Container and Podman

Container

containers are a set of one or more processes that are isolated from the rest of the system and a way of packaging applications to simplify deployment and management. the many benefits of containers such as security, storage, and network isolation. containers isolate application libraries and runtime resources from the host operating system or hypervisor and vice versa.

how containers interact with the underlying hardware and operating system?

• Runs directly on the operating system, sharing hardware and operating system resources across all containers on the system. to keep apps light and running fast in parallel

• Share the same operating system kernel, isolate container application processes from the rest of the system, and use any software that is compatible with that kernel

• Requires significantly less hardware resources than virtual machines which makes it quick to start and stop and reduces storage requirements

Containers are an efficient way to provide hosted application usability and portability because they can be easily moved from one environment to another, but containers are usually temporary or ephemeral.

Container is run from a container image which serves as a blueprint for creating containers. container image cannot be changed because files including code and dependencies are required to run the container. container images are built according to specifications such as the Open Container Initiative (OCI).

A good way to start learning about containers is to work with each container on the server that acts as a host. a set of container tools you can use:

• podman, which is used directly to manage containers and container images.

• skopeo, which is used to check, copy, delete, and sign images.

• buildah, which is used to create a new container image.

containers can be run by non-privileged users called rootless containers. rootless containers is safer but has some limitations.

Running base containers on rhel 8
To start running and managing containers on your system, you need to install the necessary command line tools like podman and skopeo with the yum command:

sudo yum module install container-tools

The container registry is a place to store and retrieve container images which are then used to run containers so the source of container images is very important.
redhat distributes certified container images through 2 main container registrars:

• registry.redhat.io for containers based on official redhat products

• registry.connect.redhat.com for containers based on third-party products

container images are named based on the syntax:
registry_name/user_name/image_name:tag
registry_name is the name of the register that stores the image.
user_name is the user/organization the image belongs to.
image_name is a unique user namespace
tag is the image version

To run the container on the local system, you must first pull the container image with the podman pull command

podman pull registry.access.redhat.com/ubi8/ubi:latest

use the podman image command to view locally stored images.
to run the image you can use the podman run command and use the -it option to interact with the container

podman run -it registry.access.redhat.com/ubi8/ubi:latest

use the command podman run --rm to remove it

podman run --rm registry.access.redhat.com/ubi8/ubi cat /etc/os-release

use the podman info command to display podman configuration information.
use the podman search command to search the container registrar for a specific container image and the --no-trunc option to view a longer image description.

to inspect remote container images in registry and show information you can use skopeo inspect command and to check locally stored ones use podman inspect

skopeo inspect docker://registry.redhat.io/rhel8/python-36
podman inspect registry.redhat.io/rhel8/python-36

to delete locally stored images use the podman rmi command

podman rmi registry.redhat.io/rhel8/python-36:latest

To provide network access to a container, you must connect to a port on the container host that forwards network traffic to the port on the container. You can map the container host port with the podman run command using the -p option and to run the container in separate mode (as a daemon) use the -d option.

podman run -d -p 8000:8080 registry.redhat.io/rhel8/httpd-24

To see all used port mappings with the command podman port -a and to add the container host port on the firewall use the command:

firewall-cmd --add-port=8000/tcp

You can pass the environment variables that the container uses to configure its application with the podman run command with the -e option.

podman run -d --name container_name -e MYSQL_USER=user_name -e MYSQL_PASSWORD=user_password -e MYSQL_DATABASE=database_name -⁠e MYSQL_ROOT_PASSWORD=mysql_root_password -p 3306:3306 registry.redhat.io/⁠rhel8/⁠mariadb-103:1-102

• To see running containers, use the podman ps command and the -a option include stopped containers.
• To stop a running container, use the podman stop command.
• To remove container from host use command podman rm.
• To restart a stopped container, use the podman restart command.
• To send a UNIX signal to the main process in the container, use the podman kill command and the -a option to specify the signal.
• To start additional processes in an already running container, use the podman exec command, options -i and -t to open an interactive session and allocate a pseudo-terminal for the shell and option -l to change the ID or name of the previous container.