Containers are a lightweight version of the user space of the Linux operating system - in fact, this is the bare minimum. Nevertheless, it is still a full-fledged operating system, and therefore the quality of this container itself is as important as a full-fledged operating system. This is why we have been offering Red Hat Enterprise Linux (RHEL) images
for a long time, so that users can have certified, modern and current enterprise-level containers. . Launch container images
(container images) RHEL on RHEL container hosts provide compatibility and portability between environments, not to mention the fact that these are already familiar tools. There was, however, one problem. You could not just pass on such an image to someone else, even if it was a customer or partner using Red Hat Enterprise Linux.
But now everything has changed
With the release of the universal Red Hat Universal Base Image (UBI) image, you can now get the familiar reliability, security and high performance of official Red Hat container images, regardless of whether you have a subscription or not. This means that you can build a containerized application on UBI, place it in the register of containers of your choice and share it with the whole world. Red Hat Universal Base Image allows you to build, share, and collaborate on a bundled application in any environment - wherever you want.
Thanks to UBI, it is possible to publish and run your applications in almost any infrastructure. But if you run them on Red Hat platforms, such as Red Hat OpenShift and Red Hat Enterprise Linux, you can get additional benefits (more gold!). And while we have not moved on to a more detailed description of UBI, let us provide a short FAQ, why do we need RHEL Subscription. So, what will happen when you run a UBI image on the RHEL/OpenShift platform?
And now, when the marketing is satisfied, let's talk more about UBI
Reasons to apply UBI
What you should feel to understand that UBI will be useful to you:
- My developers want to use container images that can be distributed and run in any environment
- My team operations wants a supported base image with an enterprise-level life cycle
- My architects want to offer Kubernetes Operator to my customers/end users
- My customers want
not to blow on enterprise-level support for their entire Red Hat environment
- My community wants to share, launch, publish containerized applications literally everywhere
If at least one of the scenarios suits you, then you should definitely pay attention to UBI.
More than just a basic image
UBI is less than a full-fledged OS, but UBI has three important things:
- Set of three basic images (ubi, ubi-minimal, ubi-init)
- Images with ready-made runtimes of various programming languages (nodejs, ruby, python, php, perl, etc.)
- A set of related packages in the YUM repository with the most common dependencies
UBI was created as the basis for cloud - native and web applications being developed and delivered in containers. All content in UBI is a subset of RHEL. All packages in UBI come through RHEL channels and are supported like RHEL when launched on platforms supported by Red Hat, such as OpenShift and RHEL.
Ensuring high-quality container support requires a lot of effort from engineers, security specialists, and other additional resources. It requires not only testing basic images, but also analyzing their behavior on any supported host.
To facilitate upgrading tasks, Red Hat is actively developing and supporting UBI 7, for example, on RHEL 8 hosts and UBI 8 on RHEL 7. This provides users with the necessary flexibility, confidence and peace of mind. For example, platform updates in container images or used hosts. Now all this can be divided into two independent projects.
Three basic images
Minimal - designed for applications with all dependencies (Python, Node.js, .NET, etc.)
- Minimum preset content set
- Without suid executables
- Minimum package manager toolkit (install, update and uninstall)
Platform - for any applications running on RHEL
- OpenSSL unified cryptographic stack
- Full YUM stack
- Included useful basic OS utilities (tar, gzip, vi, etc.)
Multi-Service - makes it easy to start multiple services in one container
- Configured to start systemd at startup
- Ability to enable services at build
Container images with ready-made programming language execution environments
In addition to the basic images that allow you to install support for programming languages, UBIs include pre-assembled images with ready-made execution environments for a number of programming languages. Many developers can simply take an image and start working on the application that they are developing.
With the launch of UBI, Red Hat offers two sets of images - based on RHEL 7 and based on RHEL 8. They are based on, respectively, Red Hat Software Collections (RHEL 7) and Application Streams (RHEL 8). These runtimes are up to date and receive up to four updates per year as standard, so there is always the opportunity to work with the most recent and stable versions.
Here is a list of UBI 7 container images:
Here is a list of container images for UBI 8:
Using ready-made images is really very convenient. Red Hat maintains their relevance and updates them with the release of a new version of RHEL, as well as when CVE updates appear in accordance with the update policy. RHEL image policy
so that you can take one of these images and immediately start working on the application.
But sometimes when creating an application you may suddenly need some kind of additional package. Or, sometimes, to make an application work, you need to update a particular package. That is why UBI images come with a set of RPMs that are available through yum, and which are distributed through a fast and highly available content delivery network (you need a package!). When you run the yum update on your CI/CD at that critical moment of release, you can be sure it will work.
RHEL is the foundation
We do not get tired of repeating that RHEL is the basis of everything. Do you know what teams in Red Hat are working on creating base images? For example, these:
- The engineering and technical team responsible for ensuring that core libraries such as glibc and OpenSSL, as well as language runtimes such as Python and Ruby, provide stable performance and work reliably with workloads when used in containers.
- The product safety team is engaged in timely correction of errors and security issues in libraries and language environments, their performance is assessed using a special index Container Health Index grade .
- The team of product managers and engineers is engaged in adding new features and provide a long product life cycle, which gives confidence in the investments that can be used as a basis.
Red Hat Enterprise Linux acts as a great host and container image, but for many developers it’s important to be able to work with the system in a wide variety of formats, some of which may go beyond the supported use cases for Linux. And here universal UBI images come to the rescue.
Suppose, right now, at this stage, you're just looking for a basic image to start working on a simple, containerized application. Or are you closer to the future and are moving from stand-alone containers running on a container engine to cloud-native stories using building and certifying Operators working on OpenShift. In any case, UBI will provide an excellent basis for this.
Containers include a lightweight version of the user space of the operating system in a new packaging format. The release of UBI images sets a new industry standard for containerized development, with enterprise-class containers becoming available to any users, independent software developers, open source communities. In particular, software developers can standardize their products using a single, proven foundation for all their containerized applications, including Kubernetes Operators
. Developing companies using UBI also have Red Hat Container Certification and Red Hat OpenShift Operator Certification certification, and this in turn allows you to continuously verify software running on Red Hat platforms, such as OpenShift.
How to start working with the image
In short - very simple. Podman is available not only on RHEL, but also on Fedora, CentOS, and several other Linux distributions. All you need to do is unload the image from one of the following repositories, and go ahead.
For Ubi 8:
podman pull registry.access.redhat.com/ubi8/ubi
podman pull registry.access.redhat.com/ubi8/ubi-minimal
podman pull registry.access.redhat.com/ubi8/ubi-init
For Ubi 7:
podman pull registry.access.redhat.com/ubi7/ubi
podman pull registry.access.redhat.com/ubi7/ubi-minimal
podman pull registry.access.redhat.com/ubi7/ubi-init
Well and see the full Universal Base Image Guide