Building OCI Images with Buildah

Figure 1. Cover Image: Building OCI images with Buildah In the world of containers, Buildah stands out as a powerful yet lightweight tool for building OCI (Open Container Initiative)-compliant container images. Unlike traditional tools like Docker, Buildah takes a daemonless approach, making it secure, flexible, and ideal for modern development workflows. Key Features Daemonless Architecture: Buildah doesn’t rely on a background service (like Docker’s daemon). Instead, it directly manipulates images, ensuring a smaller footprint and lower resource usage. Rootless and Secure: You can run Buildah without root privileges, making it safer, especially in multi-user environments or CI/CD pipelines. Dockerfile-Free Flexibility: While Buildah supports Dockerfiles, it also enables image creation without one. Developers can use shell commands or scripts, offering full control over the image-building process. OCI Compliance and Versatility: Buildah creates both OCI and Docker-formatted images, ensuring compatibility with tools like Podman, Docker, and Kubernetes. Lightweight and Scriptable: Its minimal design makes Buildah perfect for automation and scripting, particularly in resource-constrained environments. ...

October 13, 2024 · 4 min · 660 words · Micha Kops

Docker Snippets

Inspect Docker Image with dive Install dive brew install dive Now we can run dive against any Docker image we wish to inspect…​ Run dive dive confluentinc/cp-kafka:5.4.3 Figure 1. Screenshot of dive analyzing the Kafka Docker image Resources: dive on GitHub Introspect Private Docker Registry List images: curl -s https://the-registry-url/v2/_catalog Get tags for an image curl -s https://the-registry-url/v2/the-image-name/tags/list An example: curl -s https://registry.local/v2/alpine/rabbitmq/tags/list {"name":"alpine/rabbitmq","tags":["3.9.17"]} Run Trivy Scan for Docker Image docker run aquasec/trivy image IMAGE:TAG ...

March 1, 2010 · 2 min · 258 words · Micha Kops