Reinvent container capabilities with CRI-O, Buildah, Podman

I've been working to influence #Container technologies to many many developers for years along with open source way and it's not a secret that the container landscape has changed quite a bit over the past year. I'm pretty sure that you recognized the upstream Docker project has renamed to #moby for focusing higher in the stack at the “platform tier” like Docker EE.

In a meantime, it's no doubt that #Kubernetes has concurred container orchestration tool/platform to deploy, manage application containers with enterprise graded capabilities and more importantly, the enterprise DevOps team is looking for more lightweight, flexible, standard container runtime for Kubernetes rather than Docker engine. With regard to this, more Dev and Ops are asking me what differences #CRI-O, #Buildah, #Podman are to handle this agenda in development / production environments. Let's figure out the different things and how we do use them to develop, deploy, and manage application containers across your infrastructures.

Lightweight Container Runtime for Kubernetes:CRI-O enables you to implement the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for kubernetes. It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods. Today it supports runc and Clear Containers as the container runtimes but any OCI-conformant runtime can be plugged in principle.

• A lightweight, OCI-compliant container runtime designed for Kubernetes
• Runs any OCI / Docker container from any OCI / Docker registry
• Focus on stability and life cycle with the platform
• Improve container security & performance at scale

Now, we have standard container runtime for Kubernetes to run your application across multiple infrastructures and you maybe have a quick question in terms of how I do build container images based CRI-O, even Docker quicker. The answer is here that Buildah is An OCI-compliant, daemon-less tool for building and modifying OCI / Docker images. It simplifies the process of creating, building and updating images while decreasing the learning curve of the container environment.

• Enables fine-grain control over the commands and content of each image layer
• Utilities from the container host can optionally be leveraged as part of the build
• Build instructions can be passed as a Dockerfile
• Shares the underlying image and storage components with CRI-O

Lastly, Podman (formerly kpod) has been kicking around since last summer. It was originally part of the CRI-O project. We moved podman into a separate project, libpod. We wanted Podman and CRI-O to develop at their own pace. Both CRI-O and Podman work fine as independent tools and also work well together.

The goal of Podman (Pod Manager) is to offer an experience similar to the docker command line - to allow users to run standalone (non-orchestrated) containers. Podman also allows users to run groups of containers called pods. For those that don’t know, a Pod is a term developed for the Kubernetes Project which describes an object that has one or more containerized processes sharing multiple namespaces (Network, IPC and optionally PID).

In a nutshell, Podman is A daemon-less CLI/API that provides a familiar experience for debugging and controlling OCI containers and pods with below functions.

• Frontend tool for libpod
• Provides a “docker-compatible” syntax
• Solves administrative gaps with the Kubernetes CRI
• Remote API via Varlink

Conclusion

You should consider to adopt a container strategy with the Open Container Initiative and Kubernetes, rather than a particular company or implementation. As always, there is two ways to execute this, 1) Do It Yourself (DIY) with open source software including lots smart developers or 2) you can adopt enterprise graded container platform with the instruments so we, Red Hat do continue to invest in the container runtimes we ship in #RHEL, #OpenShift which are both Docker and runC. These continue to provide excellent value to customers and we are going to continue to ship and support these.