While Docker Inc and its eponymous container engine helped to create the modern container approach, Red Hat has multiple efforts of its own it is now actively developing.
The core component for containers is the runtime engine, and for Docker this is the Docker Engine, which is now based on the Docker-led containerd project hosted at the Cloud Native Computing Foundation (CNCF). Red Hat has built its own container engine called CRI-O, which hit its 1.0 release back in October 2017.
For building images, Red Hat has a project called Buildah, which reached its 1.0 milestone on June 6.
“Buildah is part of a larger ecosystem of tools that Red Hat is investing in,” Scott McCarty, principal technology product manager, Linux containers at Red Hat, told ServerWatch.
Red Hat Also Working on Skopeo and Podman Projects
McCarty said that in addition to Buildah for building images, Red Hat is working on the Skopeo project for moving containers around. While CRI-O is a runtime for containers running under Kubernetes, Red Hat is also working on the Podman project for humans to run containers outside of Kubernetes.
“Within this set of tools, Buildah would be used to build your images, Skopeo would be used to sign them and push them to a registry server to share with others,” McCarty said. “Then, users could run them with Podman, or they could be scheduled to run within Kubernetes under CRI-O.”
McCarty commented that the approach of building a set of small, secure, daemonless utilities enables users to implement security policies within their existing build systems or within sophisticated new CI/CD systems, how they want. He added that Buildah can build tiny images with a smaller attack surface and Skopeo helps to show that all images are signed after the build process is completed.
“The power is in their ability to be integrated into existing systems, without buying into an integrated system like Notary, which requires the complete Docker ecosystem to effectively use,” McCarty said. “Buildah, and for that matter skopeo, also have built-in support for simple signing, which allows users to specify which images/registries they trust.”
Sean Michael Kerner is a senior editor at ServerWatch and InternetNews.com. Follow him on Twitter @TechJournalist.