Difference between revisions of "Buildah"
From John Freier
| (5 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
List all images | List all images | ||
buildah images | buildah images | ||
| + | |||
| + | Build using a Dockerfile | ||
| + | buildah build-using-dockerfile --format docker --file Dockerfile --tag cs:latest | ||
| + | |||
| + | Push image to a local file as oci format | ||
| + | -- Build in OCI format for running in Podman. | ||
| + | buildah push --format oci localhost/cs:latest oci-archive:/app/target/cs-oci.tar | ||
| + | |||
| + | -- Build in docker format and run in docker. | ||
| + | buildah push --format docker localhost/cs-docker:latest docker-archive:/app/target/cs-docker2.tar | ||
| + | |||
| Line 12: | Line 23: | ||
--security-opt seccomp=unconfined \ | --security-opt seccomp=unconfined \ | ||
--security-opt apparmor=unconfined \ | --security-opt apparmor=unconfined \ | ||
| + | --device /dev/fuse \ | ||
--entrypoint "/bin/bash" \ | --entrypoint "/bin/bash" \ | ||
quay.io/buildah/stable | quay.io/buildah/stable | ||
| Line 18: | Line 30: | ||
--security-opt seccomp=unconfined | --security-opt seccomp=unconfined | ||
--security-opt apparmor=unconfined | --security-opt apparmor=unconfined | ||
| + | --device /dev/fuse | ||
seccomp - Docker restricts using unshare system call inside a containers. | seccomp - Docker restricts using unshare system call inside a containers. | ||
apparmor - This flag is required. | apparmor - This flag is required. | ||
| + | |||
| + | /dev/fuse - This is needed to use the fuse-overlay program inside the container rather then using the host kernel overlay. | ||
Latest revision as of 13:45, 6 April 2022
This tool is used to build images.
Build an image
buildah bud -t {image}:{tag}
List all images
buildah images
Build using a Dockerfile
buildah build-using-dockerfile --format docker --file Dockerfile --tag cs:latest
Push image to a local file as oci format
-- Build in OCI format for running in Podman. buildah push --format oci localhost/cs:latest oci-archive:/app/target/cs-oci.tar -- Build in docker format and run in docker. buildah push --format docker localhost/cs-docker:latest docker-archive:/app/target/cs-docker2.tar
To run buildah using docker
docker run -it \ --security-opt seccomp=unconfined \ --security-opt apparmor=unconfined \ --device /dev/fuse \ --entrypoint "/bin/bash" \ quay.io/buildah/stable
You need to have the following flags
--security-opt seccomp=unconfined --security-opt apparmor=unconfined --device /dev/fuse
seccomp - Docker restricts using unshare system call inside a containers.
apparmor - This flag is required.
/dev/fuse - This is needed to use the fuse-overlay program inside the container rather then using the host kernel overlay.
