Buildah is an open source, Linux-based tool used to build Open Container Initiative (OCI)-compatible containers, meaning the containers are compatible with Docker and Kubernetes as well. With Buildah, you can use your favorite tools to create efficient container images from an existing base image or from scratch using an empty image. It’s a more flexible and secure way to build container images. In this article, we’ll learn more about how.
Buildah (named for the word "builder" pronounced with a Boston accent) was created in 2017 by Daniel Walsh and his team at Red Hat. They set out to create a "coreutils" of container images—a tool that could be used with existing container-host tools to build OCI- and Docker-compatible container images. These images could then be stored in container registries and used in multiple runtime environments, with or without the use of a container daemon like Docker’s (which requires root-access privileges, and the resulting containers of which are then dependent on the functionality of the daemon itself).
The result was Buildah—a command-line tool that:
- Builds container images with or without Dockerfiles (a text document that contains all the commands a user could call on to assemble an image)
- Creates container images from scratch or from an existing container image starting point
- Doesn’t include build tools within the image itself, reducing the size of built images, increasing security, and allowing for easier transport using fewer resources
- Is compatible with Dockerfiles, allowing for easy transition from Docker
- Creates user-specific images so that images can be sorted by the user who created them.
The flexibility that Buildah provides—of building images without Dockerfiles, allowing for the integration of other scripting languages into the build process—as well as the efficiency it creates in using build tools that are external to the image itself, provides a tool that allows for faster innovation and implementation of new ideas. Container images can be created and built upon quickly, with only the tools and processes necessary to get them up and running.
Buildah also allows you to:
- Inspect, verify, and modify images
- Push containers and images from local storage to a public or private registry or repository
- Push or pull images from the Docker Hub
- Remove locally stored container images
- Mount and unmount a working container’s root file system
- Use the updated contents of a container’s root filesystem as a filesystem layer for a new image
Buildah and Podman are both complementary open source projects and command line tools, working with and building OCI-images and containers. Buildah was created first, and Podman uses the same code for building as Buildah. However, Buildah’s commands are much more detailed than Podman’s allowing for finer-grained control over images and allowing for the creation of finer image layers. Podman’s "build" command uses a subset of Buildah’s functionality.
Buildah specializes in building container images, replicating all the commands found in a Dockerfile without the daemon socket component, while Podman specializes in the things you need to maintain and modify those images in a container. With Podman, you can create a container—using Buildah to provide the container image—and then run, maintain, and modify the container you’ve created in a production environment using familiar command line interface (CLI) commands (if you can run a command in the Docker CLI, you can run the same command in the Podman CLI).
Another way that Podman and Buildah are different is this: Buildah’s containers are mainly created temporarily to allow the transfer of content to the container image being created, while with Podman, users create traditional containers, intended to be used and maintained for longer periods of time. Buildah’s containers serve a shorter-term purpose, while Podman’s containers are in it for the longer run.
One more thing. Buildah and Podman do not share internal representations of containers, so a container in one can’t be seen in the other. But, they do share internal representations of container images, allowing container images that are created, modified, or pulled from one to be seen and used in the other.
Buildah started at Red Hat with Red Hat engineers and developers working together to make a useful tool that would serve as a valuable way to save time and boost productivity. Buildah is a valuable tool for anyone working with Linux containers, and when it comes to containers and Kubernetes, Red Hat has you covered from operating system to automation.
Red Hat knows containers and Kubernetes. We've got the products and services to make sure you build and execute your container strategy the right way. Whether it’s getting your development teams on a platform built with containers in mind, running your container infrastructure on a best-in-class operating system, or providing storage solutions for the massive data generated by containers, Red Hat's solutions have what you need.