Red Hatã§ã½ãªã¥ã¼ã·ã§ã³ã¢ã¼ããã¯ãããã¦ããç°ä¸å¸æ©(@tnk4on)ã§ããä»åã¯Red Hatã®æ°ããæ軽éãªã³ã³ããã¼ã¤ã¡ã¼ã¸ã«ã¤ãã¦ç´¹ä»ãã¾ãã
UBI Microã®ãªãªã¼ã¹
2021å¹´5æ18æ¥ã«Red Hat Enterprise Linux(以ä¸ãRHEL) 8.4ããªãªã¼ã¹ãããã®ã¨åæã«æ°ããRed Hat Universal Base Image (以ä¸ãUBI)ãUBI Microããªãªã¼ã¹ããã¾ããã
- ãªãªã¼ã¹æ å ±ã¯ãã¡ã
RHEL 8.4ã®ãªãªã¼ã¹ã«å ç«ã£ã¦æ稿ãããRed Hatå ¬å¼ããã°è¨äºã«ãUBI Microã«ã¤ãã¦ã®è¨è¼ãããã¾ãã
ä¸è¨ããã°è¨äºããæç²
With RHEL 8.4, we're announcing the Red Hat Universal Base Image (UBI) Micro to help reduce the attack surface, and deliver smaller footprint images of your containerized applications. UBI Micro joins the Standard, Minimal, and Multi-service images to provide the right options for you to build your applications on.
(翻訳)RHEL 8.4 ã§ã¯ãRed Hat Universal Base Image (UBI) Micro ãçºè¡¨ãããæ»æ対象ãæ¸ãããã³ã³ããåãããã¢ããªã±ã¼ã·ã§ã³ã®ããå°ããªãããããªã³ãã®ã¤ã¡ã¼ã¸ãæä¾ãã¾ããUBI Micro 㯠StandardãMinimalãMulti-service ã®åã¤ã¡ã¼ã¸ã«å ãã¦ãã¢ããªã±ã¼ã·ã§ã³ãæ§ç¯ããããã®é©åãªãªãã·ã§ã³ãæä¾ãã¾ãã
UBI Microã¯ãã§ã«å ¬éæ¸ã¿ã®UBI(Standard)ãUBI MinimalãUBI Init(Multi-service)ã«å ãã¦ã4ã¤ç®ã®ç¨®é¡ã®UBIã³ã³ããã¼ã¤ã¡ã¼ã¸ã¨ãªãã¾ãã
ãªãªã¼ã¹çã¤ã¡ã¼ã¸ã®ãã°
以åãããã®UBI Microã®ç´¹ä»ããããã¨æã£ã¦ããã®ã§ãããå®ã¯ãªãªã¼ã¹çã®ubi8-micro:8.4-72
ã¤ã¡ã¼ã¸ã«ãã°ããããä¿®æ£ãå®äºããã¾ã§ä¿çã«ãã¦ãã¾ããã
ãã®ãã°ã¯ã/etc/yum.repos.d
ãã£ã¬ã¯ããªã«Red Hat社å
åãã®URLãå«ã¾ãã*.repo
ãã¡ã¤ã«ãå«ã¾ãã¦ããããããã®ãã¡ã¤ã«ãåãé¤ããªãã¨dnf
ã³ãã³ãã使ããªãã¨ããå
容ã§ããã詳細ãªå
容ã«ã¤ãã¦ã¯ä¸è¨Bugzilla IDã®ã³ã¡ã³ãã§ç¢ºèªãããã¨ãã§ãã¾ãã
ããããUBI Microã使ãå ´åã¯ubi-micro:8.4-84
以éãã使ããã ããã
ï¼åèï¼UBIã«ã¤ãã¦
UBIã«ã¤ãã¦ã¯è©³ç´°ãã¾ã¨ã¾ã£ãé»åæ¸ç± Red Hat's Universal Base Image ebookãããã¾ããä¸è¨ã®è¨äºã§ã¯é»åæ¸ç±ã«ã¤ãã¦ã®ç´¹ä»ã¨ç¿»è¨³ããç®æ¬¡ãæ²è¼ãã¦ãã¾ãã
UBI Microã¨ã¯
UBI Microã¯ããã¾ã§ã«å ¬éããã¦ããUBIã®ä¸ã§æ軽éãµã¤ãºã®ã³ã³ããã¤ã¡ã¼ã¸ã«ãªãã¾ããUBI Microã®è©³ç´°ã¯Red Hatã®èªå®ã³ã³ããã¼ã«ã¿ãã°ãã¼ã¸ãã確èªã§ãã¾ãã
ä¸è¨ã«ã¿ãã°ãã¼ã¸ããæç²
Universal Base Image Micro (UBI Micro) is a stripped down image that uses the package manager on the underlying host to install packages, typically using Buildah, or Multi-stage builds with Podman.
(翻訳)Universal Base Image Micro (UBI Micro)ã¯ãåºç¤ã¨ãªããã¹ãä¸ã®ããã±ã¼ã¸ããã¼ã¸ã£ã¼ã使ç¨ãã¦ããã±ã¼ã¸ãã¤ã³ã¹ãã¼ã«ããã¹ããªãããã¦ã³ãããã¤ã¡ã¼ã¸ã§ãé常ã¯Buildahãã¾ãã¯Podmanã使ç¨ãããã«ãã¹ãã¼ã¸ãã«ãã使ç¨ãã¾ãã
UBIã«ã¯RHEL 7ããã¼ã¹ã«ããUBI 7ã¨RHEL 8ããã¼ã¹ã«ããUBI 8ãããã¾ãããUBI Microã¯UBI 8ã®ã¿ã«ãªãã¾ãã
UBI 8ã®ã¤ã¡ã¼ã¸ä¸è¦§
å ¬éæ¸ã¿ã®UBI 8ã¨ä¸¦ã¹ã¦ã¿ãã¨UBI Microã®ãµã¤ãºã®å°ãããå°ããããããããã¾ãã
UBI 8ã®ç¨®é¡ | ã¤ã¡ã¼ã¸å | ãµã¤ãº |
---|---|---|
Red Hat Universal Base Image 8 | ubi8/ubi | 79.5 MB (215.2 MB uncompressed) |
Red Hat Universal Base Image 8 Minimal | ubi8/ubi-minimal | 37.7 MB (98.2 MB uncompressed) |
Red Hat Universal Base Image 8 Init | ubi8/ubi-init | 85.3 MB (235.2 MB uncompressed) |
Red Hat Universal Base Image 8 Micro âð | ubi8/ubi-micro | 12.9 MB (35.0 MB uncompressed) |
UBI Microãã³ã³ããã®ãã¼ã¹ã¤ã¡ã¼ã¸ä½¿ç¨ãããã¨ã§UBI Minimalããããã«ãµã¤ãºãæããã³ã³ããã¤ã¡ã¼ã¸ã®ä½æãå¯è½ã§ãã
DistrolessãªUBI Microã®ç¹å¾´
UBI Microã«ã¯UBI/UBI Minimal/Initã«ãããããªããã±ã¼ã¸ããã¼ã¸ã£ã¼ï¼dnf/microdnfï¼ãããã¾ãããããã±ã¼ã¸ããã¼ã¸ã£ã¼ã¨é¢é£ããä¾åé¢ä¿ãé¤å¤ãããã¨ã§ãµã¤ãºãæãããã¨ãã§ãã¦ãã¾ãããã®ããã«ãã£ã¹ããªãã¥ã¼ã·ã§ã³ã®ããã±ã¼ã¸ç®¡çãã¼ã«ã使ç¨ããã«ã³ã³ããã¤ã¡ã¼ã¸ãæ§ç¯ããã®ã¯Distrolessã¨ãå¼ã°ãã¾ã*1ãUBI Microã¯ãã¹ãOSã®dnf
ã³ãã³ãã使ã£ã¦ããã±ã¼ã¸ã®è¿½å ãè¡ãã¾ãï¼è©³ç´°ã¯å¾è¿°ï¼ãUBI Microã¯ä»ã®UBIã¤ã¡ã¼ã¸ã¨åæ§ã®å質ãä¿ã¡ãªãããµã¤ãºãæå°åãããå ´åã«æå¹ã§ããã³ã³ããã®ãµã¤ãºãå°ãããªãã¨ããã¨ã¯æªæã®ããæ»æè
ããæ»æç¯å²ãæ¸ãããã¨ã«ããªãã»ãã¥ãªãã£é¢ã§ãæå©ã§ãã
UBI Microã使ã£ã¦ã¿ã
UBI Microã¯ããã¾ã§ã®UBIã¨åæ§ã®æ¹æ³ã§ã³ã³ããã®æä½ãå¯è½ã§ããUBI Microã®ã¤ã¡ã¼ã¸åå¾ã¯Red Hatã®ãµã¤ãã ãã§ãªãDocker Hubãããå¯è½ã§ãã
# podman pull registry.access.redhat.com/ubi8/ubi-micro # podman images --filter label=name=ubi8/ubi-micro REPOSITORY TAG IMAGE ID CREATED SIZE registry.access.redhat.com/ubi8/ubi-micro latest c5ba898d3645 2 weeks ago 38.9 MB # podman run --rm -it ubi-micro sh-4.4# sh-4.4# dnf;microdnf sh: dnf: command not found sh: microdnf: command not found
UBI Microä¸ã®ã·ã§ã«ã«å
¥ããã¨ã¯ã§ãã¾ãããdnf
ãmicrodnf
ãªã©ã®ããã±ã¼ã¸ããã¼ã¸ã£ã¼ã¯åå¨ããªããã¨ã確èªã§ãã¾ã
UBI Microã«ããã±ã¼ã¸ã追å ãã
UBI Microã«ããã±ã¼ã¸ã追å ããã«ã¯Buildahã使ç¨ãã¾ããäºåã«Buildahã¾ãã¯Container Toolsã¢ã¸ã¥ã¼ã«ãã¤ã³ã¹ãã¼ã«ãã¦ããã¦ãã ããã æé ã«ã¤ãã¦ã¯RHEL 8ã®ããã¥ã¡ã³ãã«è¨è¼ãããã¾ããä¸è¨ãåèã«ãã¦ãã ããã
ä¸è¨ã®ä¾ã§ã¯UBI Microã«python39
ã追å ãã¾ãããªãä¸è¨ä¾ã§å®è¡ã¯rootã¢ã¼ãã§è¡ã£ã¦ãã¾ãããã«ã¼ãã¬ã¹ã¢ã¼ãã§å®è¡ããå ´åã¯äºåã«buildah unshare
ãå®è¡ãã¦åå空éã«å
¥ã£ã¦ããä½æ¥ãã¦ãã ããã
ã¾ãããã¹ãOSã«RHEL(ã¾ãã¯CentOS Stream)ãå¿
è¦ã§ã*2ã
# containername=ubi-micro-python # microcontainer=$(buildah from --name ${containername} registry.access.redhat.com/ubi8/ubi-micro) # micromount=$(buildah mount ${microcontainer}) # dnf install \ > --installroot ${micromount} \ > --releasever 8 \ > --setopt install_weak_deps=false \ > --nodocs -y \ > python39 # dnf clean all \ --installroot ${micromount} # buildah umount ${microcontainer} # buildah commit ${microcontainer} ${containername} # buildah rm ${containername}
ãã«ãå¾ã®ã¤ã¡ã¼ã¸ã®ç¢ºèª
# podman images --filter label=name="ubi8/ubi-micro" REPOSITORY TAG IMAGE ID CREATED SIZE localhost/ubi-micro-python latest 82921a06b57c 9 minutes ago 104 MB registry.access.redhat.com/ubi8/ubi-micro latest c5ba898d3645 2 weeks ago 38.9 MB # podman run --rm ubi-micro-python python --version Python 3.9.2
ããã¾ã§ã®UBIã¤ã¡ã¼ã¸ã¨åæ§ã«ãã¼ã¹ã¤ã¡ã¼ã¸ä¸ã«ããã±ã¼ã¸ã®è¿½å ãè¡ããã¨ãã§ãã¾ããããã ããæå°éã®ããã±ã¼ã¸è¿½å ã«ãé¢ãããããã±ã¼ã¸èªä½ã®ä¾åé¢ä¿ã«ããå¤æ°ã®ããã±ã¼ã¸ã追å ãããã®ã§ã©ããã¦ãåºæ¥ä¸ãã£ãã¤ã¡ã¼ã¸ã®ãµã¤ãºã¯å ã®ãµã¤ãºã«æ¯ã¹ãã¨è¨ããã§ãã¾ãã¾ã*3ã UBI Microã®ãµã¤ãºã®å°ãããçããå ´åã¯æ¥µåããã±ã¼ã¸ã®è¿½å ãè¡ããªããããªã·ã³ã°ã«ãã¤ããªãå®è¡ãããããªç¨éã«åãã¦ããã¨èãããã¾ãã 次ã®ãã«ãã¹ãã¼ã¸ãã«ãã®ä¾ã§ã¯Goã®ã·ã³ãã«ãªãã¤ããªã追å ãã¦ã³ã³ããã¤ã¡ã¼ã¸ãä½æãã¦ã¿ã¾ãã
UBI Microã使ã£ããã«ãã¹ãã¼ã¸ãã«ã
ãã«ãã¹ãã¼ã¸ãã«ããç¨ãã¦ãã«ãæ¸ã¿ã®ã·ã³ã°ã«ãã¤ããªãUBI Microã«ã³ãã¼ãããã¨ã§ãµã¤ãºã®å¢å ãæããã³ã³ããã¤ã¡ã¼ã¸ã®ä½æãå¯è½ã§ãããã«ãã¹ãã¼ã¸ãã«ãã§ã¯ContainerfileãDockerfileï¼ä»¥ä¸ãContainerfileï¼ã使ç¨ããé常æé ã§ã®ãã«ããå¯è½ã§ãã
ä»åã¯Goã§æ¸ããå®è¡ããã¨ãHello,World!ãè¿ãã·ã³ãã«ãªã¢ããªã使ãã¾ãããªããPodmanã使ã£ãGoã®ãµã³ãã«ãã¤ããªã®ãã«ãæ¹æ³ã«ã¤ãã¦ã¯ä¸è¨ã®è¨äºãåç §ãã ããã zenn.dev
Containerfileã¯ä¸è¨ã使ç¨ãã¾ã
FROM docker.io/library/golang as go-build ENV APP_ROOT /go/src WORKDIR ${APP_ROOT} COPY ./hello.go . RUN go mod init hello && go build FROM registry.access.redhat.com/ubi8/ubi-micro COPY --from=go-build /go/src/hello /usr/local/bin/ CMD ["hello"]
Buildahï¼ã¾ãã¯Podmanï¼ã使ç¨ãã¦ãã«ããã¾ã
# ls Containerfile hello.go Containerfile hello.go # buildah bud -t ubi-micro-hello-world . # podman run --rm ubi-micro-hello-world Hello, World! # podman images --filter label=name=ubi8/ubi-micro REPOSITORY TAG IMAGE ID CREATED SIZE localhost/ubi-micro-hello-world latest 56fcfe57af0e 6 minutes ago 40.7 MB localhost/ubi-micro-python latest 3bb4998a2f2c 29 minutes ago 104 MB registry.access.redhat.com/ubi8/ubi-micro latest c5ba898d3645 2 weeks ago 38.9 MB
ãã®ããã«åºæ¥ä¸ãã£ãubi-micro-hello-world
ã¨ããååã®ã³ã³ããã¤ã¡ã¼ã¸ã¯å
ã®ã¤ã¡ã¼ã¸ã¨ã»ã¼å¤ãããªããµã¤ãºã«æãããã¦ãã¾ãã
ã¾ã¨ã
Red Hatã®æ°ãã軽éãªã³ã³ãããã¼ã¹ã¤ã¡ã¼ã¸ã§ããUBI Microã«ã¤ãã¦ç´¹ä»ãã¾ãããããã±ã¼ã¸ããã¼ã¸ã£ãæè¼ããã¦ããªãDistrolessãªã¤ã¡ã¼ã¸ã§ãµã¤ãºãå°ããã ãã§ãªãã»ãã¥ãªãã£é¢ã§ãæå©ãªã¤ã¡ã¼ã¸ã¨ãªã£ã¦ãã¾ããããã±ã¼ã¸ã追å ããå ´åã¯ãã¹ãOSã®dnf
ã³ãã³ãã使ç¨ãããªã©ããã¾ã§ã®UBIã¨ã¯è¥å¹²ä½¿ãæ¹ãç°ãªãç¹ã注æã§ããã¾ãå¾æ¥éãã®Containerfileã使ã£ããã«ãã¹ãã¼ã¸ãã«ããå¯è½ã§ãã·ã³ã°ã«ãã¤ããªãé
ç½®ãããããªã¤ã¡ã¼ã¸ã§ããã°ååã«å
ã®ãµã¤ãºãä¿ã£ãå°ããªã³ã³ããã¤ã¡ã¼ã¸ãä½æãããã¨ãå¯è½ã§ãã
UBI/UBI Minimal/UBI Init/UBI Microã¨å¤å½©ãªç¨®é¡ã®ã¤ã¡ã¼ã¸ãæã£ããã¨ã§UBIã使ã£ãã³ã³ããã¤ã¡ã¼ã¸ä½æã®å¹
ãåºããã¾ãããUBIã¯ç¡æã§ä½¿ç¨ãé
å¸å¯è½(ä¸é¨å¶éãã)ãå¯è½ã¨ãªã£ã¦ãã¾ãã®ã§æ¯éUBIãæ´»ç¨ããã³ã³ããã¤ã¡ã¼ã¸ã®ä½æã«åãçµãã§ã¿ã¦ãã ããã
ãªã³ã¯
- RHEL 8.4 brings continuous stability plus innovation
- RHBA-2021:1999 - Bug Fix Advisory - Red Hat ã«ã¹ã¿ãã¼ãã¼ã¿ã«
- Universal Base Images (UBI): ã¤ã¡ã¼ã¸ããªãã¸ããªã¼ãããã±ã¼ã¸ãããã³ã½ã¼ã¹ã³ã¼ã - Red Hat Customer Portal
- 1966837 â ubi8-micro image includes internal compose repo configurations
ubi-micro:8.4-84
- Red Hat's Universal Base Image ebook
- ï¼é»åæ¸ç±ï¼Red Hat's Universal Base Image ebookã®ç´¹ä»ãUBIã - 赤帽ã¨ã³ã¸ãã¢ããã°
- Introduction to Red Hat's UBI Micro
- Red Hat Brings Red Hat Universal Base Image to Docker Hub
- 2.8. UBI ãã¤ã¯ãã¤ã¡ã¼ã¸ã®ä½¿ç¨ Red Hat Enterprise Linux 8 | Red Hat Customer Portal
- ãPodmanãGoã®ãã«ããã³ã³ããå ã§å®è¡ãã
*1:UBI Microãç´¹ä»ããRed Hatã®ããã°è¨äºã§ãåæ§ã®è¨è¼ãã â https://www.redhat.com/ja/blog/introduction-ubi-micro
*2:Fedoraã®dnfã§ã¯ /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release ãåå¾ã§ããã¨ã©ã¼
*3:UBI Minimalã«åæ§ã«è¿½å ããå ´åã¯151MBã»ã©ãªã®ã§ååã«å°ãããµã¤ãºã¨ãè¨ãã