DO188 - ch03s03

Bookmark this page

P 1 2 3 4 5 6 7 8 9

Managing Images

Objectives

Pull and manage container images.

Image Management

Image management includes different operations:

Tagging image versions so that they map to product versions and updates.
Pulling images into your system.
Building images.
Pushing images to an image repository.
Inspecting images to get metadata.
Removing images to recover storage space.

For the complete list of image-related commands, execute podman image --help in a terminal window.

Image Versioning and Tags

Because container images package software, developers often consider images as deployment artifacts. To keep images up to date, developers often map the image versions to the versions of the packaged software. Keeping images up to date also means updating the OS libraries within the image to receive improvements and security fixes.

One way to version images relative to their packaged software product is to use semantic versioning. Semantic version numbers form a string with the format MAJOR.MINOR.PATCH meaning:

MAJOR: backward incompatible changes
MINOR: backward compatible changes
PATCH: bug fixes

Because versioning has no enforced structure, it is up to the image maintainers to follow good versioning practices. This is one reason why you should use trusted image registries and repositories.

Image versions can be used in the image name or in the image tag. An image tag is a string that you specify after the image name. Also, the same image can have multiple tags.

[<image repository>/<namespace>/]<image name>[:<tag>]

Using a tag in Podman is optional. When you do not specify a tag in a Podman command, Podman uses the latest tag by default.

[user@host ~]$ podman pull quay.io/argoproj/argocd
Trying to pull quay.io/argoproj/argocd:latest...
...output omitted...

Using the latest tag is considered a bad practice. Because the latest tag also represents the latest version of the image, it can include backwards-incompatible changes and cause containers that use the image to break.

To create additional tags for local images, use the podman image tag command.

[user@host ~]$ podman image tag LOCAL_IMAGE:TAG LOCAL_IMAGE:NEW_TAG

Pulling Images

To search for images in different image registries, use a web browser to navigate to the registry URL and use the web UI.

Alternatively, use the podman search command to search for images in all the registries present in the unqualified-search-registries list in your registries.conf file. This enables you to search multiple registries.

[user@host ~]$ podman search nginx
NAME                                              DESCRIPTION
registry.fedoraproject.org/f29/nginx
...output omitted...
registry.access.redhat.com/ubi8/nginx-118       Platform for running nginx 1.18 or building...
...output omitted...
docker.io/library/nginx                         Official build of Nginx.
...output omitted...
quay.io/linuxserver.io/baseimage-alpine-nginx
...output omitted...

To retrieve an image, run podman image pull IMAGE_NAME, which downloads the image from a registry. Alternatively, podman pull IMAGE_NAME provides the same functionality.

[user@host ~]$ podman pull registry.redhat.io/rhel8/mariadb-103:1

When you pull an image as a non-root user, Podman stores container images in the ~/.local/share/containers directory.

To find which images your user has available locally, use the podman image ls or podman images command.

[user@host ~]$ podman image ls
REPOSITORY                                TAG    IMAGE ID     CREATED     SIZE
registry.redhat.io/rhel9/python-39        1-52   d336a3191d35 3 weeks ago 995 MB
registry.access.redhat.com/ubi8/python-39 latest 6b7a42c9d513 4 weeks ago 894 MB
...output omitted...

If an image is pulled by the root user, then it is stored in the /var/lib/containers directory. This image is only listed when podman image ls is run as root.

Building Images

You can also build an image from a Containerfile, which describes the steps used to build an image. Run the podman build --file CONTAINERFILE --tag IMAGE_REFERENCE to build a container image.

For example, to build an image that you can later push to Red Hat Quay.io, execute the following command:

[user@host ~]$ podman build --file Containerfile \
  --tag quay.io/YOUR_QUAY_USER/IMAGE_NAME:TAG

Pushing Images

After you build an image, share it by pushing it to a remote registry. To push an image, you must be logged in to the registry. Run the podman login REGISTRY to log in to the specified registry. Then, you can use the podman push IMAGE command to push a local image to the remote registry.

For example, to push an image to Quay.io, run the following command:

[user@host ~]$ podman push quay.io/YOUR_QUAY_USER/IMAGE_NAME:TAG
Getting image source signatures
Copying blob fb3154998920 done
...output omitted...
Writing manifest to image destination
Storing signatures

Inspecting Images

The podman image inspect command provides useful information about a locally available image in your system.

The following example usage shows information about a mariadb image.

[user@host ~]$ podman image inspect registry.redhat.io/rhel8/mariadb-103:1
 [
   {
    "Id": "6683...98ea",
    ...output omitted...
    "Config": {
      "User": "27", 
      "ExposedPorts": { 
           "3306/tcp": {}
      },
      "Env": [ 
           "PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            ...output omitted...
          ],
      "Entrypoint": [ 
           "container-entrypoint"
      ],
      "Cmd": [ 
           "run-mysqld"
      ],
      "WorkingDir": "/opt/app-root/src", 
      "Labels": { 
         ...output omitted...
         "release": "177.1654147959",
         "summary": "MariaDB 10.3 SQL database server",
         "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/mariadb-103/images/1-177.1654147959",
        ...output omitted...
    "Architecture": "amd64", 
    "Os": "linux",
    "Size": 573593952,
    ...output omitted...

	The default user for the image.
	The port that the application exposes.
	The environment variables used by the image.
	The entrypoint, a command that runs when the container starts.
	The command that the `container-entrypoint` script runs.
	The working directory for the commands in the image.
	Labels providing extra metadata.
	The architecture where this image can be used.

The output from podman inspect is verbose, which makes it hard to find information. To select a specific part of the output use the Go templating feature in Podman by providing the --format option. Use the podman inspect output keys preceded by dots and surrounded by double curly braces.

--format="{{.Key.Subkey}}"

For example, the following command extracts the CMD instruction from the rhel8/mariadb-103 image:

[user@host ~]$ podman image \
  inspect registry.redhat.io/rhel8/mariadb-103:1 \
  --format="{{.Config.Cmd}}"
[run-mysqld]

To inspect a remote image, you can use the Skopeo tool.

Image Removal

You can delete local images that are no longer used by any container. Run the podman image rm or the podman rmi command to delete a container image.

[user@host ~]$ podman image rm REGISTRY/NAMESPACE/IMAGE_NAME:TAG

If the image is in use by a container, then Podman fails to remove it. You must first remove any containers using the image by running podman stop container-name. Alternatively, force Podman to remove the image by providing the -f option. This automatically stops and removes any containers that use the image and then removes the image.

[user@host ~]$ podman image rm -f REGISTRY/NAMESPACE/IMAGE_NAME:TAG

With the --all option, you can delete all images in the local storage.

[user@host ~]$ podman rmi --all

[user@host ~]$ podman image rm --all

Images without tags and that are not referenced by other images are considered dangling images. Use the podman image prune command to delete dangling images from your local storage. When executing the podman image prune command, Podman displays an interactive prompt to confirm image removal.

[user@host ~]$ podman image prune
WARNING! This command removes all dangling images.
Are you sure you want to continue? [y/N]

To delete both dangling and unused images, provide the --all or -a option.

[user@host ~]$ podman image prune -a
WARNING! This command removes all images without at least one container associated with them.
Are you sure you want to continue? [y/N]

You can include the -f option to force the removal and to avoid the interactive prompt.

[user@host ~]$ podman image prune -af

Export and Import File Systems

The podman export command exports a container's filesystem to a .tar file on your local machine. This command creates a snapshot of an existing container, so you can use it later. For example, if you inadvertently make changes to your container's filesystem and do not know how to fix it, then use the snapshot to return to a known starting point. By default, the podman export command writes to the standard output (STDOUT). To redirect the output to a file use the --output or -o option, specifying the name for the archive to create, and the container name or ID to export as arguments.

[user@host ~]$ podman export -o mytarfile.tar fb601b05cd3b

To import a .tar file containing a container file system, and save the file system as a container image, use the podman import command. The podman import command requires the image name and tag as arguments.

[user@host ~]$ podman import mytarfle.tar httpdcustom:2.4
Getting image source signatures
Copying blob 47662b708e31 done  |
Copying config 9af04983ef done  |
Writing manifest to image destination
sha256:9af0...4c8f

After importing a file system, you can verify the creation of the container image by using the podman images command.

[user@host ~]$ podman images
REPOSITORY                        TAG      IMAGE ID      CREATED         SIZE
localhost/httpdcustom             2.4      9af04983ef93  18 minutes ago  305 MB
registry.../rhscl/httpd-24-rhel7  latest   699f5c8b7fd3  2 months ago    330 MB

References

semver.org

podman-export(1) man page

podman-import(1) man page

For more information, refer to the Exporting and importing containers section in the Building, running, and managing containers at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/building_running_and_managing_containers/index

For more information, refer to the Image tags and versions section in the Red Hat Ecosystem Catalog - Help at https://redhat-connect.gitbook.io/catalog-help/container-images/container-image-details/image-tags-and-versions

Discuss Red Hat OpenShift Development I: Introduction to Containers with Podman

Go to community

Red Hat OpenShift Development I: Introduction to Containers with Podman (DO188)

Haley_Ruccio

26 lip 2023

A developer introduction to building and managing containers with Podman for deploying applications on Red Hat OpenShift Container Platform.Red Hat OpenShift Development I: Introduction to Containers with Podman (DO188) introduces students to building, running, and managing containers with Podman and Red Hat OpenShift. This course helps students build the core skills for developing containerized applications through hands-on experience. These skills can be applied using all versions of OpenShift, including Red Hat OpenShift on AWS (ROSA), Azure Red Hat OpenShift, and OpenShift Container Platform.This course is based on Red Hat® Enterprise Linux® 8, Podman 4.2 and Red Hat OpenShift® 4.12.Course content summaryIntroduction to containersRun containers with Podman CLI and Podman DesktopBuild custom container imagesManage container imagesRemote debugging with containersBasic container networkingPersist data with containersRun multi-container applicationsTroubleshoot Container DeploymentsOrchestrate containers with OpenShift and KubernetesAudience for this courseDevelopers and Site Reliability Engineers that are new to container technology.System administrators and platform operators who are interested in managing OpenShift clusters and containerized applications should enroll in Red Hat OpenShift Administration I: Containers & Kubernetes (DO180).Prerequisites for this courseTake our free assessment to gauge whether this offering is the best fit for your skills.Some experience with web application architectures and their corresponding technologies.Experience in the use of a Linux terminal session, issuing operating system commands, and familiarity with shell scripting is recommended.Technology considerationsRequires internet connection.

How to start two containers exposed on the same port using same image but diff environment variable

MadhumithaSrini

21 lip 2023

How to start two containers exposed on the same port using same image but diff environment variable. Both the containers must co-exist

1355

Welcome to the Red Hat OpenShift Development: Intro to containers with Podman (DO188) group!

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training courseRed Hat OpenShift Development I: Introduction to Containers with Podman! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO188.Read more about Red Hat OpenShift Development: Intro to containers with Podman here.

1036

Revision: do188-4.14-8c43a16