Featured Image: Buildah and the Open Container Initiative (OCI)

If you're looking to build Open Container Initiative (OCI) container images without a full container runtime or daemon installed, Buildah is the perfect solution. Now, Buildah is an open-source, Linux-based tool that can build Docker- and Kubernetes-compatible images, and is easy to incorporate into scripts and build pipelines. In addition, Buildah has overlap functionality with Podman, Skopeo, and CRI-O.

Buildah has the ability to create a working container from scratch, but also from a pre-existing Dockerfile. Plus, with it not needing a daemon, you'll never have to worry about Docker daemon issues when building container images.

Let's explore some practical examples to demonstrate how simple it is to get started with Buildah, and how easily a container image can be created.

Installing Buildah

If you're running Red Hat Enterprise Linux 9 (RHEL 9), follow the steps below. For Fedora users, be sure to replace yum with dnf:

$ yum -y install buildah

For other distributions of Linux, follow these docs.

Basic commands

To get to know Buildah, let's play around with some basic commands. The command buildah --version will output the current version of our Buildah install, and buildah --help will help if you get stuck.

For example, in order to pull a container image from a repository, use the from variable. For example, if your favorite Linux distribution is CentOS:

$ buildah from centos

After pulling the image and storing it on the host, list our current images by running buildah images. This behavior is similar to Podman and Docker, as many commands are cross-compatible. To get a list of our container images, which are ready as soon as the image pull is completed, use buildah containers.

The output of the command "buildah containers", showing CONTAINER ID, BUILDER, IMAGE ID, IMAGE NAME, and CONTAINER #

Figure 1: Listing our stored container images

Finally, since we've pulled and displayed a container, let's clean up and remove our running containers with buildah rm -all. Be sure to exercise caution, however, as Buildah has the ability to remove a running container while Docker does not.

Building a container

Time to get hands-on with Buildah and build an Apache web server that will run inside a container. To get things started, let's pull a CentOS base image and start working:

$ buildah from centos

You'll see the default image name as output in the console like centos-working-container, giving us the ability to run commands within the specified container. For our case, we'll be installing an httpd package, which can be done using the following command:

$ buildah run centos-working-container yum install httpd -y

Once we've installed httpd, we can focus on creating a main page to be directed to on our web server, commonly known as an index.html file. To create a simple file without having to worry about formatting, use the echo command below:

$ echo "Hello from Red Hat" > index.html

In addition, after creating this new file, let's copy it into our current working container with the Buildah copy function. The default location for publicly accessible files is also included:

$ buildah copy centos-working-container index.html /var/www/html/index.html

To start this container, we must configure an entry point for a container, which is used to start httpd as the container begins and keep it in the foreground:

$ buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" centos-working-container

Finally, let's commit our changes to the container, and prepare it to be pushed to any container registry you'd like (ex. Docker and Quay.io):

$ buildah commit centos-working-container redhat-website

Your redhat-website image is ready to run with Podman, or pushed to your registry of choice.

Building with a Dockerfile

Another significant part of Buildah is the ability to build images using a Dockerfile, and the build-using-dockerfile, or bud command can do just that. Let's take an example Dockerfile as input, and output an OCI image:

# CoreOS Base
FROM fedora:latest
# Install httpd
RUN echo "Installing httpd"; yum -y install httpd
# Expose the default httpd port 80
# Run httpd
CMD ["/usr/sbin/httpd", "-DFOREGROUND"]

Once we save this file as Dockerfile in our local directory, we can use the bud command to build the image:

$ buildah bud -t fedora-httpd

To double-check our progress, let's run buildah images and ensure we can see our new fedora-httpd image resting in our localhost repository. Now, feel free to again run the image with Podman, or push it to your favorite registry.


Great job! We've gone through building a container from scratch, as well as from a predefined Dockerfile. Buildah is a lightweight and flexible way to create container images without the need for a runtime or daemon installed.

You can continue to experiment with Buildah, which offers you an interactive environment right in your browser.

If you need container orchestration, you can use Buildah with Kubernetes or Red Hat OpenShift. To get started with these platforms, see kubernetesbyexample.com and learn.openshift.com.


Learn more about Buildah:

Last updated: June 7, 2023