🚀 Goodbye Docker Daemon: My Journey into Buildah for Secure Container Builds

Containers have revolutionized how we ship and run applications — but do we always need a daemon like Docker running in the background to build them?

Recently, I discovered Buildah, a lightweight and flexible tool for building OCI-compliant images without needing a daemon. As someone who often works in CI/CD environments and wants more control and security, Buildah has been a game-changer.

🔍 What is Buildah?
Buildah is an open-source tool from the same team behind Podman and Skopeo. It allows you to create, build, and manage container images without needing a running service like the Docker daemon.

Key features:

Rootless image building 🔒

Daemonless operation ⚡️

Dockerfile support (buildah bud) 📄

Full scripting control (like running shell commands during build) 🛠️

Can start from scratch (scratch base image) 🧼

💡 Why I Tried Buildah
While Docker is still amazing, I hit a few pain points:

Security concerns with Docker daemon access on shared servers

CI/CD environments where installing and maintaining Docker was overkill

Needing more transparency in the image-building process

Buildah gave me all that and more — especially rootless builds that work out of the box on Fedora, Ubuntu, and even Alpine (with some setup).

🛠️ My First Buildah Project
Let’s say you want to build a simple container image from Ubuntu and copy your app inside.

bash
Copy
Edit
container=$(buildah from ubuntu)
mountpoint=$(buildah mount $container)

Copy your app into the image

cp -r ./myapp "$mountpoint/app"

Run setup commands

buildah run $container -- apt-get update
buildah run $container -- apt-get install -y python3

Commit to image

buildah commit $container my-custom-image
Want to build from a Dockerfile instead?

bash
Copy
Edit
buildah bud -t my-app .
Easy. No Docker daemon needed.

🤯 Cool Things I Learned
You can inspect and modify layers more easily than with Docker.

It works flawlessly with Podman, so your local dev flow doesn’t break.

It’s OCI-compliant, meaning it works well with Kubernetes, OpenShift, and others.

📦 When Should You Use Buildah?
✅ When you want to build containers in a CI/CD pipeline without root access
✅ When you care about transparency and scripting in image creation
✅ When you're working in security-sensitive environments

🚀 TL;DR
Buildah lets you build container images without a daemon and without root, making it perfect for secure environments and CI/CD pipelines. If you're tired of Docker's overhead in image building, give Buildah a try.

No daemon. No drama. Just containers.