2018-09-15 02:57:08 +08:00
# Container Tools Guide
2018-09-11 20:14:41 +08:00
## Introduction
The purpose of this guide is to list a number of related Open-source projects that are available
on [GitHub.com ](https://github.com ) that operate on
[Open Container Initiative ](https://www.opencontainers.org/ ) (OCI) images and containers. This
guide will give a high level explanation of the related container tools and will explain a bit
on how they interact amongst each other.
2018-09-19 05:07:10 +08:00
The tools are:
2018-09-11 20:14:41 +08:00
2018-09-18 03:20:16 +08:00
* [Buildah ](https://github.com/containers/buildah )
2018-09-11 20:14:41 +08:00
* [CRI-O ](https://github.com/kubernetes-sigs/cri-o )
2020-07-10 19:38:18 +08:00
* [Podman ](https://github.com/containers/podman )
2018-09-11 20:14:41 +08:00
* [Skopeo ](https://github.com/containers/skopeo )
## Buildah
The Buildah project provides a command line tool that be used to create an OCI or traditional Docker
image format image and to then build a working container from the image. The container can be mounted
and modified and then an image can be saved based on the updated container.
## CRI-O
CRI-O [Website ](http://cri-o.io/ )
The CRI-O project provides an integration path between OCI conformant runtimes and kubelet.
Specifically, it implements the Kubelet
[Container Runtime Interface (CRI) ](https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md )
using OCI conformant runtimes. The scope of CRI-O is tied to the scope of the CRI.
At a high level CRI-O supports multiple image formats including the existing Docker image format,
multiple means to download images including trust & image verification, container image and lifecycle
management, monitoring, logging and resource isolation as required by CRI.
## Podman
2020-07-10 19:38:18 +08:00
[Podman ](https://github.com/containers/podman ) allows for full management of a container's lifecycle from creation
through removal. It supports multiple image formats including both the Docker and OCI image formats. Support for
pods is provided allowing pods to manage groups of containers together. Podman also supports trust and image
verification when pulling images along with resource isolation of containers and pods.
2018-09-11 20:14:41 +08:00
## Skopeo
Skopeo is a command line tool that performs a variety of operations on container images and image repositories.
2018-09-19 05:07:10 +08:00
Skopeo can work on either OCI or Docker images. Skopeo can be used to copy images from and to various
2020-02-20 16:20:20 +08:00
container storage mechanisms including container registries. Skopeo also allows you to inspect an image
2018-09-11 20:14:41 +08:00
showing its layers without requiring that the image be pulled. Skopeo also allows you to delete an image
from a repository. When required by the repository, Skopeo can pass appropriate certificates and credentials
2018-09-19 05:07:10 +08:00
for authentication.
2018-09-11 20:14:41 +08:00
## Buildah and Podman relationship
Buildah and Podman are two complementary Open-source projects that are available on
most Linux platforms and both projects reside at [GitHub.com ](https://github.com )
2018-09-18 03:20:16 +08:00
with Buildah [here ](https://github.com/containers/buildah ) and
2020-07-10 19:38:18 +08:00
Podman [here ](https://github.com/containers/podman ). Both Buildah and Podman are
2018-09-11 20:14:41 +08:00
command line tools that work on OCI images and containers. The two projects
differentiate in their specialization.
Buildah specializes in building OCI images. Buildah's commands replicate all
of the commands that are found in a Dockerfile. Buildah’
provide a lower level coreutils interface to build images, allowing people to build
containers without requiring a Dockerfile. The intent with Buildah is to allow other
scripting languages to build container images, without requiring a daemon.
Podman specializes in all of the commands and functions that help you to maintain and modify
OCI images, such as pulling and tagging. It also allows you to create, run, and maintain containers
created from those images.
A major difference between Podman and Buildah is their concept of a container. Podman
allows users to create "traditional containers" where the intent of these containers is
to be long lived. While Buildah containers are really just created to allow content
to be added back to the container image. An easy way to think of it is the
`buildah run` command emulates the RUN command in a Dockerfile while the `podman run`
command emulates the `docker run` command in functionality. Because of this you
cannot see Podman containers from within Buildah or vice versa.
In short Buildah is an efficient way to create OCI images while Podman allows
you to manage and maintain those images and containers in a production environment using
familiar container cli commands.
Some of the commands between the projects overlap:
* build
2021-08-25 02:03:02 +08:00
The `podman build` and `buildah build` commands have significant overlap as Podman borrows large pieces of the `podman build` implementation from Buildah.
2018-09-11 20:14:41 +08:00
* run
2020-02-20 16:20:20 +08:00
The `buildah run` and `podman run` commands are similar but different. As explained above Podman and Buildah have a different concept of a container. An easy way to think of it is the `buildah run` command emulates the RUN command in a Dockerfile while the `podman run` command emulates the `docker run` command in functionality. As Buildah and Podman have somewhat different concepts of containers, you can not see Podman containers from within Buildah or vice versa.
2018-09-11 20:14:41 +08:00
2018-09-19 05:07:10 +08:00
* pull, push
2018-09-11 20:14:41 +08:00
These commands are basically the same between the two and either could be used.
* commit
2018-09-15 02:57:08 +08:00
Commit works differently because of the differences in `containers` . You cannot commit a Podman container from Buildah nor a Buildah container from Podman.
2018-09-11 20:14:41 +08:00
2018-09-19 05:07:10 +08:00
* tag, rmi, images
2018-09-11 20:14:41 +08:00
These commands are basically the same between the two and either could be used.
* rm
This command appears to be equivalent on the surface, but they differ due to the underlying storage differences of containers
between the two projects. Given that, Buildah containers can not be removed with a Podman command and Podman containers
can not be removed with a Buildah command.
2018-09-19 05:07:10 +08:00
* mount
2018-09-11 20:14:41 +08:00
Mount command is similar for both in that you can mount the container image and modify content in it, which will be saved to an image when you commit.
In short Buildah is an efficient way to create OCI images while Podman allows
you to manage and maintain those images and containers in a production environment using
familiar container cli commands.
