How to Create an etcd Container Image with Buildah and RedHat's UBI

Containers are an inherent part of today’s work for developers and operators. They offer an elegant way of providing needed applications started up at the blink of an eye or running at scale in the cloud or a data center.

This how to will display one of several options to create such a container image. The application I use in this example is etcd. etcd is a distributed, reliable key-value store for the most critical data of a distributed system. In my daily work, etcd is part of highly available PostgreSQL with Patroni.

> If you are new to etcd, check out etcd’s playground

> The content of this blog entry is available at my Github repository, too!

Prerequisites

I’m currently running Ubuntu 22.04. So, before we can start to work on the container image, let’s install some packages with apt:

podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) containers and container images. If you are already familiar with Docker, then you will probably know what is going on. Podman offers several advantages over Docker: maybe the most important one is that containers can be run in rootless mode. In addition, when looking at companies like RedHat or SUSE, both have switched from Docker to Podman in the past to complete their container platforms.

buildah is a tool to facilitate building OCI container images. Buildah and Podman complement each other

For comfort reasons, and to enable a small proof of concept, the podman-compose Python script is installed, too.

Copy to Clipboard

Build the Image

buildah enables the creation of images from scratch. You just start with an empty container which only includes some metadata. In this article, I rely on RedHat’s UBI minimal image. All the following steps are part of a script to accelerate and automate the build process and are run in privileged mode as user root.

First, set environment variables for the etcd version and where to download etcd from.

Copy to Clipboard

Download the etcd binaries.

Copy to Clipboard

Extract only a subset of the objects in the tarball. Only the binaries are required.

Copy to Clipboard

With that done, use buildah to create a new minimal container named etcd which is based on the ubi-minimal image.

Copy to Clipboard

It is good behavior to add some metadata about the container. Here, I just add myself as the author in this example, but you could add additional metadata for your organization.

Copy to Clipboard

I’d like to run my etcd with a default user and group called etcd. Therefore, the shadow-utils package is installed to use the groupadd and useradd command. After the creation of the group and user, the packages are removed again and the microdnf cache is cleared. User etcd is set as default user and the working directory is its home directory.

Copy to Clipboard

Even if containers are by default volatile, some application, e.g. databases, require a data directory for persistance. In this case, the data directory etcddata is created and owned by user etcd. In addition, etcd becomes aware of its data directory by setting the environment variable ETCD_DATA_DIR. In a real world scenario, a volume is required to persist etcd’s data.

Copy to Clipboard

The container is still missing the etcd binaries. Copy these three binaries into the image.

Copy to Clipboard

Each container needs an entrypoint for the start. For etcd, just call the etcd binary.

Copy to Clipboard

That’s it! Other applications or use cases might require a bigger set of commands to build a container image. For the etcd container image, just unmount and commit the new image. Do not forget to appropriately tag your image.

Copy to Clipboard

The downloaded etcd tarball and extracted binaries are of no use anymore. Remove them.

Copy to Clipboard

Finally, put all the steps in a script and you are good to go.

Test

The container is visible by calling buildah containers.

Copy to Clipboard

The newly tagged image is available, too.

Copy to Clipboard

It is even possible to inspect the image and get an idea of its build.

Copy to Clipboard

Demo

The container image is ready to use. Let’s try to setup a three node etcd cluster with podman-compose and a minimalistic configuration. The compose.yml looks like the following. The environment variables are part of a .env file which is located in the same directory.

Copy to Clipboard

version: '3.9'

services:
  etcd0:
    container_name: etcd0
    image: 'localhost/etcd:${ETCD_VERSION}'
    ports:
      - 23790:2379
      - 23800:2380
    environment:
      - ALLOW_NONE_AUTHENTICATION=yes
      - ETCD_NAME=etcd0
      - ETCD_DATA_DIR=/etcddata
      - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
      - ETCD_ADVERTISE_CLIENT_URLS=http://etcd0:2379
      - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
      - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd0:2380
      - ETCD_INITIAL_CLUSTER=etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
      - ETCD_INITIAL_CLUSTER_TOKEN=${ETCD_INITIAL_CLUSTER_TOKEN}
      - ETCD_INITIAL_CLUSTER_STATE=new
      - ETCD_HEARTBEAT_INTERVAL=1000
      - ETCD_ELECTION_TIMEOUT=5000

etcd1:
    container_name: etcd1
    image: 'localhost/etcd:${ETCD_VERSION}'
    ports:
      - 23791:2379
      - 23801:2380
    environment:
      - ALLOW_NONE_AUTHENTICATION=yes
      - ETCD_NAME=etcd1
      - ETCD_DATA_DIR=/etcddata
      - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
      - ETCD_ADVERTISE_CLIENT_URLS=http://etcd1:2379
      - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
      - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd1:2380
      - ETCD_INITIAL_CLUSTER=etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
      - ETCD_INITIAL_CLUSTER_TOKEN=${ETCD_INITIAL_CLUSTER_TOKEN}
      - ETCD_INITIAL_CLUSTER_STATE=new
      - ETCD_HEARTBEAT_INTERVAL=1000
      - ETCD_ELECTION_TIMEOUT=5000

etcd2:
    container_name: etcd2
    image: 'localhost/etcd:${ETCD_VERSION}'
    ports:
      - 23792:2379
      - 23802:2380
    environment:
      - ALLOW_NONE_AUTHENTICATION=yes
      - ETCD_NAME=etcd2
      - ETCD_DATA_DIR=/etcddata
      - ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
      - ETCD_ADVERTISE_CLIENT_URLS=http://etcd2:2379
      - ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
      - ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd2:2380
      - ETCD_INITIAL_CLUSTER=etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
      - ETCD_INITIAL_CLUSTER_TOKEN=${ETCD_INITIAL_CLUSTER_TOKEN}
      - ETCD_INITIAL_CLUSTER_STATE=new
      - ETCD_HEARTBEAT_INTERVAL=1000
      - ETCD_ELECTION_TIMEOUT=5000

Just run the composed setup, wait a few seconds and voilá: the etcd cluster is up and running.

Copy to Clipboard

First, check the cluster member list.

Copy to Clipboard

Second, validate the cluster health status.

Copy to Clipboard

Last but not least, put a value into the store.

Copy to Clipboard

And read it again.

Copy to Clipboard

Conclusion

Working with podman and buildah is quite easy. Both tools have a great range of features to cope with your development or operational demands. So, if the publicly available container images from common sources don’t suit your needs, just create your own container images.