The launch of Red Hat Enterprise Linux (RHEL) 8.3, brings with it a host of new container capabilities. This builds on the work done in RHEL 8.2 (New container capabilities in Red Hat Enterprise Linux 8.2) and gives users even more reasons to upgrade from RHEL 7.

Here’s a quick summary:

  • New container tools training

  • Update to the container-tools:rhel8 fast moving stream

  • Podman 2.0 with a new REST Application Programming Interface (API) which has a Docker compatible end point

  • Skopeo 1.X with greater stability and login/logout capabilities

  • Buildah and Skopeo image are Generally Available and supported

  • Podman container image is available as a Technology Preview

  • New Application Container Images

  • Podman manifest support

Update Container Tools Fast Stream (container-tools:rhel8)

The container-tools:rhel8 stream with RHEL 8.3 to the following versions: Podman 2.0.5, Buildah 1.15.1, and Skopeo 1.1.1.

Here’s a list of some interesting new features since RHEL 8.2:

  • Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id.

  • The podman system connection command has been reworked to support multiple connections, and re-enabled for use!

  • Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.

  • The podman search command now allows wildcards in search terms.

  • The podman play kube command now supports the IfNotPresent pull type.

  • The REST API and podman system service are no longer experimental, and are now ready for use!

  • The Podman command now supports remote connections via the REST API using the --remote flag.

  • The Podman remote client has been entirely rewritten to use the new REST API instead of Varlink.

  • The podman generate systemd command now supports the --new flag when used with pods, allowing portable services for pods to be created.

  • Buildah: Add VFS additional image store to container

  • Buildah: better integration of containers.conf

Containers illustrationWant to do more with Red Hat's Universal Base Image (UBI)?

Podman 2.0

This is a major new version of Podman, but what does a major new version mean? Podman uses something called Semantic Versioning, sometimes called SemVer for short. The semver.org site has a great description, but here’s a quick refresher. Under SemVer, every program has a major, minor and patch number in the format of MAJOR.MINOR.PATCH. For example, in RHEL 8.3, we are releasing Podman 2.0.5. Here's how semver.org explains each number:

  1. MAJOR version when you make incompatible API changes.

  2. MINOR version when you add functionality in a backwards compatible manner.

  3. PATCH version when you make backwards compatible bug fixes.

The major version of Podman has been incremented because the current API based on varlink has been replaced with the new REST API, which targets Podman 2.0 with a Docker compatibility layer targeting version 1.40. The new REST API is the preferred way to programmatically interact with Podman. The varlink based interface is now deprecated, will no longer be extended, and planned to be removed in Podman 3.0.

This REST interface is the final piece of the puzzle to help ease the transition from RHEL 7 for customers who use the Docker daemon to upgrade to RHEL 8 with Podman. From the day we launched RHEL 8, Podman was compatible with the Docker daemon in many important ways. Podman uses the same images, can communicate with the same registry servers, uses the same runtime (runc), and even has a Command Line Interface (CLI) that will feel very familiar to users of the Docker CLI. 

  • Image Format: Compatible

  • Registry Format: Compatible

  • Runtime Format: Compatible

  • CLI: Compatible

  • API: Compatible as of 2.0

With this new Podman 2.0 REST API, we are tackling this final point of compatibility. This should allow users to bring code which relies on the Docker API to RHEL 8. We’re quite proud of this work, and it’s been a huge undertaking for the Podman team.

For a deeper dive, check out the following articles and documentation:

Container Images for Buildah and Skopeo

Packaging software as container images enables fellow creators to start their work with a bias toward consumption (Life in The Container - When it comes to code, be a consumer). This is true of application dependencies as well as the tools that we use to create our applications. To reduce friction and enable Open Container Initiative (OCI) compliant tools in every use case possible, Red Hat is working on containerized versions of container tools like Buildah, Skopeo, and Podman.

With the release of RHEL 8.3, we now offer Technology Preview container images for Podman,  as well as Generally Available (GA) images for Buildah and Skopeo. We invite you to come use these images and give us feedback on them. The goal is to provide a set of containerized applications that can be used to build other applications anywhere you already run containers.

New Application Container Images

With RHEL 8.3, we are releasing updated versions of many container images, which help users build applications. Please see the release notes and the RHEL 8 Product Page in the Red Hat Ecosystem Catalog for more details.

Red Hat Universal Base Image (UBI) 8 Product Page

RHEL 8 Product Page

  • GCC Toolset/Perftools 10

  • Grafana

  • PCP

Podman Manifest Support

You can run the command podman run -it ubi8 on RHEL 8 whether it’s installed on x86, ARM, POWER or Z. The command is so simple, but the container images are different for every physical architecture. The binaries in each container image have been compiled for that specific architecture. Binaries compiled for x86 don’t run on ARM processors and vice versa. To make the same command work on every architecture means that Red Hat has to embed multiple container images in the same container repository. For RHEL 8 images, this means there are four different images, one for each supported architecture (ex. x86, ARM, POWER, and Z), embedded in every repository (for example, registry.access.redhat.com/ubi8/ubi).

This new podman manifest sub-command helps users interact with the metadata necessary to work with these multi-arch repositories. This metadata is often called an image index in OCI parlance, or a manifest list in Docker parlance, and is essentially a piece of JSON metadata that provides container engines like Podman or Docker with essential information they need about what architectures (x86, ARM, POWER, Z) are available within a repository.

The latest release of Podman in RHEL 8.3 provides the foundational tools necessary to create multi-arch images (images for more than one architecture) and push them to remote servers. These features will be useful to customers doing advanced container image builds.

Here’s an example of how to create a local manifest:

podman manifest create localhost/list

And, inspect it:

podman manifest inspect localhost/list

Output:

{

    "schemaVersion": 2,

    "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",

    "manifests": null

}

Level Up Your Linux Skills with RHEL Container Tools

As a result of the heightened industry importance of containers, Red Hat extended two of our core Linux courses by a day to include containers. Beginning October 1, 2020, Red Hat System Administration II (RH134) and RHCSA Rapid Track course (RH199) were extended from four to five days with the final day focused on containers, which will prepare users for Kubernetes and Red Hat OpenShift. 

Students in RH134 and RH199 courses will now utilize RHEL Container Tools to obtain, run, and manage services as containers on a single RHEL server. 

OpenShift is built on the trusted foundation of RHEL, providing the same security features, stability and ecosystem that you know and expect. Just as Red Hat brought Linux to the enterprise, we are doing the same with Kubernetes. And because containers are fundamentally a Linux technology, Red Hat is able to deliver an optimized path for you to add containers and Kubernetes to your core skills.

This update to our Linux courses allows for our Red Hat Certified System Administrator exam (EX200) to include container material as well. This new exam content gives test-takers hands-on experience in real world container applications and extends the duration of the exam by 30 minutes.

Red Hat Enterprise Linux 7 EX200 was not impacted by these changes. Content changes only occurred  on Red Hat Enterprise Linux 8.2 RH199, RH134, EX200. Red Hat System Administration I (RH124) will not include containers, but has also been updated to RHEL 8.2.

For more information on these training and certification updates, see the full blog and the level-up landing page.

Conclusion

Whether in the container image, or on the container host, containers at Red Hat start with RHEL. RHEL 8.3, the latest version, provides features that serve as the foundation for OpenShift and beyond. 

We invite you to take a look at all of our new features: product documentation, release notes and the new UBI images in the Ecosystem Catalog.


About the author

At Red Hat, Scott McCarty is Senior Principal Product Manager for RHEL Server, arguably the largest open source software business in the world. Focus areas include cloud, containers, workload expansion, and automation. Working closely with customers, partners, engineering teams, sales, marketing, other product teams, and even in the community, he combines personal experience with customer and partner feedback to enhance and tailor strategic capabilities in Red Hat Enterprise Linux.

McCarty is a social media start-up veteran, an e-commerce old timer, and a weathered government research technologist, with experience across a variety of companies and organizations, from seven person startups to 20,000 employee technology companies. This has culminated in a unique perspective on open source software development, delivery, and maintenance.

Read full bio