This document summarizes a talk about running containers without Docker. It discusses alternatives like Podman and Buildah that can replace Docker functionality. The talk demonstrates installing and using Podman to run containers, Buildah to build images from Dockerfiles, and Skopeo to copy images between registries. The presentation encourages understanding containers beyond just Docker and knowing other tools in the ecosystem.
4. 4
Hi, I’m Cedric Clyburn!
Who am I?
$ whoami
OpenShift Developer Advocate at Red Hat. Student at NC State University!
Love Kubernetes ☸ , Open Source Software, and Video Creation 🎥
Red Hat Developer Getting
Started Series
@cedricclyburn
cedricclyburn
6. Why do we use Docker?
Why not use Docker?
Are there alternatives?
6
7. Why are we using containers in the first place?
7
Applications running in containers can
easily be deployed to different platforms
and clouds
Consistent operation
Increased portability
DevOps teams know applications will run
the same, and containers support agile
efforts
Less overhead
Containers require less system resources
than traditional or hardware VM
environments
Benefits of containers
8. Since emerging in 2013, containers have exploded
in popularity due to Docker
▸ Consists of the Docker Engine
・ Client (docker)
・ Server (daemon)
▸ Pioneered/supported standardization of
container technology
8
Why Docker is so widely adopted for managing containers.
Docker’s role in containers
9. Open Container Initiative
Created as a standard for running/managing container images.
9
▸ Created by Docker, Red Hat, et al. in June 2015
▸ Makes sure all container runtimes can run images produced by any
build tool by creating industry standards
・ Runtime specification
・ Image specification
10. Docker has a few long-standing concerns for
engineers and developers alike.
▸ Security downsides of Docker
▸ Needs a daemon to run, as well as root
privileges
▸ Dockershim depreciation in K8s v1.24
10
It can make a big difference!
Why care about what engine we use?
13. ▸ Buildah is a daemonless (and rootless) tool to
produce OCI compliant images
▸ Can build images from Dockerfiles
▸ Handy as part of the CI/CD pipeline
13
▸ Podman is a daemonless (and rootless) open
source container engine for developing,
managing, and running OCI Containers
▸ Directly interacts with image registry,
containers, and image storage with runC
Two powerful tools that can replace Docker functionality.
Alternatives to using Docker
14. Why switch from Docker to
Podman and Buildah?
14
Great question!
While a great tool, Docker is monolithic and tries to do
everything instead of specializing in a few different
features.
Docker is a monolithic tool
Docker has been the standard for working with containers,
but is far from being the only container engine. Learning
others can help us understand more about containerization.
To understand containers better
With the K8s dockershim depreciation and move to
containerd/cri-o, companies are moving towards
alternative tools for working with containers.
Industry is rapidly advancing
15. 15
- Podman: Running
containers
- Buildah: Building image
from a Dockerfile
- Podman: Pushing
images to registries
- Bonus: Using Skopeo
to migrate images
Demo time!
16. 1 $ sudo dnf -y install podman
Installed:
podman-1:3.4.2-9.module+el8.5.0+13852+150547f7.x86_64
$
Getting
Started with
Podman
1 Installing Podman on
RHEL/CentOS
16
18. Getting
Started with
Podman
1
2
Installing Podman on
RHEL/CentOS
Verify installation
18
3 $ podman run -dt -p 8080:80/tcp docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob 4f53b8f15873 done
Copying blob 3b60f356ab85 done
Copying blob 1805d911aae4 done
Copying blob c229119241af done
Copying blob e3709b515d9c done
Copying config 118b6abfbf done
Writing manifest to image destination
Storing signatures
03d2a46a928cfa57427caa1fd6afd4cc7a6a2d61a2b4a431a6d1d30
6a6aefe26
$
3 Run a httpd container
19. Getting
Started with
Podman
1
2
Installing Podman on
RHEL/CentOS
Verify installation
19
4 $ podman ps
CONTAINER ID IMAGE COMMAND CREATED
STATUS
docker.io/library/httpd:latest httpd-foreground 25 seconds ago
Up 26 seconds ago
PORTS NAMES
0.0.0.0:8080->80/tcp nostalgic_almeida
$
3 Run a httpd container
4 Check container status
20. Getting
Started with
Podman
1
2
Installing Podman on
RHEL/CentOS
Verify installation
20
5 $ curl http://localhost:8080
<html><body><h1>It works!</h1></body></html>
$
3 Run a httpd container
4 Check container status
5 Test the httpd container
21. 1 $ sudo dnf -y install buildah
Installed:
buildah-1:1.23.1-2.module+el8.5.0+13436+9c05b4ba.x86_64
$
Getting
Started with
Buildah
1 Installing Buildah on
RHEL/CentOS
21
23. Getting
Started with
Buildah
1
2
Installing Buildah on
RHEL/CentOS
Verify installation
23
3 $ git clone https://github.com/pacroy/flask-app
Cloning into 'flask-app'...
remote: Enumerating objects: 28, done.
remote: Counting objects: 100% (28/28), done.
remote: Compressing objects: 100% (23/23), done.
remote: Total 28 (delta 4), reused 27 (delta 3), pack-reused 0
Unpacking objects: 100% (28/28), 19.78 MiB | 14.00 MiB/s, done.
$ cd flask-app
$ ls
app.py Dockerfile requirements.txt templates
$ cat Dockerfile
3 Pull a git repo with a cool
demo
24. Getting
Started with
Buildah
1
2
Installing Buildah on
RHEL/CentOS
Verify installation
24
4 $ buildah bud -t flask-app .
STEP 1/9: FROM alpine:3.5
Resolved "alpine" as an alias
(/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:3.5...
…
$ buildah images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/flask-app latest bd2f0ba33d4d 32 seconds ago
65.7 MB
$ ls
app.py Dockerfile requirements.txt templates
$ cat Dockerfile
3 Pull a git repo with a cool
demo
4 Build-from-Dockerfile using
Buildah
25. Getting
Started with
Buildah
1
2
Installing Buildah on
RHEL/CentOS
Verify installation
25
5 $ podman run -d -p 5000:5000 --events-backend=file flask-app
5a2b312048442f104cf6601af922436e2589b1cf083c7f7385bc2d21
ea18dc3f
$
3 Pull a git repo with a cool
demo
4 Build-from-Dockerfile using
Buildah
5 Run the container from the
local image
27. Publish images
to
Docker/Quay
1
2
Authenticate on the
registry
Push image just like using
Docker
27
2 $ podman push flask-app docker.io/cedricclyburn/flask-app
Getting image source signatures
Copying blob f566c57e6f2d skipped: already exists
Copying blob 92b59f4c9ef0 done
Copying config a6bc29a90c done
Writing manifest to image destination
Storing signatures
$
28. Skopeo is a specialized tool to perform various
operations on images & image repositories.
▸ Ability to inspect a remote image without
pulling it to the host
▸ Copy an image from and to registries
▸ Daemonless and rootless
Optional section marker or title
28
Not to worry, Skopeo can help
Oh shoot! Docker started enforcing rate limits!
29. Getting
Started with
Skopeo
1 Installing Skopeo on
RHEL/CentOS
29
1 $ sudo dnf -y install skopeo
Installed:
skopeo-2:1.5.2-1.module+el8.5.0+13517+4134e2e1.x86_64
$
31. Getting
Started with
Skopeo
1
2
Installing Skopeo on
RHEL/CentOS
Login to Docker Hub &
Quay if you haven’t already
31
3 $ skopeo inspect docker://cedricclyburn/flask-app
{
"Name": "docker.io/cedricclyburn/flask-app",
"Digest":
"sha256:cb514a90d0ca805e24e5cb7c98d1ba1d33d583ca375211ef
ccb89adca88ca724",
"RepoTags": [
"latest"
],
…
$
3 Test inspecting your image
32. Getting
Started with
Skopeo
1
2
Installing Skopeo on
RHEL/CentOS
Login to Docker Hub &
Quay if you haven’t already
32
4 $ skopeo copy docker://cedricclyburn/flask-app:latest
docker://quay.io/cclyburn/flask-app:latest
Getting image source signatures
Copying blob 8cae0e1ac61c skipped: already exists
Copying blob 3ac9880798ec skipped: already exists
Copying config a6bc29a90c done
Writing manifest to image destination
Storing signatures
$
3 Test inspecting your image
4 Copy the image over to the
new registry
33. Closing remarks
A few things to remember before we finish up
33
This talk isn’t meant to persuade you to completely ditch Docker, but instead to
show you the larger tool landscape for building, running, managing, and
distributing containers. Every tool has it’s pros and cons, and having alternatives
for any form of technology is inherently a good thing!