To fully leverage the capability of containers when developing and running enterprise-quality applications, ensure your environment is supported by tools that allow containers to be:
Created as discrete microservices that can be connected to other containerized, and non-containerized, services. For example, you might want to join your application with a database or attach a monitoring application to it.
Resilient, so if a server crashes or needs to go down for maintenance or to be decommissioned, containers can start on another machine.
Automated to pick up code changes automatically and then start and deploy new versions of themselves.
Scaled up, or replicated, to have more instances serving clients as demand increases and then spun down to fewer instances as demand declines.
Run in different ways, depending on the type of application. For example, one application might run once a month to produce a report and then exit. Another application might need to run constantly and be highly available to clients.
Managed so you can watch the state of your application and react when something goes wrong.
Containers’ widespread acceptance, and the resulting requirements for tools and methods to make them enterprise-ready, resulted in many options for them.
The rest of this section explains options for assets you can create when you build and deploy containerized Kubernetes applications in OKD. It also describes which approaches you might use for different kinds of applications and development requirements.
You can approach application development with containers in many ways, and different approaches might be more appropriate for different situations. To illustrate some of this variety, the series of approaches that is presented starts with developing a single container and ultimately deploys that container as a mission-critical application for a large enterprise. These approaches show different tools, formats, and methods that you can employ with containerized application development. This topic describes:
Building a simple container and storing it in a registry
Creating a Kubernetes manifest and saving it to a Git repository
Making an Operator to share your application with others
You have an idea for an application and you want to containerize it.
First you require a tool for building a container, like buildah or docker, and a file that describes what goes in your container, which is typically a Dockerfile.
Next, you require a location to push the resulting container image so you can pull it to run anywhere you want it to run. This location is a container registry.
Some examples of each of these components are installed by default on most Linux operating systems, except for the Dockerfile, which you provide yourself.
The following diagram displays the process of building and pushing an image:
If you use a computer that runs Fedora as the operating system, the process of creating a containerized application requires the following steps:
Install container build tools: Fedora contains a set of tools that includes podman, buildah, and skopeo that you use to build and manage containers.
Create a Dockerfile to combine base image and software: Information about
building your container goes into a file that is named
Dockerfile. In that
file, you identify the base image you build from, the software packages you
install, and the software you copy into the container. You also identify
parameter values like network ports that you expose outside the container and
volumes that you mount inside the container. Put your Dockerfile and the
software you want to containerize in a directory on your Fedora system.
Run buildah or docker build: Run the
buildah build-using-dockerfile or
docker build command to pull your chosen base image to the local system and
create a container image that is stored locally. You can also build container images
without a Dockerfile by using buildah.
Tag and push to a registry: Add a tag to your new container image that
identifies the location of the registry in which you want to store and share
your container. Then push that image to the registry by running the
podman push or
docker push command.
Pull and run the image: From any system that has a container client tool,
such as podman or docker, run a command that identifies your new image.
For example, run the
podman run <image_name> or
docker run <image_name>
<image_name> is the name of your new container image, which
quay.io/myrepo/myapp:latest. The registry might require credentials
to push and pull images.
For more details on the process of building container images, pushing them to registries, and running them, see Custom image builds with Buildah.
Building and managing containers with buildah, podman, and skopeo results in industry standard container images that include features specifically tuned for deploying containers in OKD or other Kubernetes environments. These tools are daemonless and can run without root privileges, requiring less overhead to run them.
Support for Docker Container Engine as a container runtime is deprecated in Kubernetes 1.20 and will be removed in a future release. However, Docker-produced images will continue to work in your cluster with all runtimes, including CRI-O. For more information, see the Kubernetes blog announcement.
When you ultimately run your containers in OKD, you use the CRI-O container engine. CRI-O runs on every worker and control plane machine in an OKD cluster, but CRI-O is not yet supported as a standalone runtime outside of OKD.
The base image you choose to build your application on contains a set of software that resembles a Linux system to your application. When you build your own image, your software is placed into that file system and sees that file system as though it were looking at its operating system. Choosing this base image has major impact on how secure, efficient and upgradeable your container is in the future.
Red Hat provides a new set of base images referred to as Red Hat Universal Base Images (UBI). These images are based on Red Hat Enterprise Linux and are similar to base images that Red Hat has offered in the past, with one major difference: they are freely redistributable without a Red Hat subscription. As a result, you can build your application on UBI images without having to worry about how they are shared or the need to create different images for different environments.
These UBI images have standard, init, and minimal versions. You can also use the Red Hat Software Collections images as a foundation for applications that rely on specific runtime environments such as Node.js, Perl, or Python. Special versions of some of these runtime base images are referred to as Source-to-Image (S2I) images. With S2I images, you can insert your code into a base image environment that is ready to run that code.
S2I images are available for you to use directly from the OKD web UI by selecting Catalog → Developer Catalog, as shown in the following figure: