI compliant secure container base images based on RHEL How does UBI Help? • More than just a base image, UBI provides three base images across RHEL 7 and RHEL 8: ubi, ubi-minimal and ubi-init • And a set of language runtimes (ex: nodejs, ruby, python, php, perl, etc.) • All packages in UBI come from RHEL channels and are supported on RHEL and OpenShift. • Secure by default, maintained and supported by Red Hat. 9
The Red Hat Container Catalog Certified container images from Red Hat and 3rd party vendors Figure 5: Container Images with a Container Health Index Pulling a container image podman pull registry.access.redhat.com/ubi8/python-38 10
Podman Compose What is podman-compose? • An implementation of docker-compose with Podman backend. Why podman-compose and when to use it? • run unmodified docker-compose.yaml files, rootless • no daemon or setup required • Only depends on podman, Python 3 and PyYAML. When NOT to use podman-compose? • When you can use podman pod or podman generate and podman play‘ instead to create pods or import Kubernetes definitions. • For single-machine development, consider CodeReady Containers • For multi-node clusters, check out Red Hat OpenShift, Kubernetes or OKD. 11
Install podman, buildah and skopeo Fedora 32 / RHEL 8 # Install podman, buildah and skopeo on Fedora 32 sudo dnf -y install podman buildah skopeo slirp4netns fuse-overlayfs Ubuntu / Debian sudo apt update && sudo apt -y install podman buildah skopeo Getting help podman version podman --help # list available commands man podman-ps # or commands like run, rm, rmi, image, build podman info # display podman system information https://podman.io/getting-started/installation 12
Rootless Containers and cgroup v2 Note that our regular user has UID 1000 uid=1000(cmihai) gid=1000(cmihai) groups=1000(cmihai) What are UIDs mapped to inside the container? podman unshare cat /proc/self/uid_map 0 1000 1 1 100000 65536 UID 0 is mapped my UID (1000). UID 1 is mapped to 100000, UID 2 would map to 100001, etc. That means that a container UID of 27 would map to UID 1000026. Let’s test this mkdir test && podman unshare chown 27:27 test ls -ld test drwxrwxr-x. 2 100026 100026 4096 Sep 27 09:38 test 13
Running Containers with Podman
Searching for Images with podman search Configure search sources grep search /etc/containers/registries.conf unqualified-search-registries = ['registry.fedoraproject.org', 'registry.access.redhat.com', 'registry.centos.org', 'docker.io'] Searching for images (with filters) podman search httpd --filter=is-official INDEX NAME DESCRIPTION STARS OFFICIAL docker.io docker.io/library/httpd The Apache HTTP Server 3181 [OK] 14
Adding a local registry configuration Create a configuration file mkdir -p ~/.config/containers Add public and private registries in search order vim $HOME/.config/containers/registries.conf [registries.search] registries = ["registry.access.redhat.com", "quay.io", "docker.io"] [registries.insecure] registries = ['localhost:5000'] 15
Inspecting and pulling images Inspecting Images with skopeo (ex: listing tags) skopeo inspect docker://docker.io/library/httpd Inspect the image with podman and show image history podman inspect httpd:2.4.46-alpine podman history httpd:2.4.46-alpine Pulling Images locally with podman pull podman pull docker.io/library/httpd:2.4.46-alpine podman images 16
Running containers in interactive mode Run an interactive session podman run --name ubuntu --hostname ubuntu --interactive --tty ubuntu /bin/bash Reattach podman start --attach --interactive ubuntu Delete your container on exit podman run --rm --name ubuntu --hostname ubuntu --interactive --tty ubuntu /bin/bash 17
Running Containers in the background Run a sample httpd container to serve a webpage # Run a container in the background, bind port 8080 podman run --name httpd --detach --publish 8080:8080/tcp registry.fedoraproject.org/f29/httpd • We’ve named the container httpd to make it easier to access later. • Port 8080 inside the container is redirected to 8080 on the host. • Notice that we’re using an image that binds to a non-privileged (8080) port. Test the webpage curl localhost:8080 Check the process ps -ef | grep podman 18
Check container status and logs Check the container status and logs # List the running containers podman ps # Inspect the (last) ran container - check the Env and IP sections podman inspect -l # Check the container logs podman logs httpd 19
Starting and stopping containers Stop the container and check the status podman stop httpd podman ps -a IMAGE CREATED STATUS httpd:latest 5 minutes ago Exited (0) 2 seconds ago Start the container back podman start httpd podman ps CREATED STATUS PORTS NAMES 7 minutes ago Up 13 seconds ago 0.0.0.0:8080->8080/tcp httpd 20
Using Environment Variables Search and inspect an image podman search mysql-57-rhel7 skopeo inspect docker://registry.access.redhat.com/rhscl/mysql-57-rhel7 | grep usage Deploy MySQL podman run --name mysql -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=mydb -e MYSQL_ROOT_PASSWORD=password --detach rhscl/mysql-57-rhel7:latest Check the logs podman logs mysql 21
Executing a command in a running container with podman-exec Inspect the environment (different methods show) podman inspect -f '{{ .NetworkSettings.IPAddress }}' mysql podman exec mysql env Execute a shell inside the mysqld container podman exec -it mysql bash mysql -uroot show databases; use mydb; exit Execute a command podman exec -it mysql /opt/rh/rh-mysql57/root/usr/bin/mysql -uuser -ppassword -e 'show databases;' 22
Container Resources Check processes inside container podman top -l USER PID PPID %CPU ELAPSED TTY TIME COMMAND default 1 0 0.000 2m4.13954806s ? 0s httpd -D FOREGROUND default 18 1 0.000 2m4.139682033s ? 0s /usr/bin/coreutils Display live stream of resource usage statistics podman stats ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS 00b65 httpd 0.07% 40.91MB / 67.4GB 0.06% -- / -- -- / -- 217 Check published ports podman port -l 8080/tcp -> 0.0.0.0:8080 23
Commiting, Saving and Loading Images Create an image podman run --name ubuntu-apache2 --hostname ubuntu-apache2 --interactive --tty ubuntu:20.04 /bin/bash # Install Apache HTTPD apt update && apt install -y apache2 && exit List changed files (A - added, C - changed, D - deleted) podman diff ubuntu-apache2 Commit image from container with entrypoint and label podman commit --change CMD=/bin/bash --change ENTRYPOINT=/bin/sh --change "LABEL author=cmihai" ubuntu ubuntu-apache2 Save an image podman save -o ubuntu-apache2.tar ubuntu-apache2 Load an image podman load -i ubuntu-apache2.tar ubuntu-apache2 24
Modifying the Apache image port form 80 to 8080 Use podman commit to create a custom Apache HTTPD image that listens on port 8080. Search for the official image and run it podman search httpd --filter=is-official podman run -it --name httpd-docker docker.io/library/httpd:2.4 /bin/bash Change the port name sed -i 's/Listen 80/Listen 8080/g' /usr/local/apache2/conf/httpd.conf exit Same to a new image podman stop httpd-docker podman diff httpd-docker podman commit -a 'Mihai' httpd-docker cmihai/httpd:2.4 podman images | grep cmihai/httpd podman rm httpd-docker Test the new image podman run --detach --publish 8080:8080 --name httpd-cmihai docker.io/library/httpd:2.4 curl localhost:8080 25
Tagging or Removing Tags from Images Tag and image podman tag ubuntu-apache2 cmihai/apache2 podman tag ubuntu-apache2 cmihai/apache2:latest Remove a tag from an image podman rmi cmihai/apache2:latest 26
Pusing an image to a Registry Tag the image in your local repository podman tag ubuntu-apache2 quay.io/apache2:latest Push to quay.io podman push quay.io/cmihai/apache2:latest Example build and push podman login quay.io podman build --layers=false -t cmihai/jupyterlab:python38 . podman tag localhost/cmihai/jupyterlab:python38 quay.io/cmihai/jupyterlab:latest podman push quay.io/cmihai/jupyterlab:latest 27
Volumes Create a volume directory on the host and provide permissions mkdir myvol podman unshare chown 999:999 myvol https://www.redhat.com/sysadmin/user-namespaces-selinux-rootless-containers Create a container and attach a volume to /data as rw podman run --rm --name ubuntu --volume ./myvol:/data:Z --interactive --tty ubuntu /bin/bash 28
SELinux Permissions - Manual approach without using unshare Let’s check what a MySQL container runs as podman run -ti rhscl/mysql-57-rhel7:latest grep mysql /etc/passwd mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin Create a directory with owner and group root and give matching permissions sudo mkdir mysql-data && sudo chown -R 27:27 mysql-data Apply the SELinux container_file_t context and policy sudo semanage fcontext -a -t container_file_t './mysql-data(/.*)?' sudo restorecon -Rv ./mysql-data 29
Running MySQL with a host directory volume Start MySQL podman run --name mysql -v ./mysql-data:/var/lib/mysql/data:Z -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=mydb -e MYSQL_ROOT_PASSWORD=password --detach rhscl/mysql-57-rhel7:latest Troubleshoot logs and permissions podman logs mysql; sudo find ./mysql-data; ls -dnZ mysql-data drwxrwxr-x. 6 100026 100026 system_u:object_r:container_file_t:s0:c303,c890 4096 Sep 27 09:09 mysql-data Check out the permissions inside the container podman exec mysql ls -lanZ /var/lib/mysql/data drwxrwxr-x. 27 27 system_u:object_r:container_file_t:s0:c303,c890 . 30
Cleanup Stop and remove the container podman stop httpd podman rm httpd podman ps -a # Check that the containers are deleted Removing the container image podman rmi registry.fedoraproject.org/f29/httpd podman images # List images Delete everything (stopped containers, pods, dangling images and build cache) podman system prune 31
Setting a container to start at boot using systemd Enable SELinux and start your container setsebool -P container_manage_cgroup on sudo podman run -d --name redis_server -p 6379:6379 redis vim /etc/systemd/system/redis-container.service [Unit] Description=Redis container [Service] Restart=always ExecStart=/usr/bin/podman start -a redis_server ExecStop=/usr/bin/podman stop -t 2 redis_server [Install] WantedBy=local.target Enable the service systemctl enable redis-container.service systemctl start redis-container.service systemctl stop redis-container.service systemctl restart redis-container.service 32
Creating a Wordpress + MariaDB Server pod Create a volume and apply permissions mkdir mariadb-data && podman unshare chown 999:999 mariadb-data Create a pod podman pod create --publish 127.0.0.1:8888:80 --name wordpress-pod Start a pod to get info podman run --rm mariadb:latest --verbose --help Start MariaDB with a custom configuration and data volume podman run --name mariadb --pod wordpress-pod -v ./mariadb-data:/var/lib/mysql:Z -e MYSQL_USER=wpsuser -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=wordpress -e MYSQL_ROOT_PASSWORD=password --detach mariadb:10.5.5 Start wordpress podman run --name wordpress --pod wordpress-pod -e WORDPRESS_DB_HOST=127.0.0.1:3306 -e WORDPRESS_DB_USER=wpsuser -e WORDPRESS_DB_PASSWORD=password -e WORDPRESS_DB_NAME=wordpress 33
Building Containers with Podman from a Dockerfile
Building container images from Dockerfile with podman Create a Dockerfile for Jupyter Lab starting from a UBI FROM registry.access.redhat.com/ubi8/python-38 RUN pip install --upgrade --no-cache-dir jupyterlab EXPOSE 8888 CMD [ "jupyter","lab","--ip=0.0.0.0" ] Build the container image podman build --layers=false -t cmihai/jupyterlab . Test the image podman run --name jupyterlab --detach --publish 8888:8888/tcp cmihai/jupyterlab podman logs jupyterlab # Retrieve the token to log in 34
FROM 35
ARG 36
LABEL 37
RUN 38
ADD 39
COPY 40
WORKDIR 41
USER 42
CMD 43
ENTRYPOINT 44
HOW CMD AND ENTRYPOINT INTERACT 45
EXPOSE 46
ENV 47
VOLUME 48
Security and Permissions 49
Dockerfile Examples 50
Building Containers with Buildah
Building container images with buildah container=$(buildah from fedora) buildah run ${container} dnf install -y texlive wget https://github.com/jgm/pandoc/releases/download/2.9.2/pandoc-2.9.2-linux-amd64.tar.gz tar zxf pandoc-2.9.2-linux-amd64.tar.gz buildah copy ${container} pandoc-2.9.2/bin /usr/local/bin buildah commit ${container} cmihai/pandoc buildah images buildah inspect ${container} podman run cmihai/pandoc pandoc --version 51
quay.io tutorial
Logging into Quay After creating a quay.io account and password, login using podman podman login quay.io Username: cmihai Password: ( password here) 52
Creating a new container Create a new container image based on UBI8 Minimal podman run --name ubi8-httpd -it registry.access.redhat.com/ubi8/ubi-minimal:latest /bin/bash microdnf update -y microdnf -y install httpd microdnf clean all rm -rf /var/cache/yum 53
Commit the container image Get the container ID (or name) and commit the changes to an image podman ps -l podman commit ubi8-httpd quay.io/cmihai/ubi8-httpd:latest Check that the image is there podman images | grep cmihai/ubi8-httpd quay.io/cmihai/ubi8-httpd latest 8535a6affc3e 15 seconds ago 209 MB 54
Building the same image using a Dockerfile FROM registry.access.redhat.com/ubi8/ubi-minimal USER root LABEL maintainer="Mihai Criveti" # Update image RUN microdnf update -y && microdnf install -y httpd && microdnf clean all && rm -rf /var/cache/yum && echo "Apache" > /var/www/html/index.html # Port EXPOSE 80 # Start the service CMD ["-D", "FOREGROUND"] ENTRYPOINT ["/usr/sbin/httpd"] Build and tag the image podman build . -t cmihai/ubi8-httpd:latest podman tag localhost/cmihai/ubi8-httpd quay.io/cmihai/ubi8-httpd:latest 55
Test the image Run the image podman run --detach --name httpd --publish 8080:80 quay.io/cmihai/ubi8-httpd:latest Check logs and server status podman logs httpd podman port -l curl localhost:8080 56
Push the image to quay Push the local tagged image to quay.io podman push quay.io/cmihai/ubi8-httpd 57
Check the image on quay.io Check that the image is there podman pull https://quay.io/repository/cmihai/ubi8-httpd Visit the image page: See: https://quay.io/repository/cmihai/ubi8-httpd Customize the image information • Create a Description 58
Creating a build directly on quay.io 1. Go to https://quay.io/repository/cmihai/ubi8-httpd?tab=builds 2. Upload your build Dockerfile 59

Recommended

Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usageDocker, Inc.
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
Docker on Power Systems
Docker on Power SystemsDocker on Power Systems
Docker on Power SystemsCesar Maciel
 
Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...
Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...
Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...inwin stack
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
An Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerAn Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerMongoDB
 
Container security
Container securityContainer security
Container securityAnthony Chow
 

Recommended

Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usageDocker, Inc.
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
Docker on Power Systems
Docker on Power SystemsDocker on Power Systems
Docker on Power SystemsCesar Maciel
 
Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...
Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...
Intel - optimizing ceph performance by leveraging intel® optane™ and 3 d nand...inwin stack
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCIHungWei Chiu
 
An Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerAn Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerMongoDB
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Oracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptOracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptChien Chung Shen
 
Ceph and Openstack in a Nutshell
Ceph and Openstack in a NutshellCeph and Openstack in a Nutshell
Ceph and Openstack in a NutshellKaran Singh
 
Ansible, MongoDB Ops Manager and AWS v1.1
Ansible, MongoDB Ops Manager and AWS v1.1Ansible, MongoDB Ops Manager and AWS v1.1
Ansible, MongoDB Ops Manager and AWS v1.1Michael Lynn
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephSage Weil
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희NAVER D2
 
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...Tom Limoncelli
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsRamit Surana
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsSeniorStoryteller
 
Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and ThenAngel Borroy López
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesLuciano Fiandesio
 
Oracle Database Management Basic 1
Oracle Database Management Basic 1Oracle Database Management Basic 1
Oracle Database Management Basic 1Chien Chung Shen
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
How to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsHow to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsSandesh Rao
 
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...Ludovico Caldara
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerAndrejs Vorobjovs
 
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017Amazon Web Services Korea
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESLudovico Caldara
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesAkihiro Suda
 
Troubleshooting PostgreSQL Streaming Replication
Troubleshooting PostgreSQL Streaming ReplicationTroubleshooting PostgreSQL Streaming Replication
Troubleshooting PostgreSQL Streaming ReplicationAlexey Lesovsky
 
Kubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanKubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanMihai Criveti
 
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...Mihai Criveti
 

More Related Content

What's hot

Oracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptOracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptChien Chung Shen
 
Ceph and Openstack in a Nutshell
Ceph and Openstack in a NutshellCeph and Openstack in a Nutshell
Ceph and Openstack in a NutshellKaran Singh
 
Ansible, MongoDB Ops Manager and AWS v1.1
Ansible, MongoDB Ops Manager and AWS v1.1Ansible, MongoDB Ops Manager and AWS v1.1
Ansible, MongoDB Ops Manager and AWS v1.1Michael Lynn
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephSage Weil
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희NAVER D2
 
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...Tom Limoncelli
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsRamit Surana
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsSeniorStoryteller
 
Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and ThenAngel Borroy López
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesLuciano Fiandesio
 
Oracle Database Management Basic 1
Oracle Database Management Basic 1Oracle Database Management Basic 1
Oracle Database Management Basic 1Chien Chung Shen
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
How to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsHow to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsSandesh Rao
 
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...Ludovico Caldara
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerAndrejs Vorobjovs
 
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017Amazon Web Services Korea
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESLudovico Caldara
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesAkihiro Suda
 
Troubleshooting PostgreSQL Streaming Replication
Troubleshooting PostgreSQL Streaming ReplicationTroubleshooting PostgreSQL Streaming Replication
Troubleshooting PostgreSQL Streaming ReplicationAlexey Lesovsky
 

What's hot (20)

Oracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptOracle Database SQL Tuning Concept
Oracle Database SQL Tuning Concept
 
Ceph and Openstack in a Nutshell
Ceph and Openstack in a NutshellCeph and Openstack in a Nutshell
Ceph and Openstack in a Nutshell
 
Ansible, MongoDB Ops Manager and AWS v1.1
Ansible, MongoDB Ops Manager and AWS v1.1Ansible, MongoDB Ops Manager and AWS v1.1
Ansible, MongoDB Ops Manager and AWS v1.1
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for Ceph
 
[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희[213]monitoringwithscouter 이건희
[213]monitoringwithscouter 이건희
 
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
The BlackBox Project: Safely store secrets in Git/Mercurial (originally for P...
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its components
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
 
Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and Then
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutes
 
Oracle Database Management Basic 1
Oracle Database Management Basic 1Oracle Database Management Basic 1
Oracle Database Management Basic 1
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
How to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata EnvironmentsHow to Use EXAchk Effectively to Manage Exadata Environments
How to Use EXAchk Effectively to Manage Exadata Environments
 
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...
Oracle Active Data Guard 12c: Far Sync Instance, Real-Time Cascade and Other ...
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource Manager
 
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
AWS와 Docker Swarm을 이용한 쉽고 빠른 컨테이너 오케스트레이션 - AWS Summit Seoul 2017
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
 
Troubleshooting PostgreSQL Streaming Replication
Troubleshooting PostgreSQL Streaming ReplicationTroubleshooting PostgreSQL Streaming Replication
Troubleshooting PostgreSQL Streaming Replication
 

Similar to Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building and Securing images

Kubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanKubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanMihai Criveti
 
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...Mihai Criveti
 
12.+Managing+Containers.pdf
12.+Managing+Containers.pdf12.+Managing+Containers.pdf
12.+Managing+Containers.pdfVikrantSChohaan
 
Containers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkRed Hat Developers
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 augVincent De Smet
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesArun Gupta
 
Mihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with DockerPatrick Mizer
 
Lean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and DrushLean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and DrushPantheon
 
Running the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerRunning the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerGuido Schmutz
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDocker, Inc.
 
Docker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualizationDocker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualizationSuresh Balla
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxIgnacioTamayo2
 
TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...
TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...
TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...tdc-globalcode
 
CI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day ThailandCI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day ThailandTroublemaker Khunpech
 

Similar to Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building and Securing images (20)

Kubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanKubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with Podman
 
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...
OpenShift Commons - Adopting Podman, Skopeo and Buildah for Building and Mana...
 
12.+Managing+Containers.pdf
12.+Managing+Containers.pdf12.+Managing+Containers.pdf
12.+Managing+Containers.pdf
 
Containers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech Talk
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and Kubernetes
 
Mihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti - PyCon Ireland - Automate Everything
Mihai Criveti - PyCon Ireland - Automate Everything
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with Docker
 
Lean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and DrushLean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and Drush
 
Running the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker ContainerRunning the Oracle SOA Suite Environment in a Docker Container
Running the Oracle SOA Suite Environment in a Docker Container
 
docker.pdf
docker.pdfdocker.pdf
docker.pdf
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
 
Docker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualizationDocker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualization
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...
TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...
TDC2016POA | Trilha Cloud Computing - Source-to-image - How to transform any ...
 
CI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day ThailandCI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
 
Geode on Docker
Geode on DockerGeode on Docker
Geode on Docker
 

More from Mihai Criveti

10 Limitations of Large Language Models and Mitigation Options
10 Limitations of Large Language Models and Mitigation Options10 Limitations of Large Language Models and Mitigation Options
10 Limitations of Large Language Models and Mitigation OptionsMihai Criveti
 
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...Mihai Criveti
 
Ansible Workshop for Pythonistas
Ansible Workshop for PythonistasAnsible Workshop for Pythonistas
Ansible Workshop for PythonistasMihai Criveti
 
Data Science at Scale - The DevOps Approach
Data Science at Scale - The DevOps ApproachData Science at Scale - The DevOps Approach
Data Science at Scale - The DevOps ApproachMihai Criveti
 
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesMihai Criveti
 
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...Mihai Criveti
 
Kubernetes Story - Day 3: Deploying and Scaling Applications on OpenShift
Kubernetes Story - Day 3: Deploying and Scaling Applications on OpenShiftKubernetes Story - Day 3: Deploying and Scaling Applications on OpenShift
Kubernetes Story - Day 3: Deploying and Scaling Applications on OpenShiftMihai Criveti
 
Container Technologies and Transformational value
Container Technologies and Transformational valueContainer Technologies and Transformational value
Container Technologies and Transformational valueMihai Criveti
 
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...Mihai Criveti
 

More from Mihai Criveti (9)

10 Limitations of Large Language Models and Mitigation Options
10 Limitations of Large Language Models and Mitigation Options10 Limitations of Large Language Models and Mitigation Options
10 Limitations of Large Language Models and Mitigation Options
 
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...
Retrieval Augmented Generation in Practice: Scalable GenAI platforms with k8s...
 
Ansible Workshop for Pythonistas
Ansible Workshop for PythonistasAnsible Workshop for Pythonistas
Ansible Workshop for Pythonistas
 
Data Science at Scale - The DevOps Approach
Data Science at Scale - The DevOps ApproachData Science at Scale - The DevOps Approach
Data Science at Scale - The DevOps Approach
 
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
 
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
DevOps for Data Engineers - Automate Your Data Science Pipeline with Ansible,...
 
Kubernetes Story - Day 3: Deploying and Scaling Applications on OpenShift
Kubernetes Story - Day 3: Deploying and Scaling Applications on OpenShiftKubernetes Story - Day 3: Deploying and Scaling Applications on OpenShift
Kubernetes Story - Day 3: Deploying and Scaling Applications on OpenShift
 
Container Technologies and Transformational value
Container Technologies and Transformational valueContainer Technologies and Transformational value
Container Technologies and Transformational value
 
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
 

Recently uploaded

Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 

Recently uploaded (20)

Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 

Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building and Securing images

  • 1. Friday Brunch - A Kubernetes and OpenShift Story Day 2 - Container Registry - Quay.io Mihai Criveti, CTO Cloud Native and Red Hat Solutions IBM, STSM, RHCE November 23, 2020 1
  • 2. OpenShift Workshop Podman, Skopeo and Buildah Running Containers with Podman Building Containers with Podman from a Dockerfile Building Containers with Buildah quay.io tutorial 2
  • 4. Workshop Overview Day 1 • Install podman, buildah and skopeo Day 2 • Publish images to external registries • Quay.io - Publishing Container Images to container registry Day 3 1. Install CodeReady Containers, Create a project called wordpress, 2. Create users and groups and setup htpassword authentication 3. Deploy mysql from registry.redhat.io/rhel8/mysql-80 and configure the secret 4. Deploy wordpress from docker.io/library/wordpress:5.5.0-php7.2-apache 5. Create a route and test wordpress, scale out 3
  • 5. Resources and Links • https://podman.io/getting-started/ • https://github.com/containers/buildah • https://github.com/containers/skopeo • https://developers.redhat.com/products/rhel/ubi • https://quay.io/ • https://www.katacoda.com/courses/containers-without-docker/running-containers-with-podman • https://developers.redhat.com/products/codeready-containers/overview 4
  • 7. Podman Overview What is Podman? Figure 1: podman - manage pods, containers and OCI compliant container images How is Podman different? • Can be run as a regular user without requiring root. • Can manage pods (groups of one or more containers that operate together). • Lets you import Kubernetes definitions using podman play. • Fork-exec model instead of client-server model (containers are child processes of podman). • Compatible with Docker, Docker Hub or any OCI compliant container implementation. 5
  • 8. Buildah What is Buildah? Figure 2: buildah - build container images from CLI or Dockerfiles How is Buildah different? • Containers can be build using simple CLI commands or shell scripts instead of Dockerfiles. • Images can then be pushed to any container registry and can be used by any container engine, including Podman, CRI-O, and Docker. • Buildah is also often used to securely build containers while running inside of a locked down container by a tool like Podman, OpenShift/Kubernetes or Docker. 6
  • 9. Skopeo What is Skopeo? Figure 3: skopeo - inspect and copy containers and images between different storage How does Skopeo help? • It can copy images to and from a host, as well as to other container environments and registries. • Skopeo can inspect images from container image registries, get images and image layers, and use signatures to create and verify images. 7
  • 10. Red Hat Image Sources Explained Red Hat Software Collections Library (RHSCL) • For developers that need the latest versions of tools not in the RHEL release schedule. • Use the latest development tools without impacting RHEL. • Available to all RHEL subscribers. Red Hat Container Catalog (RHCC) • Certified, curated and texted images built on RHEL. • Images have gone through a QA process. • Upgraded on a regular bases to avoid security vulnerabilities. Quay.io • Public / private container repository. 8
  • 11. Universal Base Image - UBI Red Hat Universal Base Image - UBI Figure 4: UBI - Freely distributable OCI compliant secure container base images based on RHEL How does UBI Help? • More than just a base image, UBI provides three base images across RHEL 7 and RHEL 8: ubi, ubi-minimal and ubi-init • And a set of language runtimes (ex: nodejs, ruby, python, php, perl, etc.) • All packages in UBI come from RHEL channels and are supported on RHEL and OpenShift. • Secure by default, maintained and supported by Red Hat. 9
  • 12. The Red Hat Container Catalog Certified container images from Red Hat and 3rd party vendors Figure 5: Container Images with a Container Health Index Pulling a container image podman pull registry.access.redhat.com/ubi8/python-38 10
  • 13. Podman Compose What is podman-compose? • An implementation of docker-compose with Podman backend. Why podman-compose and when to use it? • run unmodified docker-compose.yaml files, rootless • no daemon or setup required • Only depends on podman, Python 3 and PyYAML. When NOT to use podman-compose? • When you can use podman pod or podman generate and podman play‘ instead to create pods or import Kubernetes definitions. • For single-machine development, consider CodeReady Containers • For multi-node clusters, check out Red Hat OpenShift, Kubernetes or OKD. 11
  • 14. Install podman, buildah and skopeo Fedora 32 / RHEL 8 # Install podman, buildah and skopeo on Fedora 32 sudo dnf -y install podman buildah skopeo slirp4netns fuse-overlayfs Ubuntu / Debian sudo apt update && sudo apt -y install podman buildah skopeo Getting help podman version podman --help # list available commands man podman-ps # or commands like run, rm, rmi, image, build podman info # display podman system information https://podman.io/getting-started/installation 12
  • 15. Rootless Containers and cgroup v2 Note that our regular user has UID 1000 uid=1000(cmihai) gid=1000(cmihai) groups=1000(cmihai) What are UIDs mapped to inside the container? podman unshare cat /proc/self/uid_map 0 1000 1 1 100000 65536 UID 0 is mapped my UID (1000). UID 1 is mapped to 100000, UID 2 would map to 100001, etc. That means that a container UID of 27 would map to UID 1000026. Let’s test this mkdir test && podman unshare chown 27:27 test ls -ld test drwxrwxr-x. 2 100026 100026 4096 Sep 27 09:38 test 13
  • 17. Searching for Images with podman search Configure search sources grep search /etc/containers/registries.conf unqualified-search-registries = ['registry.fedoraproject.org', 'registry.access.redhat.com', 'registry.centos.org', 'docker.io'] Searching for images (with filters) podman search httpd --filter=is-official INDEX NAME DESCRIPTION STARS OFFICIAL docker.io docker.io/library/httpd The Apache HTTP Server 3181 [OK] 14
  • 18. Adding a local registry configuration Create a configuration file mkdir -p ~/.config/containers Add public and private registries in search order vim $HOME/.config/containers/registries.conf [registries.search] registries = ["registry.access.redhat.com", "quay.io", "docker.io"] [registries.insecure] registries = ['localhost:5000'] 15
  • 19. Inspecting and pulling images Inspecting Images with skopeo (ex: listing tags) skopeo inspect docker://docker.io/library/httpd Inspect the image with podman and show image history podman inspect httpd:2.4.46-alpine podman history httpd:2.4.46-alpine Pulling Images locally with podman pull podman pull docker.io/library/httpd:2.4.46-alpine podman images 16
  • 20. Running containers in interactive mode Run an interactive session podman run --name ubuntu --hostname ubuntu --interactive --tty ubuntu /bin/bash Reattach podman start --attach --interactive ubuntu Delete your container on exit podman run --rm --name ubuntu --hostname ubuntu --interactive --tty ubuntu /bin/bash 17
  • 21. Running Containers in the background Run a sample httpd container to serve a webpage # Run a container in the background, bind port 8080 podman run --name httpd --detach --publish 8080:8080/tcp registry.fedoraproject.org/f29/httpd • We’ve named the container httpd to make it easier to access later. • Port 8080 inside the container is redirected to 8080 on the host. • Notice that we’re using an image that binds to a non-privileged (8080) port. Test the webpage curl localhost:8080 Check the process ps -ef | grep podman 18
  • 22. Check container status and logs Check the container status and logs # List the running containers podman ps # Inspect the (last) ran container - check the Env and IP sections podman inspect -l # Check the container logs podman logs httpd 19
  • 23. Starting and stopping containers Stop the container and check the status podman stop httpd podman ps -a IMAGE CREATED STATUS httpd:latest 5 minutes ago Exited (0) 2 seconds ago Start the container back podman start httpd podman ps CREATED STATUS PORTS NAMES 7 minutes ago Up 13 seconds ago 0.0.0.0:8080->8080/tcp httpd 20
  • 24. Using Environment Variables Search and inspect an image podman search mysql-57-rhel7 skopeo inspect docker://registry.access.redhat.com/rhscl/mysql-57-rhel7 | grep usage Deploy MySQL podman run --name mysql -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=mydb -e MYSQL_ROOT_PASSWORD=password --detach rhscl/mysql-57-rhel7:latest Check the logs podman logs mysql 21
  • 25. Executing a command in a running container with podman-exec Inspect the environment (different methods show) podman inspect -f '{{ .NetworkSettings.IPAddress }}' mysql podman exec mysql env Execute a shell inside the mysqld container podman exec -it mysql bash mysql -uroot show databases; use mydb; exit Execute a command podman exec -it mysql /opt/rh/rh-mysql57/root/usr/bin/mysql -uuser -ppassword -e 'show databases;' 22
  • 26. Container Resources Check processes inside container podman top -l USER PID PPID %CPU ELAPSED TTY TIME COMMAND default 1 0 0.000 2m4.13954806s ? 0s httpd -D FOREGROUND default 18 1 0.000 2m4.139682033s ? 0s /usr/bin/coreutils Display live stream of resource usage statistics podman stats ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS 00b65 httpd 0.07% 40.91MB / 67.4GB 0.06% -- / -- -- / -- 217 Check published ports podman port -l 8080/tcp -> 0.0.0.0:8080 23
  • 27. Commiting, Saving and Loading Images Create an image podman run --name ubuntu-apache2 --hostname ubuntu-apache2 --interactive --tty ubuntu:20.04 /bin/bash # Install Apache HTTPD apt update && apt install -y apache2 && exit List changed files (A - added, C - changed, D - deleted) podman diff ubuntu-apache2 Commit image from container with entrypoint and label podman commit --change CMD=/bin/bash --change ENTRYPOINT=/bin/sh --change "LABEL author=cmihai" ubuntu ubuntu-apache2 Save an image podman save -o ubuntu-apache2.tar ubuntu-apache2 Load an image podman load -i ubuntu-apache2.tar ubuntu-apache2 24
  • 28. Modifying the Apache image port form 80 to 8080 Use podman commit to create a custom Apache HTTPD image that listens on port 8080. Search for the official image and run it podman search httpd --filter=is-official podman run -it --name httpd-docker docker.io/library/httpd:2.4 /bin/bash Change the port name sed -i 's/Listen 80/Listen 8080/g' /usr/local/apache2/conf/httpd.conf exit Same to a new image podman stop httpd-docker podman diff httpd-docker podman commit -a 'Mihai' httpd-docker cmihai/httpd:2.4 podman images | grep cmihai/httpd podman rm httpd-docker Test the new image podman run --detach --publish 8080:8080 --name httpd-cmihai docker.io/library/httpd:2.4 curl localhost:8080 25
  • 29. Tagging or Removing Tags from Images Tag and image podman tag ubuntu-apache2 cmihai/apache2 podman tag ubuntu-apache2 cmihai/apache2:latest Remove a tag from an image podman rmi cmihai/apache2:latest 26
  • 30. Pusing an image to a Registry Tag the image in your local repository podman tag ubuntu-apache2 quay.io/apache2:latest Push to quay.io podman push quay.io/cmihai/apache2:latest Example build and push podman login quay.io podman build --layers=false -t cmihai/jupyterlab:python38 . podman tag localhost/cmihai/jupyterlab:python38 quay.io/cmihai/jupyterlab:latest podman push quay.io/cmihai/jupyterlab:latest 27
  • 31. Volumes Create a volume directory on the host and provide permissions mkdir myvol podman unshare chown 999:999 myvol https://www.redhat.com/sysadmin/user-namespaces-selinux-rootless-containers Create a container and attach a volume to /data as rw podman run --rm --name ubuntu --volume ./myvol:/data:Z --interactive --tty ubuntu /bin/bash 28
  • 32. SELinux Permissions - Manual approach without using unshare Let’s check what a MySQL container runs as podman run -ti rhscl/mysql-57-rhel7:latest grep mysql /etc/passwd mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin Create a directory with owner and group root and give matching permissions sudo mkdir mysql-data && sudo chown -R 27:27 mysql-data Apply the SELinux container_file_t context and policy sudo semanage fcontext -a -t container_file_t './mysql-data(/.*)?' sudo restorecon -Rv ./mysql-data 29
  • 33. Running MySQL with a host directory volume Start MySQL podman run --name mysql -v ./mysql-data:/var/lib/mysql/data:Z -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=mydb -e MYSQL_ROOT_PASSWORD=password --detach rhscl/mysql-57-rhel7:latest Troubleshoot logs and permissions podman logs mysql; sudo find ./mysql-data; ls -dnZ mysql-data drwxrwxr-x. 6 100026 100026 system_u:object_r:container_file_t:s0:c303,c890 4096 Sep 27 09:09 mysql-data Check out the permissions inside the container podman exec mysql ls -lanZ /var/lib/mysql/data drwxrwxr-x. 27 27 system_u:object_r:container_file_t:s0:c303,c890 . 30
  • 34. Cleanup Stop and remove the container podman stop httpd podman rm httpd podman ps -a # Check that the containers are deleted Removing the container image podman rmi registry.fedoraproject.org/f29/httpd podman images # List images Delete everything (stopped containers, pods, dangling images and build cache) podman system prune 31
  • 35. Setting a container to start at boot using systemd Enable SELinux and start your container setsebool -P container_manage_cgroup on sudo podman run -d --name redis_server -p 6379:6379 redis vim /etc/systemd/system/redis-container.service [Unit] Description=Redis container [Service] Restart=always ExecStart=/usr/bin/podman start -a redis_server ExecStop=/usr/bin/podman stop -t 2 redis_server [Install] WantedBy=local.target Enable the service systemctl enable redis-container.service systemctl start redis-container.service systemctl stop redis-container.service systemctl restart redis-container.service 32
  • 36. Creating a Wordpress + MariaDB Server pod Create a volume and apply permissions mkdir mariadb-data && podman unshare chown 999:999 mariadb-data Create a pod podman pod create --publish 127.0.0.1:8888:80 --name wordpress-pod Start a pod to get info podman run --rm mariadb:latest --verbose --help Start MariaDB with a custom configuration and data volume podman run --name mariadb --pod wordpress-pod -v ./mariadb-data:/var/lib/mysql:Z -e MYSQL_USER=wpsuser -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=wordpress -e MYSQL_ROOT_PASSWORD=password --detach mariadb:10.5.5 Start wordpress podman run --name wordpress --pod wordpress-pod -e WORDPRESS_DB_HOST=127.0.0.1:3306 -e WORDPRESS_DB_USER=wpsuser -e WORDPRESS_DB_PASSWORD=password -e WORDPRESS_DB_NAME=wordpress 33
  • 37. Building Containers with Podman from a Dockerfile
  • 38. Building container images from Dockerfile with podman Create a Dockerfile for Jupyter Lab starting from a UBI FROM registry.access.redhat.com/ubi8/python-38 RUN pip install --upgrade --no-cache-dir jupyterlab EXPOSE 8888 CMD [ "jupyter","lab","--ip=0.0.0.0" ] Build the container image podman build --layers=false -t cmihai/jupyterlab . Test the image podman run --name jupyterlab --detach --publish 8888:8888/tcp cmihai/jupyterlab podman logs jupyterlab # Retrieve the token to log in 34
  • 49. HOW CMD AND ENTRYPOINT INTERACT 45
  • 56. Building container images with buildah container=$(buildah from fedora) buildah run ${container} dnf install -y texlive wget https://github.com/jgm/pandoc/releases/download/2.9.2/pandoc-2.9.2-linux-amd64.tar.gz tar zxf pandoc-2.9.2-linux-amd64.tar.gz buildah copy ${container} pandoc-2.9.2/bin /usr/local/bin buildah commit ${container} cmihai/pandoc buildah images buildah inspect ${container} podman run cmihai/pandoc pandoc --version 51
  • 58. Logging into Quay After creating a quay.io account and password, login using podman podman login quay.io Username: cmihai Password: ( password here) 52
  • 59. Creating a new container Create a new container image based on UBI8 Minimal podman run --name ubi8-httpd -it registry.access.redhat.com/ubi8/ubi-minimal:latest /bin/bash microdnf update -y microdnf -y install httpd microdnf clean all rm -rf /var/cache/yum 53
  • 60. Commit the container image Get the container ID (or name) and commit the changes to an image podman ps -l podman commit ubi8-httpd quay.io/cmihai/ubi8-httpd:latest Check that the image is there podman images | grep cmihai/ubi8-httpd quay.io/cmihai/ubi8-httpd latest 8535a6affc3e 15 seconds ago 209 MB 54
  • 61. Building the same image using a Dockerfile FROM registry.access.redhat.com/ubi8/ubi-minimal USER root LABEL maintainer="Mihai Criveti" # Update image RUN microdnf update -y && microdnf install -y httpd && microdnf clean all && rm -rf /var/cache/yum && echo "Apache" > /var/www/html/index.html # Port EXPOSE 80 # Start the service CMD ["-D", "FOREGROUND"] ENTRYPOINT ["/usr/sbin/httpd"] Build and tag the image podman build . -t cmihai/ubi8-httpd:latest podman tag localhost/cmihai/ubi8-httpd quay.io/cmihai/ubi8-httpd:latest 55
  • 62. Test the image Run the image podman run --detach --name httpd --publish 8080:80 quay.io/cmihai/ubi8-httpd:latest Check logs and server status podman logs httpd podman port -l curl localhost:8080 56
  • 63. Push the image to quay Push the local tagged image to quay.io podman push quay.io/cmihai/ubi8-httpd 57
  • 64. Check the image on quay.io Check that the image is there podman pull https://quay.io/repository/cmihai/ubi8-httpd Visit the image page: See: https://quay.io/repository/cmihai/ubi8-httpd Customize the image information • Create a Description 58
  • 65. Creating a build directly on quay.io 1. Go to https://quay.io/repository/cmihai/ubi8-httpd?tab=builds 2. Upload your build Dockerfile 59