A little over a year ago, I challenged my engineering team to create a “coreutils” of container images—essentially, a utility that could be used with existing container host tools like cp, make, yum, and more to build Open Container Initiative (OCI) and docker container images. These images could then be stored at container registries and used by a multitude of container runtimes. I told the team that OCI images were nothing more than a tarball of related container-specific files, so asked, why can’t we create a simple tool to build them without running a container daemon? The engineers asked me what to call it and I responded: “just call it builder.” The engineers heard my Boston accent and `Buildah` was born. I am thrilled to announce that we feel Buildah is developed enough to declare a 1.0 release, with the intent to continue adding innovation and features in the future.
It’s not really a secret that Linux containers are becoming a staple in the mix for modern enterprise IT. Gartner predicts that, by 2020, more than 50% of global organizations will be running containerized applications in production, up from less than 20% today.* This means to us that developers need to be able to more quickly and easily create containerized applications. It’s this challenge that the Buildah project, with the release of version 1.0, aims to solve by bringing new innovation to the world of container development.
While Linux containers themselves present a path to digital transformation, the actual building of these containers isn’t quite so clear. Typically, building a Linux container image requires the use of an extensive set of tools and daemons (a container engine, so to speak). The existing tools are bulky by container standards and I believe there has been a distinct lack of innovation. IT teams may want their build systems running the bare minimum of processes and tools, otherwise, additional complexity can be introduced that could lead to loss of system stability and even security risks. Complexity is a serious architectural and security challenge.
This is where Buildah comes in. A command line utility, Buildah provides only the basic requirements needed to create or modify Linux container images making it easier to integrate into existing application build pipelines.
The resulting container images are not snowflakes, either; they are OCI-compliant and can even be built using Dockerfiles. Buildah is a distillation of container development to the bare necessities, designed to help IT teams to limit complexity on critical systems and streamline ownership and security workflows.
When we say “bare necessities,” we mean it. Buildah allows for the on-the-fly creation of containers from scratch—think of it as an empty box. For example, Buildah can assemble containers that omit things like package managers (DNF/YUM), that are not required by the final image. So not only can Buildah provide the capability to build these containers in a less complex and more secure fashion, it can cut bloat (and therefore image size) and extend customization to what you need in your cloud-native applications.
Since Buildah is daemonless, it is easier to run it in a container without setting up special infrastructure on the host or “leaking” host sockets into the container. You can run Buildah inside of your Kubernetes (or enterprise Kubernetes, like Red Hat OpenShift) cluster.
What’s special about Buildah 1.0
We’ve talked about Buildah before, most notably launching full, product-level support for it in Red Hat Enterprise Linux 7.5. Now that 1.0 has hit the community, here are a few of the notable features in Buildah that make it interesting:
Buildah has added external read/write volumes during builds, which enables users to build container images that reference external volumes while being built, but without having to ship those external volumes in the completed image. This helps to simplify image creation without bloating those images with unnecessary and unwanted artifacts in production.
To enhance security, Buildah can help the resulting images better comply with Federal Information Processing Standards (FIPS), computer systems standards required by the U.S. Federal Government for non-military, governmental operations, with support for FIPS mode. When a host is running in FIPS mode, Buildah can build and run containers in FIPS mode as well, making it easier for containers on hosts running in FIPS mode to comply with the standards.
Buildah now also offers multi-stage builds, multiple container transport methods for pulling and pushing images, and more. By focusing solely on building and manipulating container images, Buildah is a useful tool for anyone working with Linux containers. Whether you’re a developer testing images locally or looking for an independent image builder for a production toolchain, Buildah is a worthy addition to your container toolbelt.
Want to start building with Buildah yourself?
Try `yum -y install buildah` or learn more and contribute at the project site: https://github.com/projectatomic/buildah.
You can also see a more detailed example at https://www.projectatomic.io/blog/2018/03/building-buildah-container-image-for-kubernetes/.
*Smarter with Gartner, 6 Best Practices for Creating a Container Platform Strategy, October 31, 2017, https://www.gartner.com/smarterwithgartner/6-best-practices-for-creatin…
About the authors
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies.
Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit