Sometimes you must create your own Podman images. Building your own Podman images allows for greater customization, control, consistency, and organizational efficiency compared to using only public images. The investment upfront can pay dividends in the long run through improved security, consistency, and maintainability of your container infrastructure.
Customization – By building your own images, you can configure them to your exact requirements, installing only the necessary packages and configurations. This allows you to create lean, optimized images that are tailored to your specific use cases.
Control and security – When you build your own images, you have full control over the contents and can ensure they meet your security standards. This is especially important for mission-critical applications, as you can vet the components and configurations.
Consistency and maintainability – Using your own custom images ensures a consistent runtime environment across your deployments. This makes it easier to manage, update, and troubleshoot your containers. You can also rebuild images on a regular cadence to keep them up-to-date with the latest security patches and updates.
Organizational efficiency – Building your own images allows you to standardize your container environments across your organization. This promotes best practices, simplifies management, and enables better collaboration between teams.
To build custom Podman images as a beginner, you can start by creating a Containerfile (standard Dockerfile) that specifies the instructions for building your image. Within this file, you define the base image, install necessary packages, configure settings, and set up your application. Once your Containerfile is ready, you can use the podman build command to build the image based on the instructions in the file.
This process involves pulling in the necessary dependencies, executing the commands specified in the Containerfile, and creating a new image.
After the build is complete, you can run containers based on your custom image using the podman run command, allowing you to test and deploy your applications in a controlled environment. Experimenting with different configurations and gradually refining your Containerfile will help you gain proficiency in building custom Podman images tailored to your specific needs.
FROM docker.io/library/debian:latest
USER root
RUN apt update && apt full-upgrade -y && \
apt install vim sudo -y && \
useradd -m tmolnar -G sudo -s /bin/bash
USER tmolnar
You can build an image from the above Containerfile with the podman image build command as you see it below:
podman image build . --tag tomdeb
It will create a new image locally that is tagged as tomdeb.
podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/tomdeb latest c28ddc0b1e4e 4 minutes ago 190 MB
docker.io/library/debian latest d2a2c1ada45a 2 days ago 121 MB
After the successful build of the image you can start a container and test it yourself:
podman run -it --rm tomdeb
tmolnar@06fc61055ce3:/$ whoami
tmolnar
tmolnar@06fc61055ce3:/$ echo $SHELL
/bin/bash
tmolnar@06fc61055ce3:/$ id
uid=1000(tmolnar) gid=1000(tmolnar) groups=1000(tmolnar),27(sudo)
The container’s user is tmolnar, the default shell is /bin/bash and it is in the sudo group, as you wanted it with your new build.
It is worth to mention here the size of the image. As containerization focuses on small, compact and sharable applications it should be in your focus too.
The intricacies of the image file system extend far beyond the scope of this course. However, at a fundamental level, each keyword in a Containerfile, such as RUN or USER, corresponds to a new layer in the file, contributing additional size.
With this basic knowledge you can create custom images for your environment.
If you want to discuss the topic with other technology-minded people, join my Discord: https://discord.gg/YbSYGsQYES
Now we have an IRC channel as well: irc.libera.chat / #tomsitcafe
Tom's IT Cafe 