If you weren't lucky enough to attend the recent Red Hat Summit or you went but couldn't make it to all the container-related sessions, worry not. We teamed up with Scott McCarty, Principal Technology Product Manager–Containers at Red Hat, to bring you an overview of what you missed.
Choosing the right container base image for your applications
The Red Hat Universal Base Image (UBI) gives you three options for building containers with the full power of Red Hat Enterprise Linux (RHEL) underneath. The goal is to create the smallest possible image that fully supports your application. You select a base image depending on the application you're packaging in a container. For example, if you have a Golang or .NET application, all of that application's dependencies are built in. That means you can use the minimal image (ubi-minimal), which contains microdnf, a package manager that only supports install, update, and remove functions. It also includes, well, a minimal set of tools.
The base image (ubi) lets you run any application that runs on Red Hat Enterprise Linux. It contains the full-featured yum package manager along with basic operating system tools, such as tar, gzip, and vi. (vi haters, please keep your discussions civil in the comments section below.) If you need to run multiple services in a single container, ubi-init runs systemd at startup. To use this, enable your services at build time, and you're ready to go.
Scott also covered support options for various images and hosting combinations. For example, if you have a certified application (see Scott's slides for application certification info) running in a container built on a UBI with everything hosted on a Red Hat platform, you're entitled to the highest level of support. Other combinations, of course, may have lower levels of support.
UBIs are a great addition to your container toolbox. For more information, the slides are available online, and Scott's article on the Red Hat Universal Base Image is a great resource as well.
Building production-ready containers
One great topic in this presentation by Scott McCarty and Ben Breard was the Five Commandments of building containers:
- Standardize: Make sure everyone is using the same base images wherever possible.
- Minimize: Limit the content in the images to what actually serves the workload.
- Delegate: The responsibilities for maintaining the layers of the image should lie with the people who have the expertise for that technology. For example, your middleware experts should be in charge of the
Dockerfilethat defines the middleware layer. - Process: Put processes in place to automate builds via Helm charts, Ansible playbooks, and operators wherever possible.
- Iterate: As you find mistakes, capture that hard-earned knowledge in code.
Take a look at the slides for lots of great information and real-world experiences.
RHEL 8 container tools
Scott and Dan Walsh covered open source projects from the Open Container Initiative: podman, skopeo, and buildah. Dan and Scott's slides are available and, as a bonus, if you visit the Red Hat Summit virtual event, you can find a video of this session in the "Road to Red Hat Enterprise Linux 8" track. We also have great resources on our containers page.
If you haven't seen Dan explain the benefits of podman, put your life on hold and go do that now.
Linux container internals 2.0
This comprehensive session included a section on registries, pointing out the features of Quay and the Red Hat Container Catalog, including the container health index calculated for each image in the registry. This extremely useful feature lets image consumers know whether a given image has security vulnerabilities. Although this is a great feature, it does put the responsibility on the part of the image owner to continue rebuilding and updating the image as vulnerabilities are found and fixes roll out. (As an example, yr author just discovered he needs to rebuild the 2048 image created for the "Creating custom stacks in Eclipse Che" video.)
Scott covered many other crucial topics, including container orchestration, container standards, and architecture. As you'd expect, the slides are available online. You can also take an interactive, hands-on Katacoda lab for a quick start or check out Scott's sample code for an in-depth look.
Summary
We've provided just a taste of the great container-related content Scott and others presented at Red Hat Summit. Again, check out our containers page for more resources to help you get started. And if you have ideas about what you'd like to see next, let us know in the comments below.
Last updated: September 7, 2023