Containers are a lightweight userspace version of the Linux operating system - in fact, this is the "bare" minimum. However, it is still a complete operating system, and therefore the quality of this container itself is just as important as a full-fledged operating system. That is why for a long time we offered so that users can have certified, up-to-date, and up-to-date enterprise-grade containers. launch (container images) RHEL on container hosts RHEL provides compatibility and portability between environments, not to mention the fact that these are already familiar tools. There was, however, one problem. You couldn't just hand that image over to someone else, even if it was a customer or partner using Red Hat Enterprise Linux.
But now everything has changed
With the release of the Red Hat Universal Base Image (UBI), you can now enjoy the familiar reliability, security, and high performance of official Red Hat container images, whether you subscribe or not. This means you can build a containerized application on UBI, put it in a container registry of your choice, and share it with the world. Red Hat Universal Base Image allows you to build, share and collaborate on a containerized application in any environment, wherever you want.
Thanks to UBI, it is possible to publish and run your applications on almost any infrastructure. But if you run them on Red Hat platforms such as Red Hat OpenShift and Red Hat Enterprise Linux, you can get additional benefits (more gold!). And before we get into a more detailed description of UBI, let me provide a short FAQ on why RHEL Subscription is needed. So what happens when you run a UBI image on a RHEL/OpenShift platform?
And now, when I'm satisfied with marketing, let's talk more about UBI
Reasons to use UBI
What you need to feel in order to understand that UBI will be useful to you:
- My developers want to use container images that can be distributed and run in any environment
- My team operations wants a supported base image with an enterprise-grade lifecycle
- My architects want to offer my customers/end users
- My customers don't want to blow enterprise-level support for their entire Red Hat environment
- My community wants to share, run, publish containerized applications literally everywhere
If at least one of the scenarios suits you, then you should definitely pay attention to UBI.
More than just a basic look
UBI is less than a full OS, but UBI has three important things:
- A set of three base images (ubi, ubi-minimal, ubi-init)
- Images with ready-made runtime environments for various programming languages ββ(nodejs, ruby, python, php, perl, etc.)
- A set of related packages in the YUM repository with the most common dependencies
UBI was created as a foundation for cloud-native and web applications developed and delivered in containers. All content in UBI is a subset of RHEL. All packages in UBI come through RHEL channels and are supported like RHEL when run on Red Hat supported platforms such as OpenShift and RHEL.
It takes a lot of effort from engineers, security specialists, and other additional resources to provide quality support for containers. It requires not only testing base images, but also analyzing their behavior on any supported host.
To ease the upgrade challenges, Red Hat is actively developing and supporting development so that UBI 7 can run on RHEL 8 hosts, for example, and UBI 8 on RHEL 7 hosts. This gives users the flexibility, confidence and peace of mind they need to run such as platform updates in container images or hosts in use. Now all this can be divided into two independent projects.
Three basic looks
Minimal - designed for applications with all dependencies (Python, Node.js, .NET, etc.)
- Minimum set of pre-installed content
- No suid executables
- Minimal package manager toolkit (install, upgrade and remove)
Platform - for any application that runs on RHEL
- Unified OpenSSL Cryptographic Stack
- The full stack of YUM
- Useful core OS utilities included (tar, gzip, vi, etc.)
Multi-Service - makes it easy to run multiple services in a single container
- Configured to run systemd on startup
- Ability to enable services at build time
Container images with ready-made programming language runtimes
In addition to base images that allow you to install programming language support, UBIs include pre-built images with pre-built runtimes for a number of programming languages. Many developers can simply grab an image and get to work on the application they are developing.
With the launch of UBI, Red Hat offers two sets of images - based on RHEL 7 and based on RHEL 8. They were based on Red Hat Software Collections (RHEL 7) and Application Streams (RHEL 8), respectively. These runtimes are kept up to date and typically receive up to four updates per year, so you always have the ability to work with the latest and most stable versions.
Here is a list of UBI 7 container images:
Here is a list of container images for UBI 8:
Associated packages
Using ready-made images is really very convenient. Red Hat keeps them up-to-date and updates them with the release of a new version of RHEL, as well as when critical CVE updates become available in accordance with the update policy so that you can take one of these images and start working on the application right away.
But sometimes, when building an application, you may suddenly need some additional package. Or, sometimes, in order to make the application work, one or another package needs to be updated. That's why UBI images come with a set of RPMs that are available through yum and distributed using a fast and highly available content delivery network (package for you!). When you run a yum update on your CI/CD at that critical moment in a release, you can be sure it will work.
RHEL is the foundation
We never tire of repeating that RHEL is the foundation of everything. Do you know what teams at Red Hat are working on creating base images? For example these are:
- An engineering group responsible for ensuring that core libraries such as glibc and OpenSSL, as well as language runtimes such as Python and Ruby, deliver consistent performance and workloads reliably when used in containers.
- The Product Security team is dedicated to fixing bugs and security issues in libraries and language environments in a timely manner, and their performance is measured using a special index. .
- A team of product managers and engineers is dedicated to adding new features and ensuring a long product life cycle, which gives you the confidence to make an investment that can be used as a foundation.
Red Hat Enterprise Linux makes a great host and image for containers, but for many developers it's important to be able to work with the system in a variety of formats, some of which may be outside of the system's supported Linux use cases. This is where universal UBI images come to the rescue.
Let's say right now, at this stage, you're just looking for a base image to get started on a simple containerized application. Or are you already closer to the future and moving from autonomous containers running on a container engine to a cloud-native history using building and certifying Operators running on OpenShift. In any case, UBI provides an excellent basis for this.
Containers include a lightweight user-space version of the operating system in a new packaging format. The release of UBI images sets a new industry standard for containerized development, making enterprise-class containers available to all users, ISVs, open source communities. In particular, software developers can standardize their products using a single, proven foundation for all their containerized applications, including . Developer companies using UBI also have access to Red Hat Container Certification and Red Hat OpenShift Operator Certification, which in turn allows continuous verification of software running on Red Hat platforms such as OpenShift.
How to get started with image
In short, it's very simple. Podman is available not only on RHEL, but also on Fedora, CentOS, and a number of other Linux distributions. All you have to do is checkout the image from one of the following repositories and you're good to go.
For UBI 8:
podman pull registry.access.redhat.com/ubi8/ubi
podman pull registry.access.redhat.com/ubi8/ubi-minimal
podman pull registry.access.redhat.com/ubi8/ubi-init
For UBI 7:
podman pull registry.access.redhat.com/ubi7/ubi
podman pull registry.access.redhat.com/ubi7/ubi-minimal
podman pull registry.access.redhat.com/ubi7/ubi-init
Well, check out the full Universal Base Image Guide
Source: habr.com