Iziqukathi ziyinguqulo engasindi yesikhala somsebenzisi wesistimu yokusebenza ye-Linux - empeleni, ubuncane obungenalutho. Kodwa-ke, kusewuhlelo lokusebenza olugcwele, ngakho-ke ikhwalithi yalesi sitsha ngokwayo ibaluleke kakhulu njengesistimu yokusebenza egcwele. Yingakho isikhathi eside sanikeza , ukuze abasebenzisi bakwazi ukuba neziqukathi eziqinisekisiwe, zesimanje, nezibuyekeziwe zezinga lebhizinisi. Yethula (izithombe ze-container) I-RHEL kubasingathi besiqukathi i-RHEL inikeza ukuhambisana nokuphatheka phakathi kwezindawo, ingasaphathwa eyokuthi lawa angamathuluzi ajwayelekile vele. Nokho, kwaba khona inkinga eyodwa. Ubungeke nje unikeze omunye umuntu leso sithombe, ngisho noma bekuyikhasimende noma uzakwethu osebenzisa iRed Hat Enterprise Linux.
Kodwa manje konke sekushintshile
Ngokukhishwa kwe-Red Hat Universal Base Image (UBI), manje ungathola ukwethembeka, ukuphepha, nokusebenza obukulindele ezithombeni ezisemthethweni zesigqoko sesigqoko esibomvu, kungakhathaliseki ukuthi ubhalisile noma cha. Lokhu kusho ukuthi ungakha uhlelo lokusebenza olufakwe esitsheni ku-UBI, ulufake ebhukwini lokubhalisa lesiqukathi olithandayo, futhi wabelane ngalo nomhlaba. Isithombe se-Red Hat Universal Base sikuvumela ukuthi wakhe, wabelane, futhi uhlanganyele ohlelweni olufakwe esitsheni kunoma iyiphi indawoβlapho ufuna khona.
Nge-UBI, ungashicilela futhi usebenzise izinhlelo zakho zokusebenza cishe kunoma iyiphi ingqalasizinda. Kodwa uma uwasebenzisa kumapulatifomu e-Red Hat njenge-Red Hat OpenShift ne-Red Hat Enterprise Linux, ungathola izinzuzo ezengeziwe (igolide eliningi!). Futhi ngaphambi kokuthi sidlulele encazelweni enemininingwane eyengeziwe ye-UBI, ake nginikeze i-FAQ emfushane yokuthi kungani Ukubhaliswa kwe-RHEL kudingeka. Ngakho, kwenzekani uma usebenzisa isithombe se-UBI kuplathifomu ye-RHEL/OpenShift?
Futhi manje njengoba sesijabule ngokumaketha, ake sikhulume kabanzi nge-UBI
Izizathu zokusebenzisa i-UBI
Kufanele uzizwe kanjani ukwazi ukuthi i-UBI izokuzuzisa:
- Kwami abathuthukisi bafuna ukusebenzisa izithombe zeziqukathi ezingasatshalaliswa futhi zisebenze kunoma iyiphi indawo
- Ithimba lami ukusebenza ifuna isithombe esisekelwe esinomjikelezo wempilo wezinga lebhizinisi
- Kwami abaklami bezakhiwo ngifuna ukunikeza kumakhasimende ami/abasebenzisi bokugcina
- Kwami amakhasimende abafuni ukushaya izingqondo zabo ngokusekelwa kwezinga lebhizinisi kuyo yonke indawo yabo Yesigqoko Esibomvu
- Eyami umphakathi ifuna ukwabelana, ukusebenzisa, ukushicilela izinhlelo zokusebenza ezifakwe esitsheni ngokoqobo yonke indawo
Uma okungenani esisodwa sezimo sikufanele, kufanele nakanjani ubheke i-UBI.
Okungaphezu nje kwesithombe esiyisisekelo
I-UBI incane kune-OS egcwele ngokugcwele, kodwa i-UBI inezinto ezintathu ezibalulekile:
- Iqoqo lezithombe ezintathu eziyisisekelo (ubi, ubi-minimal, ubi-init)
- Izithombe ezinezindawo zesikhathi sokusebenza esenziwe ngomumo zezilimi ezahlukahlukene zokuhlela (ama-nodejs, i-ruby, i-python, i-php, i-perl, njll.)
- Iqoqo lamaphakheji ahlobene endaweni ye-YUM enokuncika okuvame kakhulu
I-UBI yadalwa njengesisekelo sezinhlelo zokusebenza zendabuko zamafu nezewebhu ezakhiwe futhi zalethwa ngeziqukathi. Konke okuqukethwe ku-UBI kuyisethi engaphansi ye-RHEL. Wonke amaphakheji ku-UBI alethwa ngamashaneli e-RHEL futhi asekelwa ngendlela efanayo ne-RHEL lapho esebenza ezisekelweni ezisekelwayo ze-Red Hat njenge-OpenShift ne-RHEL.
Ukuqinisekisa ukwesekwa kwekhwalithi ephezulu kweziqukathi kudinga umzamo omkhulu ovela konjiniyela, ochwepheshe bezokuphepha nezinye izinsiza ezengeziwe. Lokhu akudingi ukuhlola kuphela izithombe eziyisisekelo, kodwa futhi nokuhlaziya ukuziphatha kwazo kunoma yimuphi umsingathi osekelwayo.
Ukusiza ukunciphisa umthwalo wokuthuthukisa, i-Red Hat ithuthukisa futhi isekela ukuze i-UBI 7 isebenze kubasingathi be-RHEL 8, isibonelo, futhi i-UBI 8 isebenze kubasingathi be-RHEL 7. Lokhu kunikeza abasebenzisi ukuguquguquka, ukuzethemba, nokuthula ingqondo abayidingayo phakathi nenqubo. , isibonelo, izibuyekezo zenkundla ezithombeni zesiqukathi noma ababungazi abasetshenzisiwe. Manje konke lokhu kungahlukaniswa ngamaphrojekthi amabili azimele.
Izithombe ezintathu eziyisisekelo
Okuncane - okuklanyelwe izinhlelo zokusebenza ezinakho konke ukuncika (Python, Node.js, .NET, njll.)
- Isethi encane yokuqukethwe okufakwe kuqala
- Awekho ama-suid executable
- Amathuluzi okuphatha amaphakheji amancane (ukufakwa, ukuvuselela nokususwa)
Inkundla β yanoma yiziphi izinhlelo zokusebenza ezisebenza ku-RHEL
- I-OpenSSL Unified Cryptographic Stack
- Isitaki se-YUM esigcwele
- Izinsiza eziyisisekelo ze-OS ezifakiwe (i-tar, i-gzip, vi, njll.)
I-Multi-Service - yenza kube lula ukusebenzisa izinsiza eziningi esitsheni esisodwa
- Ilungiselelwe ukuqalisa i-systemd ekuqaleni
- Ikhono lokunika amandla izinsizakalo esigabeni sokwakha
Izithombe zesiqukathi ezinezimo zesikhathi sokusebenza zolimi esezenziwe ngomumo
Ngokungeziwe ezithombeni eziyisisekelo ezikuvumela ukuthi ufake usekelo lolimi lokuhlela, ama-UBI afaka izithombe ezakhelwe ngaphambilini ezinezindawo zesikhathi sokusebenza esezenziwe ngenani lezilimi zokuhlela. Onjiniyela abaningi bangavele babambe isithombe bese beqala ukusebenza kuhlelo abaluthuthukisayo.
Ngokwethulwa kwe-UBI, i-Red Hat inikeza amasethi amabili ezithombe - ezisekelwe ku-RHEL 7 futhi zisekelwe ku-RHEL 8. Bezisekelwe kumaqoqo e-Red Hat Software Collections (RHEL 7) kanye ne-Application Streams (RHEL 8), ngokulandelanayo. Lezi zikhathi zokusebenza zigcinwa zinolwazi lwakamuva futhi zithola izibuyekezo ezifika kwezine ngonyaka njengezijwayelekile, ngakho-ke uhlala usebenzisa izinguqulo zakamuva nezime kakhulu.
Nalu uhlu lwezithombe zeziqukathi ze-UBI 7:
Nalu uhlu lwezithombe zeziqukathi ze-UBI 8:
Amaphakheji ahambisanayo
Ukusebenzisa izithombe esezakhiwe kulula kakhulu. I-Red Hat iwagcina enolwazi lwakamuva futhi iwabuyekeza ngokukhishwa kwenguqulo entsha ye-RHEL, kanye nalapho izibuyekezo ezibucayi ze-CVE zitholakala khona ngokuvumelana nenqubomgomo yokubuyekeza. ukuze ukwazi ukuthatha esinye salezi zithombe futhi ngokushesha uqale ukusebenza kuhlelo lokusebenza.
Kodwa ngezinye izikhathi, lapho udala uhlelo lokusebenza, ungase udinge iphakheji eyengeziwe ngokuzumayo. Noma, kwesinye isikhathi, ukuze uhlelo lokusebenza lusebenze, udinga ukubuyekeza iphakheji eyodwa noma enye. Kungakho izithombe ze-UBI ziza nesethi yama-RPM atholakala nge-yum, futhi asatshalaliswa kusetshenziswa inethiwekhi yokulethwa kokuqukethwe esheshayo netholakala kakhulu (usunalo iphakheji!). Uma usebenzisa isibuyekezo se-yum ku-CI/CD yakho kulelo phuzu lokukhululwa elibalulekile, ungaqiniseka ukuthi izosebenza.
I-RHEL iyisisekelo
Asikhathali ukuphinda ukuthi i-RHEL iyisisekelo sayo yonke into. Uyazi ukuthi yimaphi amaqembu e-Red Hat asebenza ekudaleni izithombe eziyisisekelo? Ngokwesibonelo lezi:
- Ithimba lonjiniyela elinomthwalo wemfanelo wokuqinisekisa ukuthi amalabhulali abalulekile njenge-glibc ne-OpenSSL, kanye nezikhathi zokusebenza zolimi ezifana ne-Python ne-Ruby, ahlinzeka ngokusebenza okungaguquki futhi aqhube umsebenzi ngokuthembekile uma esetshenziswa ezitsheni.
- Ithimba lokuvikela umkhiqizo linesibopho sokulungisa amaphutha ngesikhathi kanye nezindaba zokuphepha emitapo yolwazi nasezindaweni zolimi, ukuphumelela komsebenzi wabo kuhlolwa kusetshenziswa inkomba ekhethekile. .
- Ithimba labaphathi bemikhiqizo nonjiniyela lizinikele ekwengezeni izici ezintsha kanye nokuqinisekisa umjikelezo wempilo omude womkhiqizo, okukunikeza ukuzethemba kutshalomali lwakho ongazakhela kulo.
I-Red Hat Enterprise Linux yenza umsingathi nesithombe esihle kakhulu seziqukathi, kodwa onjiniyela abaningi bayalazisa ikhono lokusebenza nesistimu ngamafomethi ahlukahlukene, amanye awo angase abe ngaphandle kwezimo zokusetshenziswa ezisekelwayo zesistimu ye-Linux. Kulapho izithombe ze-UBI ezitholakala emhlabeni wonke zisiza khona.
Ake sithi njengamanje, kulesi sigaba, ufuna nje isithombe esiyisisekelo ukuze uqale ukusebenza kuhlelo lokusebenza olufakwe esitsheni. Noma ingabe ususeduze nekusasa futhi usuka eziqukathi ezizimele ezisebenza enjinini yesiqukathi uye emlandweni wamafu usebenzisa ama-Opharetha okwakha nokuqinisekisa asebenza ku-OpenShift. Kunoma yikuphi, i-UBI izohlinzeka ngesisekelo esihle kakhulu salokhu.
Iziqukathi zifaka inguqulo engasindi yesikhala somsebenzisi wesistimu yokusebenza ngefomethi entsha yokupakisha. Ukukhishwa kwezithombe ze-UBI kusetha indinganiso entsha yemboni yokuthuthukiswa kwebhokisi, okwenza iziqukathi ezisezingeni lebhizinisi zitholakale kunoma yimuphi umsebenzisi, abathuthukisi besofthiwe abazimele, kanye nemiphakathi yemithombo evulekile. Ikakhulukazi, abathuthukisi be-software bangalinganisa imikhiqizo yabo besebenzisa isisekelo esisodwa, esifakazelwe sazo zonke izinhlelo zabo zokusebenza ezifakwe esitsheni, okuhlanganisa . Izinkampani zokuthuthukisa ezisebenzisa i-UBI futhi ziyakwazi ukufinyelela Isitifiketi Se-Red Hat Container kanye ne-Red Hat OpenShift Operator Certification, yona evumela ukuqinisekiswa okuqhubekayo kwesofthiwe esebenza ezisekelweni ze-Red Hat njenge-OpenShift.
Ungaqala kanjani ukusebenza ngesithombe
Ngamafuphi, ilula kakhulu. I-Podman ayitholakali ku-RHEL kuphela, kodwa futhi naku-Fedora, CentOS kanye nokunye okusatshalaliswa kweLinux okuningana. Okufanele ukwenze ukulanda isithombe kwenye yamakhosombe alandelayo futhi usulungele ukuhamba.
Nge-UBI 8:
podman pull registry.access.redhat.com/ubi8/ubi
podman pull registry.access.redhat.com/ubi8/ubi-minimal
podman pull registry.access.redhat.com/ubi8/ubi-init
Nge-UBI 7:
podman pull registry.access.redhat.com/ubi7/ubi
podman pull registry.access.redhat.com/ubi7/ubi-minimal
podman pull registry.access.redhat.com/ubi7/ubi-init
Nokho, hlola umhlahlandlela ogcwele we-Universal Base Image
Source: www.habr.com