本文主要是介绍PodMan容器技术,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
容器
容器技术
软件应用通常依赖于运行时环境提供的系统库、配置文件或服务。传统上,软件应用的运行时环境安装 在物理主机或虚拟机上运行的操作系统中。
然后,管理员在操作系统上安装应用依赖项。 在RHEL中,诸如 RPM 等打包系统可协助管理员管理相关依赖项。安装 httpd 软件包时,RPM 系统会确 保同时安装该软件包的正确库和其他依赖项。
以传统方式部署的软件应用的主要弊端时这些依赖项会受到运行时环境的束缚。应用需要的支持软件的 版本可能比操作系统提供的软件更旧或更新。
同样,同一系统上的两个应用可能需要同一软件互不兼容 的不同版本。 解决这些冲突的方式之一是将应用打包并作为容器进行部署。容器是由一个或多个与系统其余部分隔离 的进程组成的集合。软件容器是打包应用以简化其部署和管理的一种方式。
以实体集装箱为例,集装箱是打包和装运货物的标准方式。它作为一个箱子进行标记、装载、卸载,以 及从一个位置运输到另一个位置。集装箱中的内容与其他集装箱的内容隔离,因此互不影响。这些基本 原则也适用于软件容器。 RHEL 通过运用以下核心技术来支持容器:
- 用于资源管理的控制组(cgroup)
- 用于进程隔离的命名空间(namespace)
- 加强安全边界的SELinux 和 Secomp(安全计算模式)
Rootless 和 Rootful 容器
在容器主机上,你可以 root 用户或普通非特权用户身份运行容器。由特权用户运行的容器称为 Rootful 容器。由非特权用户运行的容器称为 Rootless 容器。 Rootless 容器不允许使用通常为特权用户保留的系统资源,例如访问受限目录,或在受限端口(1024以 下的端口)上发布网络服务。此功能可防止潜在攻击者获取容器主机上的 root 权限。
容器管理工具
RHEL 提供了一组容器工具,可用于在单一服务器上运行多个容器。
- podman 管理容器和容器镜像
- skopeo 检查、复制、删除和签署镜像
- buildah 创建容器镜像
这些工具与开放容器项目(OCI)兼容。借助这些工具,你可以管理由兼容 OCI 的容器引擎(如 Podman 或 Docker)创建的任何 Linux 容器。这些工具专门设计用于在单节点容器主机上的 RHEL 下运 行容器。
部署容器
Podman 实用程序 Podman 是来自 container-tools 元数据包的全功能容器引擎,用于管理开放容器计划容器和镜像。 podman 实用程序的运作不使用守护进程,因此开发人员无需系统上的特权用户账户来启动和停止容 器。Podman 提供多个子命令来与容器和镜像交互。以下列表显示了一些使用的子命令。
安装容器使用工具
# dnf install container-tools -y
# dnf info container-tools
从注册表下载容器镜像文件
[root@service ~]# podman info
host:arch: amd64buildahVersion: 1.33.5cgroupControllers:- cpuset- cpu- io- memory- hugetlb- pids- rdma- misccgroupManager: systemdcgroupVersion: v2conmon:package: conmon-2.1.10-1.el9.x86_64path: /usr/bin/conmonversion: 'conmon version 2.1.10, commit: 5c6ed42ed821d0a028d0006e6f9c8a69ae0806ab'cpuUtilization:idlePercent: 75.99systemPercent: 6.7userPercent: 17.3cpus: 2databaseBackend: sqlitedistribution:distribution: rhelversion: "9.1"eventLogger: journaldfreeLocks: 2048hostname: serviceidMappings:gidmap: nulluidmap: nullkernel: 5.14.0-162.6.1.el9_1.x86_64linkmode: dynamiclogDriver: journaldmemFree: 232144896memTotal: 1828413440networkBackend: netavarknetworkBackendInfo:backend: netavarkdns:package: aardvark-dns-1.9.0-1.el9.x86_64path: /usr/libexec/podman/aardvark-dnsversion: aardvark-dns 1.9.0package: netavark-1.10.3-1.el9.x86_64path: /usr/libexec/podman/netavarkversion: netavark 1.10.3ociRuntime:name: crunpackage: crun-1.14.3-1.el9.x86_64path: /usr/bin/crunversion: |-crun version 1.14.3commit: 1961d211ba98f532ea52d2e80f4c20359f241a98rundir: /run/user/0/crunspec: 1.0.0+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJLos: linuxpasta:executable: ""package: ""version: ""remoteSocket:exists: falsepath: /run/podman/podman.socksecurity:apparmorEnabled: falsecapabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOTrootless: falseseccompEnabled: trueseccompProfilePath: /usr/share/containers/seccomp.jsonselinuxEnabled: trueserviceIsRemote: falseslirp4netns:executable: /usr/bin/slirp4netnspackage: slirp4netns-1.2.3-1.el9.x86_64version: |-slirp4netns version 1.2.3commit: c22fde291bb35b354e6ca44d13be181c76a0a432libslirp: 4.4.0SLIRP_CONFIG_VERSION_MAX: 3libseccomp: 2.5.2swapFree: 3140481024swapTotal: 4001361920uptime: 0h 24m 14.00svariant: ""
plugins:authorization: nulllog:- k8s-file- none- passthrough- journaldnetwork:- bridge- macvlan- ipvlanvolume:- local
registries:search:- registry.access.redhat.com- registry.redhat.io- docker.io
store:configFile: /etc/containers/storage.confcontainerStore:number: 0paused: 0running: 0stopped: 0graphDriverName: overlaygraphOptions:overlay.mountopt: nodev,metacopy=ongraphRoot: /var/lib/containers/storagegraphRootAllocated: 17060331520graphRootUsed: 8712081408graphStatus:Backing Filesystem: xfsNative Overlay Diff: "false"Supports d_type: "true"Supports shifting: "false"Supports volatile: "true"Using metacopy: "true"imageCopyTmpDir: /var/tmpimageStore:number: 0runRoot: /run/containers/storagetransientStore: falsevolumePath: /var/lib/containers/storage/volumes
version:APIVersion: 4.9.3-devBuilt: 1707216158BuiltTime: Tue Feb 6 18:42:38 2024GitCommit: ""GoVersion: go1.21.3Os: linuxOsArch: linux/amd64Version: 4.9.3-dev
搜索镜像
[root@service ~]# podman search python
NAME DESCRIPTION
registry.access.redhat.com/ubi8/python-27 Platform for building and running Python 2.7...
registry.access.redhat.com/ubi8/python-36 Platform for building and running Python 3.6...
registry.access.redhat.com/ubi8/python-38 Platform for building and running Python 3.8...
registry.access.redhat.com/ubi8/python-39 Platform for building and running Python 3.9...
registry.access.redhat.com/ubi9/python-39 rhcc_registry.access.redhat.com_ubi9/python-...
registry.access.redhat.com/ubi9/python-311 rhcc_registry.access.redhat.com_ubi9/python-...
registry.access.redhat.com/openshift3/python-33-rhel7 Python 3.3 platform for building and running...
registry.access.redhat.com/ubi8/python-311 rhcc_registry.access.redhat.com_ubi8/python-...
registry.access.redhat.com/rhscl/python-35-rhel7 Python 3.5 platform for building and running...
registry.access.redhat.com/rhscl/python-27-rhel7 Python 2.7 platform for building and running...
registry.access.redhat.com/rhscl/python-34-rhel7 Python 3.4 platform for building and running...
registry.access.redhat.com/rhscl/python-36-rhel7 Python 3.6 available as container is a base...
registry.access.redhat.com/ubi7/python-27 Python 2.7 platform for building and running...
registry.access.redhat.com/ubi7/python-36 Platform for building and running Python 3.6...
registry.access.redhat.com/ubi7/python-38 Python 3.8 platform for building and running...
registry.access.redhat.com/codeready-workspaces/stacks-python "Red Hat CodeReady Workspaces- Python Stack...
registry.access.redhat.com/codeready-workspaces-beta/stacks-python Red Hat CodeReady Workspaces- Python Stack c...
registry.access.redhat.com/rhel7-atomic Red Hat Enterprise Linux Atomic Image is a m...
registry.access.redhat.com/rhel7/rhel-atomic Red Hat Enterprise Linux Atomic Image is a m...
registry.access.redhat.com/rhel-atomic Red Hat Enterprise Linux Atomic Image is a m...
registry.access.redhat.com/rhel7-minimal Red Hat Enterprise Linux Minimal Image is a...
registry.access.redhat.com/rhel-minimal Red Hat Enterprise Linux Minimal Image is a...
registry.access.redhat.com/rhel7-rhel-minimal Red Hat Enterprise Linux Minimal Image is a...
registry.access.redhat.com/rhscl/s2i-base-rhel7 Base image delivers all the essential librar...
registry.access.redhat.com/ubi8/s2i-base Base image with essential libraries and tool...
registry.redhat.io/rhel8/python-27 Python 2.7 available as container is a base...
registry.redhat.io/rhel8/python-36 Python 3.6 available as container is a base...
registry.redhat.io/ubi8/python-27 Platform for building and running Python 2.7...
registry.redhat.io/ubi8/python-36 Platform for building and running Python 3.6...
registry.redhat.io/ubi8/python-38 Platform for building and running Python 3.8...
registry.redhat.io/rhel8/python-38 Platform for building and running Python 3.8...
registry.redhat.io/rhel8/python-39 Platform for building and running Python 3.9...
registry.redhat.io/ubi8/python-39 Platform for building and running Python 3.9...
registry.redhat.io/rhel9/python-39 rhcc_registry.access.redhat.com_rhel9/python...
registry.redhat.io/ubi9/python-39 rhcc_registry.access.redhat.com_ubi9/python-...
registry.redhat.io/rhel8/python-311 rhcc_registry.access.redhat.com_rhel8/python...
registry.redhat.io/rhel9/python-311 rhcc_registry.access.redhat.com_rhel9/python...
registry.redhat.io/ubi9/python-311 rhcc_registry.access.redhat.com_ubi9/python-...
registry.redhat.io/openshift3/python-33-rhel7 Python 3.3 platform for building and running...
registry.redhat.io/ubi8/python-311 rhcc_registry.access.redhat.com_ubi8/python-...
registry.redhat.io/ansible-automation-platform-21/ansible-python-base-rhel8 Base python container for ansible-builder
registry.redhat.io/ansible-automation-platform-23/ansible-python-base-rhel8 rhcc_registry.access.redhat.com_ansible-auto...
registry.redhat.io/ansible-automation-platform-23/ansible-python-toolkit-rhel8 rhcc_registry.access.redhat.com_ansible-auto...
registry.redhat.io/ansible-automation-platform-24/ansible-python-base-rhel9 rhcc_registry.access.redhat.com_ansible-auto...
registry.redhat.io/ansible-automation-platform-24/ansible-python-toolkit-rhel9 rhcc_registry.access.redhat.com_ansible-auto...
registry.redhat.io/ansible-automation-platform-20-early-access/ansible-python-base-rhel8 Base python container for ansible-builder
registry.redhat.io/ansible-automation-platform-20-early-access/ansible-python-toolkit-rhel8 Python builder container for ansible-builder
registry.redhat.io/ansible-automation-platform-21/ansible-python-toolkit-rhel8 Python builder container for ansible-builder
registry.redhat.io/ansible-automation-platform-22/ansible-python-base-rhel8 rhcc_registry.access.redhat.com_ansible-auto...
registry.redhat.io/ansible-automation-platform-22/ansible-python-toolkit-rhel8 rhcc_registry.access.redhat.com_ansible-auto...
docker.io/library/python Python is an interpreted, interactive, objec...
docker.io/library/hylang Hy is a Lisp dialect that translates express...
docker.io/library/pypy PyPy is a fast, compliant alternative implem...
docker.io/bitnami/python Bitnami Python Docker Image
docker.io/cimg/python
docker.io/okteto/python
docker.io/appdynamics/python-agent-init AppDynamics Repository for Python agent inst...
docker.io/rapidfort/python-chromedriver
docker.io/intel/python
docker.io/pachyderm/python-build
docker.io/pachyderm/python-sdk-ci-testing
docker.io/airbyte/python-connector-base
docker.io/clearlinux/python Python programming interpreted language with...
docker.io/faucet/python3 Python3 docker image for amd64
docker.io/openwhisk/python3action Apache OpenWhisk runtime for Python 3 Action...
docker.io/openwhisk/python2action Apache OpenWhisk runtime for Python v2 Actio...
docker.io/mirantis/python-operations-api https://mirantis.jira.com/browse/IT-40189
docker.io/opensuse/python openSUSE base image with python
docker.io/submitty/python Official Repository for Submitty Python Imag...
docker.io/okteto/python-fastapi
docker.io/fnndsc/python-poetry Python Poetry
docker.io/ubuntu/python A chiselled Ubuntu rock with the Python runt...
docker.io/pipelinecomponents/python-safety Safety by pyup.io for Python in a container...
docker.io/openwhisk/python3aiaction Apache OpenWhisk runtime for Python 3 Action...
docker.io/okteto/python-job-launcher下载镜像
[root@service ~]# podman pull docker.io/library/python
Trying to pull docker.io/library/python:latest...
Getting image source signatures
Copying blob e1aa7eb23da8 done |
Copying blob 7bb465c29149 done |
Copying blob 49b40be4436e done |
Copying blob 2b9b41aaa3c5 done |
Copying blob c558fac597f8 done |
Copying blob 11402150a57e done |
Copying blob 297428e82567 done |
Copying blob 28e810024ad5 done |
Copying config a3aef63c6c done |
Writing manifest to image destination
a3aef63c6c1029222ff635a72a0fcaddba1fd7a26abdf2491ace8eb3c654471e
查看镜像
[root@service ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/python latest a3aef63c6c10 4 weeks ago 1.04 GB
从容器文件创建容器镜像
[root@service ~]# vim Containerfile
FROM registry.access.redhat.com/ubi9/ubi:latest
RUN dnf install -y python39
CMD ["/bin/bash","-c","sleep infinity"]
[root@service ~]# podman build -t python39:1.0 .
STEP 1/3: FROM registry.access.redhat.com/ubi9/ubi:latest
Trying to pull registry.access.redhat.com/ubi9/ubi:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 1153e061da4e done |
Copying config 8d2a8803cf done |
Writing manifest to image destination
Storing signatures
STEP 2/3: RUN dnf install -y python39
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.Red Hat Universal Base Image 9 (RPMs) - BaseOS 118 kB/s | 515 kB 00:04
Red Hat Universal Base Image 9 (RPMs) - AppStre 683 kB/s | 1.8 MB 00:02
Red Hat Universal Base Image 9 (RPMs) - CodeRea 67 kB/s | 192 kB 00:02
Package python3-3.9.18-1.el9_3.1.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
--> bf856a94a83f
STEP 3/3: CMD ["/bin/bash","-c","sleep infinity"]
COMMIT python39:1.0
--> 0274d417a217
Successfully tagged localhost/python39:1.0
0274d417a21704d9e66aec64b1a0f9934ae822e776704044523e12eb1db5063c
查看镜像
[root@service ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/python39 1.0 0274d417a217 9 seconds ago 225 MB
registry.access.redhat.com/ubi9/ubi latest 8d2a8803cfca 8 days ago 219 MB
docker.io/library/python latest a3aef63c6c10 4 weeks ago 1.04 GB
运行容器
[root@service ~]# podman create --name python39 localhost/python39:1.0
2cf96e0ccbcbcceb66664cb5e93414e8f1f0163b44352c2f3b652ff2e95b9855
[root@service ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@service ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2cf96e0ccbcb localhost/python39:1.0 /bin/bash -c slee... 9 seconds ago Created python39
[root@service ~]# podman start python39
python39
[root@service ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2cf96e0ccbcb localhost/python39:1.0 /bin/bash -c slee... 46 seconds ago Up 17 seconds python39
删除容器
[root@service ~]# podman stop python39
WARN[0010] StopSignal SIGTERM failed to stop container python39 in 10 seconds, resorting to SIGKILL
python39[root@service ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@service ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2cf96e0ccbcb localhost/python39:1.0 /bin/bash -c slee... 2 minutes ago Exited (137) 32 seconds ago python39[root@service ~]# podman rm python39
python39
[root@service ~]# podman rmi localhost/python39:1.0
Untagged: localhost/python39:1.0
Deleted: 0274d417a21704d9e66aec64b1a0f9934ae822e776704044523e12eb1db5063c
Deleted: bf856a94a83f1f433aa54190152d11556e24bb105876eb8342947358a420b203
这篇关于PodMan容器技术的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
