Containers are an inherent part of today’s work for developers and operators. They offer an elegant way of providing needed applications started up at the blink of an eye or running at scale in the cloud or a data center.
This how to will display one of several options to create such a container image. The application I use in this example is etcd. etcd is a distributed, reliable key-value store for the most critical data of a distributed system. In my daily work, etcd is part of highly available PostgreSQL with Patroni.
> If you are new to etcd, check out etcd’s playground
> The content of this blog entry is available at my Github repository, too!
Prerequisites
I’m currently running Ubuntu 22.04. So, before we can start to work on the container image, let’s install some packages with apt
:
podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) containers and container images. If you are already familiar with Docker, then you will probably know what is going on. Podman offers several advantages over Docker: maybe the most important one is that containers can be run in rootless mode. In addition, when looking at companies like RedHat or SUSE, both have switched from Docker to Podman in the past to complete their container platforms.
buildah is a tool to facilitate building OCI container images. Buildah and Podman complement each other
For comfort reasons, and to enable a small proof of concept, the podman-compose
Python script is installed, too.
Build the Image
buildah enables the creation of images from scratch. You just start with an empty container which only includes some metadata. In this article, I rely on RedHat’s UBI minimal image. All the following steps are part of a script to accelerate and automate the build process and are run in privileged mode as user root.
First, set environment variables for the etcd version and where to download etcd from.
Download the etcd binaries.
Extract only a subset of the objects in the tarball. Only the binaries are required.
With that done, use buildah to create a new minimal container named etcd which is based on the ubi-minimal image.
It is good behavior to add some metadata about the container. Here, I just add myself as the author in this example, but you could add additional metadata for your organization.
I’d like to run my etcd with a default user and group called etcd. Therefore, the shadow-utils package is installed to use the groupadd and useradd command. After the creation of the group and user, the packages are removed again and the microdnf cache is cleared. User etcd is set as default user and the working directory is its home directory.
Even if containers are by default volatile, some application, e.g. databases, require a data directory for persistance. In this case, the data directory etcddata is created and owned by user etcd. In addition, etcd becomes aware of its data directory by setting the environment variable ETCD_DATA_DIR. In a real world scenario, a volume is required to persist etcd’s data.
The container is still missing the etcd binaries. Copy these three binaries into the image.
Each container needs an entrypoint for the start. For etcd, just call the etcd binary.
That’s it! Other applications or use cases might require a bigger set of commands to build a container image. For the etcd container image, just unmount and commit the new image. Do not forget to appropriately tag your image.
The downloaded etcd tarball and extracted binaries are of no use anymore. Remove them.
Finally, put all the steps in a script and you are good to go.
Test
The container is visible by calling buildah containers
.
The newly tagged image is available, too.
It is even possible to inspect the image and get an idea of its build.
Demo
The container image is ready to use. Let’s try to setup a three node etcd cluster with podman-compose
and a minimalistic configuration. The compose.yml
looks like the following. The environment variables are part of a .env
file which is located in the same directory.
Just run the composed setup, wait a few seconds and voilá: the etcd cluster is up and running.
First, check the cluster member list.
Second, validate the cluster health status.
Last but not least, put a value into the store.
And read it again.
Conclusion
Working with podman and buildah is quite easy. Both tools have a great range of features to cope with your development or operational demands. So, if the publicly available container images from common sources don’t suit your needs, just create your own container images.