New container capabilities in Red Hat Enterprise Linux 8.2

  • Continued support for container-tools:1.0 stable stream
  • New container-tools:2.0 stable stream
  • CRIU added to container-tools:rhel8 stream
  • Udica added to container-tools:rhel8 stream
  • OpenJDK images released as part of Red Hat Universal Base Image
  • Source container images produced for all Red Hat Universal Base Images
  • Container images for Buildah and Skopeo
  • Extension to Red Hat Universal Base Image EULA for partners

Container Tools

Container Tools RHEL 8 Fast Stream (container-tools:rhel8)

  • Initial support for the Container Network Interface (CNI) DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added.
  • Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands
  • The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace.
  • Added podman build — squash-all flag, which squashes all layers (including those of the base image) into one layer.
  • The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman.
  • The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems.
  • Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing — storage-opt ignore_chown_errors.
  • Rootless Podman containers with — privileged set will now mount in all host devices that the user can access.
  • Rootless Podman now supports health checks (#3523).

Udica

The standard SELinux policies provide good general protection by dynamically separating running containers using auto-generated Multi Category Security (MCS) label for each container (see also: What Is SVirt And How Does It Isolate Linux Containers?).

OpenJDK Images Added to Red Hat Universal Base Image

Red Hat Universal Base Images allow users to build and distribute their own applications, on top of enterprise quality bits which are supportable on OpenShift and RHEL. With the release of RHEL 8.2, we are announcing the General Availability of the OpenJDK 8 and OpenJDK 11 Red Hat Universal Base Images, which brings all the benefits of UBI plus setting the baseline for anyone who want to develop Java Applications running inside containers in a secure, stable and tested manner backed by the Red Hat Build of OpenJDK.

Source Container Images

Container images make it extremely convenient to consume software. Consumers can focus on the software they want to run, and container image builders can automate the construction of that software with all of the necessary dependencies. Using a shipping analogy, container images enable us to load at the factory, in a reproducible environment, instead of at the dock with numerous bags, barrels, crates and boxes affected by unpredictable weather.

Container Images for Buildah and Skopeo

Packaging software as container images enables fellow creators to start their work with a bias toward consumption (Life in The Container — When it comes to code, be a consumer). This is true of application dependencies as well as the tools that we use to create our applications. To reduce friction and enable OCI compliant tools in every use case possible, Red Hat is working on working on containerized versions of container tools like Buildah, Skopeo, and eventually Podman (targeted for RHEL 8.3).

Extension to UBI EULA

Application developers in the Red Hat Partner Connect program can now build their container apps from the full set of Red Hat Enterprise Linux (RHEL) user space packages (non-kernel) and redistribute through the container registry of their choice. This nearly triples the number of packages over UBI only.

Conclusion

Containers start with Linux, because you can’t put an application in a container nor run that container without it. Containers at Red Hat start with Red Hat Enterprise Linux, and the latest version of RHEL 8.2 provides a tremendous amount of features which serve as the foundation for OpenShift and beyond.

Original Source:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store