Skip to content

Instantly share code, notes, and snippets.

@piyoki

piyoki/buildah-cmd.md

Last active August 28, 2023 11:09
Show Gist options
  • Save piyoki/8c45b598a998cbd4ab68373f7b171c1a to your computer and use it in GitHub Desktop.
Save piyoki/8c45b598a998cbd4ab68373f7b171c1a to your computer and use it in GitHub Desktop.
Download ZIP
buildah-cmd
Raw
buildah-cmd.md

Buildah Commands

Introduction

Buildah is a container image builder tool, that produces OCI-compliant images. It is distributed as a single binary and is written in Go. Buildah is available as a package in most of modern Linux distributions, just follow official installation instructions.

Buildah can only be used to manipulate images. It's job is to build container images and push them to registries. There is no daemon involved. Neither does Buildah require root privileges to build images. This makes Buildah especially handy as part of a CI/CD pipeline -- you can easily run Buildah inside a container without granting this container any root rights.

System Requirements

Kernel Version Requirements

To run Buildah on Red Hat Enterprise Linux or CentOS, version 7.4 or higher is required. On other Linux distributions Buildah requires a kernel version that supports the OverlayFS and/or fuse-overlayfs filesystem -- you'll need to consult your distribution's documentation to determine a minimum version number.

runc Requirement

Buildah uses runc to run commands when buildah run is used, or when buildah build encounters a RUN instruction, so you'll also need to build and install a compatible version of runc for Buildah to call for those cases. If Buildah is installed via a package manager such as yum, dnf or apt-get, runc will be installed as part of that process.

CNI Requirement

When Buildah uses runc to run commands, it defaults to running those commands in the host's network namespace. If the command is being run in a separate user namespace, though, for example when ID mapping is used, then the command will also be run in a separate network namespace.

A newly-created network namespace starts with no network interfaces, so commands which are run in that namespace are effectively disconnected from the network unless additional setup is done. Buildah relies on the CNI library and plugins to set up interfaces and routing for network namespaces.

Notes: If Buildah is installed via a package manager such as yum, dnf or apt-get, a package containing CNI plugins may be available (in Fedora, the package is named containernetworking-cni). If not, they will need to be installed, for example using:

  git clone https://github.com/containernetworking/plugins
  ( cd ./plugins; ./build_linux.sh )
  sudo mkdir -p /opt/cni/bin
  sudo install -v ./plugins/bin/* /opt/cni/bin

The CNI library needs to be configured so that it will know which plugins to call to set up namespaces. Usually, this configuration takes the form of one or more configuration files in the /etc/cni/net.d directory. A set of example configuration files is included in the docs/cni-examples directory of this source tree.

Installation

# ubuntu
sudo apt-get update -y && \
     apt-get install -y buildah runc
     
# archlinux
sudo pacman -Syu buildah runc

Build an image

sudo buildah bud -t <IMAGE_TAG> -f <DOCKERFILE PATH> .

Tag an image

sudo buildah tag <ORIGINAL IMAGE> <NEW IMAGE>

Login to a remote registry

buildah login -u <USERNAME> <REMOTE REGISTRY>

Push an image

sudo buildah push <IMAGE_NAME>:<IMAGE_TAG> docker://<REMOTE REGISTRY>/<USERNAME>/<IMAGE NAME>:<IMAGE TAG>

optional: pass credentials without login

sudo buildah push --creds=<USERNAME>:<PASSWORD> <IMAGE_NAME>:<IMAGE_TAG> docker://<REMOTE REGISTRY>/<USERNAME>/<IMAGE NAME>:<IMAGE TAG>

References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment