Buildah

Tool that facilitates building OCI container images.

Buildah specializes in building OCI images, with its commands replicating all of those found in a Dockerfile.
This allows building images:

With and without Dockerfiles.
Not requiring root privileges.
Without running as a daemon.
By leveraging the API buildah provides.

The ability of building images without Dockerfiles allows for the integration with other scripting languages into the build process.

TL;DR
Further readings
1. Sources

TL;DR

Installation and configuration

apt install 'buildah'
dnf install 'buildah'
emerge 'app-containers/buildah'
pacman -S 'buildah'
yum install 'buildah'
zypper install 'buildah'

Usage

# List images.
buildah images

# Authenticate to container registries.
aws ecr get-login-password | buildah login -u 'AWS' --password-stdin '012345678901.dkr.ecr.eu-east-2.amazonaws.com'

# Pull images.
buildah pull 'alpine'
buildah pull --quiet --creds 'bob' 'boinc/client:amd'
buildah pull --platform 'linux/amd64' --retry '3' --retry-delay '5s' 'docker-daemon:alpine:3.19'
buildah pull '012345678901.dkr.ecr.eu-east-2.amazonaws.com/library/amazoncorretto:17.0.10-al2023-headless@sha256:ec8d…'

# Create working containers based off of images.
buildah from 'alpine'
buildah from --pull --quiet 'boinc/client:amd'
buildah from --name 'starting-working-container' --arch 'amd64' 'docker-archive:/tmp/alpine.tar'
buildah from '012345678901.dkr.ecr.eu-east-2.amazonaws.com/library/amazoncorretto:17.0.10-al2023-headless@sha256:ec8d…'

# List working containers.
buildah containers

# Start working containers.
buildah run 'wc-fedora' -- dnf -y install 'lighttpd'

# Configure started working containers.
buildah config --annotation "com.example.build.host=$(uname -n)" 'wc-fedora'
buildah config --cmd '/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf' 'wc-fedora'
buildah config --port '80' 'wc-fedora'

# Create images from working containers.
buildah commit 'starting-working-container' 'alpine-custom'
buildah commit --rm 'working-container-removed-after-commit' 'oci-archive:/tmp/alpine-custom.tar'

# Create images.
buildah build -t 'fedora-http-server'
buildah build --pull -t '012345678901.dkr.ecr.eu-east-2.amazonaws.com/me/my-alpine:0.0.1' 'dockerfile-dir'
buildah build --manifest 'me/my-alpine:0.0.1' --platform 'linux/amd64,linux/arm64/v8'
buildah build … --output 'type=tar,dest=/tmp/alpine.tar'

# Inspect stuff.
buildah inspect 'fedora-http-server'
buildah inspect -t 'image' 'cfde91e4763f'
buildah manifest inspect 'me/my-alpine:0.0.1'

# Push images.
buildah push 'cfde91e4763f' 'docker://registry.example.com/repository:tag'
buildah push --disable-compression 'localhost/test-image' 'docker-daemon:test-image:3.0'
buildah push --creds 'kevin:secretWord' --sign-by '7425…109F' 'docker.io/library/debian' 'oci:/path/to/layout:image:tag'
buildah manifest push

# Remove working containers.
buildah rm 'fedora-http-server'
buildah delete 'starting-working-container' … 'debian-working-container'
buildah rm --all

# Remove images.
buildah rmi 'localhost/test-image'
buildah rmi --all --force
buildah rmi --prune 'cfde91e4763f' … 'boinc/client:amd'

# Remove .
buildah prune
buildah prune --all

Real world use cases

# Build containers using commands instead of Dockerfiles.
CONTAINER=$(buildah from 'fedora') \
&& buildah run "$CONTAINER" -- dnf -y install 'lighttpd' \
&& buildah config --annotation "com.example.build.host=$(uname -n)" "$CONTAINER" \
&& buildah config --cmd '/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf' "$CONTAINER" \
&& buildah config --port '80' "$CONTAINER" \
&& buildah commit "$CONTAINER" 'company/lighttpd:testing'

# Clean everything up.
buildah rm --all \
&& buildah prune --all

5.1 KiB Raw Blame History

Buildah

TL;DR

Further readings

Sources

5.1 KiB

Raw Blame History