Building multi-platform container images using Podman on Oracle Linux
Introduction
This demo shows the creation of a multi-platform container image using Podman on Oracle Linux 8 or later.
Objectives
In this lab, you’ll:
- Configure Podman for remote connectivity
- Connect to a remote Podman instance
- Build platform-specific images from a single Containerfile
- Push platform-specific images to the Oracle Cloud Infrastructure Registry (OCIR)
- Create a manifest list that includes both platform-specfic images
- Push the manifest list to OCIR
- Inspect the OCIR hosted manifest list to see the available platforms.
- Pull and run the image
What Do You Need?
- An Oracle Cloud Infrastructure tenancy
- An x86_64 system with Oracle Linux 8 or later installed
- An aarch_64 system with Oracle Cloud Developer installed
Deploy an x86_64
-based Podman Server
-
Launch either an Intel or AMD based compute instance running Oracle Linux 8.
Note: Ensure the instance is connected to a public subnet and has an IPv4 address assigned.
This step supports using the Always Free Tier eligible VM.Standard.E2.Micro shapes.
-
Once the server is running, login to the instance.
ssh -i <SSH_KEY> opc@<IP_ADDRESS_OF_PODMAN_SERVER_INSTANCE>
Where:
<SSH_KEY>
is the SSH key you configured when provisiong the instance. Example:~/.ssh/id_rsa
<IP_ADDRESS_OF_PODMAN_SERVER_INSTANCE>
is the IP address of the Oracle Linux 8 instance.
Note: No additional ingress ports need to be configured as the Podman Server only requires SSH access.
Install and configure Podman for remote access
Run the following commands as the opc
user.
-
Update the system with all the latest security fixes and errata.
sudo dnf -y update
-
Install the
ol8
stream of thecontainer-tools
module, which contains the latest versions ofpodman
,buildah
,skopeo
,runc
,crun
andconmon
as well their dependencies includingcontainer-selinux
all built and tested together.sudo dnf -y module install container-tools:ol8
-
Enable the Podman socket.
Systemd will listen on that socket and fire up an instance of Podman whenever a remote client activates it. When the connection closes, SystemD will shut down the Podman instance.
Note: It is possible to configure remote Podman access in rootless mode, but that is beyond the scope of this demo/tutorial.
-
Enable the Podman socket.
sudo systemctl enable --now podman.socket
-
Verify the path for the socket.
[opc@instance ~]$ sudo systemctl status podman.socket ● podman.socket - Podman API Socket Loaded: loaded (/usr/lib/systemd/system/podman.socket; enabled; vendor preset: disabled) Active: active (listening) since Wed 2021-07-28 20:32:06 GMT; 11s ago Docs: man:podman-system-service(1) Listen: /run/podman/podman.sock (Stream) CGroup: /system.slice/podman.socket Jul 28 20:32:06 bg-2021-07-28-202004-0 systemd[1]: Listening on Podman API Socket.
That’s it but stay logged on to the Podman Server instance to perform SSH passwordless configuration later in this lab.
Deploy the Oracle Cloud Developer Image on an Oracle Ampere A1 Arm compute instance
Oracle Ampere A1 Compute is a high-performance platform combining Oracle Cloud Infrastructure and Ampere Altra Arm processors. It provides deterministic performance, proven security, and a broad developer ecosystem that includes popular tools and environments (OS, Kubernetes - OKE , SDKs and CLIs).
The Oracle Cloud Developer Image is now listed as a Platform image. It has all the popular developer tools installed, including git, node.js, java and graal, support, etc.
To access the demo web application remotely, you can either add an Ingress Rule to allow inbound traffic on port 5808/tcp
from 0.0.0.0/0
to the security list associated with your public subnet, or use port-forwarding via SSH.
Use Ingress Rules
If you create an ingress rule, you will also need to configure firewalld
on the
instance to allow that port:
-
Add access to port
5808
.sudo firewall-cmd --permanent --add-port=5808/tcp sudo firewall-cmd --reload
-
Confirm the firewall change has been made.
[opc@instance ~]$ sudo firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: enp0s5 sources: services: ssh ports: 5808/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Use SSH port-forwarding
If you plan on using SSH port-forwarding:
-
Login to the instance using the
ssh
-L
option.ssh -L 5808:localhost:5808 -i <SSH_KEY> opc@<IP_ADDRESS_OF_CLOUD_DEV_INSTANCE>
Where:
-L
defines the use of a local port-forward.- The first
5808
is the local port on the ssh client machine used in the tunnel. localhost:5808
is the host and port of the service on the remote machine used in the tunnel.<SSH_KEY>
is the SSH key you configured when provisiong the instance. Example:~/.ssh/id_rsa
<IP_ADDRESS_OF_CLOUD_DEV_INSTANCE>
is the IP address of the Oracle Cloud Developer instance.
Once you’ve connected via SSH to your Oracle Cloud Developer Instance, continue on to the next lab section.
Create a container image for your application and run it locally
In this section, you will clone a demo application from GitHub and create a container to run that application on your two Oracle Cloud Infrastructure instances.
-
Clone the Git repo and create a
Containerfile
.For this tutorial, you will be deploying RasDash, a Node.js based server monitoring web app. To grab the source code, run:
[opc@cloud-developer-instance ~]$ git clone https://github.com/sykeben/RasDash.git Cloning into 'RasDash'... remote: Enumerating objects: 1210, done. remote: Counting objects: 100% (57/57), done. remote: Compressing objects: 100% (41/41), done. remote: Total 1210 (delta 12), reused 51 (delta 8), pack-reused 1153 Receiving objects: 100% (1210/1210), 3.93 MiB | 35.63 MiB/s, done. Resolving deltas: 100% (429/429), done.
-
Change to the
RasDash
directory and create aContainerfile
that will build and serve the web application.$ cd ~/RasDash $ cat << EOF > Containerfile FROM ghcr.io/oracle/oraclelinux8-nodejs:14 COPY . /app WORKDIR /app RUN npm install && \ npm test CMD ["/usr/bin/node", "app.js", "service"] EOF
-
Build and run the image on the local instance.
Build the container image locally using
podman
and tag the image with the version of the application and architecture of the platform. This will be useful later when you push each platform image to the Oracle Cloud Infrastructure Registry and when you create a manifest of the two platform images.[opc@cloud-developer-instance ~]$ sudo podman build --format docker --tag rasdash:0.3.4-arm64 . STEP 1: FROM ghcr.io/oracle/oraclelinux8-nodejs:14 Getting image source signatures Copying blob c3b8d81686e4 done Copying blob e8c01484bb98 done Copying blob a21bf021f718 done Copying config a15b4b1174 done Writing manifest to image destination Storing signatures STEP 2: COPY . /app --> 16d95c778fe STEP 3: WORKDIR /app --> 41fb2afcef7 STEP 4: RUN npm install && npm test added 60 packages from 43 contributors and audited 60 packages in 1.733s found 2 moderate severity vulnerabilities run `npm audit fix` to fix them, or `npm audit` for details > RasDash@0.3.4 test /app > node test.js [STATE] Spawning server process... [INFO ] Server process spawned. [INFO ] Configuring server events... [INFO ] Prepping to test... [INFO ] Waiting 3 seconds for server to come online. [INFO ] Testing server... [DATA ] Online: OK [DATA ] Main Dash: OK [DATA ] About Page: OK [DATA ] CPU Temp: OK [DATA ] RAM Usage: OK [STATE] RESULTS: Everything seems to be OK. [STATE] Finishing up... [STATE] Server exited with code 0. --> 353146e7004 STEP 5: CMD ["/usr/bin/node", "app.js", "service"] STEP 6: COMMIT rasdash:0.3.4-arm64 --> 228e26a6391 228e26a63911bee998fbd903c6ea959b0e0471b6412ffd279844e3b69beb2b92
The final line will be unique to your build of the application.
-
Run a container using the image.
[opc@cloud-developer-instance ~]$ sudo podman run --rm --init -detach --name rasdash --publish 5808:5808 localhost/rasdash:0.3.4-arm64 072cb1501eff109a02caa6cad7931e650101b20c47365dca3ec07124b203d97c
The digest that is returned by Podman is uniqe to each container instance.
-
View the running container.
[opc@cloud-developer-instance ~]$ sudo podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 072cb1501eff localhost/rasdash:0.3.4-arm64 /usr/bin/node app... 26 seconds ago Up 26 seconds ago 0.0.0.0:5808->5808/tcp rasdash
-
View the logs.
[opc@cloud-developer-instance ~]$ sudo podman logs rasdash [STATE] Starting RasDash in service mode. [INFO ] Initializing API... [INFO ] Configuring API requests... [INFO ] Initializing application... [STATE] API mounted to application. [INFO ] Configuring application requests... [INFO ] Starting server on port 5808... [STATE] Server started.
-
Open a browser on your local machine and navigate to
http://localhost:5808
to view the web application.Note: The CPU temperature metric will display -1 as virtual instances in Oracle Cloud Infrastructure do not have access to any physical hardware data.
Configure passwordless SSH equivalence between your two instances
Podman communicates using SSH between instances for security purposes. For a
more seamless experience, create a public/private key pair on your Cloud
Developer instance and copy that to the Podman Remote server so you can ssh
from the developer instance without being prompted for a password.
-
Generate a public/private keypair on the Oracle Cloud Developer instance.
[opc@cloud-developer-instance]$ ssh-keygen -b 4096 -f ~/.ssh/id_rsa -q -N ""
-
Copy the content from
~/.ssh/id_rsa.pub
on the Oracle Cloud Developer instance.[opc@cloud-developer-instance]$ cat ~/.ssh/id_rsa.pub
Copy the entire contents of the public key shown in the console.
-
Switch to the Podman Server instance and paste the copied content into the
/home/opc/.ssh/authorized_keys
file.Open the file in vi.
[opc@podman-server]$ vi ~/.ssh/authorized_keys
Paste the contents of the public key copied from the console. The save and close the file.
-
While still on the Podman Server instance, ensure the correct file system permissions are applied to the
~/.ssh
directory and the~/.ssh/id_rsa
and~/.ssh/authorized_keys
files.[opc@podman-server]$ chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
-
Switch to the Cloud Developer instance and test if you can
ssh
to the Podman Server as theopc
user without requiring a password.Note: If you have any issues, refer to Generating Pairs of Authentication Keys by Using the ssh-keygen Command and Enabling Remote System Access Without Requiring a Password in the Oracle Linux Connecting to Remote Systems With OpenSSH documentation.
[opc@cloud-developer-instance]$ ssh opc@<IP_ADDRESS_OF_PODMAN_SERVER_INSTANCE>
After you have verified that you can connect without requiring a password, be sure to
exit
thessh
connection between the Oracle Cloud Developer instance to the Podman Server. -
Switch to the Podman Server instance and replace the
/root/.ssh/authorized_keys
file.[opc@podman-server ]$ cat /home/opc/.ssh/authorized_keys | sudo tee /root/.ssh/authorized_keys
-
Switch to the Cloud Developer instance and test if you can
ssh
from theopc
user to theroot
user on the Podman Server.[opc@cloud-developer-instance]$ ssh root@<IP_ADDRESS_OF_PODMAN_SERVER_INSTANCE>
Once you’ve connected via SSH to your Podman Server Instance as root
, continue on to the next lab section.
Create a system connection to the Podman Server
NOTE: Ensure you’re in the terminal of your Oracle Cloud Developer instance.
-
Create a system connection between the Podman client on your Oracle Cloud Developer instance and the Podman service running on your Podman Server.
sudo podman system connection add --identity ~/.ssh/id_rsa amd64 ssh://<podman-server-ip>/run/podman/podman.sock
-
Verify that the connection was added.
[opc@cloud-developer-instance]$ sudo podman system connection list Name Identity URI amd64* /home/opc/.ssh/id_rsa ssh://root@<podman-server-ip>:22/run/podman/podman.sock
The
*
next to the name denotes the default connection if you have multiple connections configured.
Run commands and build your image on the remote Podman Server
NOTE: Ensure you’re in the terminal of your Oracle Cloud Developer instance.
You should now be able to use podman --remote
to send commands to the remote instance.
-
Test by getting the details of your Podman Server.
[opc@cloud-developer-instance]$ sudo podman --remote info host: arch: amd64 buildahVersion: 1.19.8 cgroupManager: systemd cgroupVersion: v1 conmon: package: conmon-2.0.26-3.module+el8.4.0+20195+0a4a4953.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.26, commit: 9ef46ac10f1c8cd2ebbb917f962a154ba3956e63' cpus: 2 distribution: distribution: '"ol"' version: "8.4" eventLogger: file hostname: podman-server idMappings: gidmap: null uidmap: null kernel: 5.4.17-2102.202.5.el8uek.x86_64 linkmode: dynamic memFree: 10832736256 memTotal: 15426166784 ociRuntime: name: runc package: runc-1.0.0-73.rc93.module+el8.4.0+20195+0a4a4953.x86_64 path: /usr/bin/runc version: |- runc version spec: 1.0.2-dev go: go1.15.7 libseccomp: 2.5.1 os: linux security: apparmorEnabled: false capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: false seccompEnabled: true selinuxEnabled: true slirp4netns: executable: "" package: "" version: "" swapFree: 4294963200 swapTotal: 4294963200 uptime: 1h 32m 0.74s (Approximately 0.04 days) registries: search: - container-registry.oracle.com - docker.io - registry.fedoraproject.org - quay.io - registry.centos.org store: configFile: /etc/containers/storage.conf containerStore: number: 0 paused: 0 running: 0 stopped: 0 graphDriverName: overlay graphOptions: overlay.mountopt: nodev,metacopy=on graphRoot: /var/lib/containers/storage graphStatus: Backing Filesystem: xfs Native Overlay Diff: "false" Supports d_type: "true" Using metacopy: "true" imageStore: number: 0 runRoot: /run/containers/storage volumePath: /var/lib/containers/storage/volumes version: APIVersion: 3.0.0 Built: 1623414869 BuiltTime: Fri Jun 11 12:34:29 2021 GitCommit: "" GoVersion: go1.15.7 OsArch: linux/amd64 Version: 3.0.2-dev
-
Build your image for
amd64
Podman will copy the entire context to the remote instance automatically.
[opc@cloud-developer-instance]$ cd ~/RasDash [opc@cloud-developer-instance]$ sudo podman --remote build --format docker --tag rasdash:0.3.4-amd64 . STEP 1: FROM ghcr.io/oracle/oraclelinux8-nodejs:14 Getting image source signatures Copying blob sha256:c1561565b5ac157c67cefd0a13039efdc9f249479d51f0b39cbd7f3e1302b57a Copying blob sha256:1da50e1664e1b58d93182fe5af093c642668ec93f67fcd8215b9c1979930b84d Copying blob sha256:792675cb62f795ec1e366691a77b5a8822b192ef92ae7e7ff02239533b643094 Copying config sha256:6fbfa038db26f2191b57226094861be130bda7af13d76b55ef2ec4c10075d316 Writing manifest to image destination Storing signatures STEP 2: COPY . /app --> ef8b6000efb STEP 3: WORKDIR /app --> 64ccb3cebd4 STEP 4: RUN npm install && npm test added 60 packages from 43 contributors and audited 60 packages in 2.487s found 2 moderate severity vulnerabilities run `npm audit fix` to fix them, or `npm audit` for details > RasDash@0.3.4 test /app > node test.js [STATE] Spawning server process... [INFO ] Server process spawned. [INFO ] Configuring server events... [INFO ] Prepping to test... [INFO ] Waiting 3 seconds for server to come online. [INFO ] Testing server... [DATA ] Online: OK [DATA ] Main Dash: OK [DATA ] About Page: OK [DATA ] RAM Usage: OK [DATA ] CPU Temp: OK [STATE] RESULTS: Everything seems to be OK. [STATE] Finishing up... [STATE] Server exited with code 0. --> 96e14ed1988 STEP 5: CMD ["/usr/bin/node", "app.js", "service"] STEP 6: COMMIT rasdash:0.3.4-amd64 --> dbb7ecf05cc dbb7ecf05cc635c13f8f98dcf4b410f05b81a31f368f738906f10b6ea10087ed
-
Verify image exists on the remote Podman Server.
NOTE: Podman does not copy the created image back to the client machine, so if you run
sudo podman images
the image will not be listed. However, it is available on the remote machine.[opc@cloud-developer-instance]$ sudo podman --remote images REPOSITORY TAG IMAGE ID CREATED SIZE localhost/rasdash 0.3.4-amd64 dbb7ecf05cc6 50 seconds ago 193 MB ghcr.io/oracle/oraclelinux8-nodejs 14 6fbfa038db26 4 days ago 181 MB
-
Verify image architecutre
The final method of validating that each image has been built for (and on) a specific platform and architecture, use
jq
to extract the value of theArchitecture
field in the manifest of each image.[opc@cloud-developer-instance]$ sudo podman inspect rasdash:0.3.4-arm64 | jq -r '.[] | .Architecture' arm64
Then check the remote image:
[opc@cloud-developer-instance]$ sudo podman --remote inspect rasdash:0.3.4-amd64 | jq -r '.[] | .Architecture' amd64
Once you have each platform image created, you can move onto the next lab.
Create a Container Registry repository
In the Oracle Cloud Infrastructure Console, navigate to the Container Registry section and create a repository to store your multi-platform application.
For more details, see Creating a Repository in the Oracle Cloud Infrastructure Documentation.
-
Create the
demo/rasdash
repository. -
Review the details of the new repository.
Gather the Container Registry repository credentials
The following table provides example values used in subsequent steps in this lab. The iad
example is the region key for US East (Ashburn) region. If your region is Germany Central (Frankfurt), the region key is fra
. Refer to the Regions and Availability Domains documentation for a complete table listing available region keys.
Registry Data | Lab placeholder | Notes |
---|---|---|
REGISTRY_NAMESPACE | gse00015915 |
Displayed in the repository info panel as “Namespace” |
REPOSITORY_NAME | demo/rasdash |
Displayed under the compartment name |
OCIR_INSTANCE | iad.ocir.io |
Use <region>.ocir.io |
See Pushing Images Using the Docker CLI if needed. This procedure also describes the login process required to push images to Container Registry using the CLI.
-
Get your username.
You need a username and authentication token to login to the container registry. To obtain the username, in the top-right corner of the Oracle Cloud Infrastructure console, open the Profile menu (User menu icon) and then click User Settings to view the details.
Copy and save the username, including the
tenancy-namespace
displayed in the console. -
Generate an Auth Token.
Scroll down the “User Details” page in the console and select Auth Tokens under “Resources”.
Select the “Generate Token” button and provide a description of
demo
for the new token.After you generate the token, be sure to copy and save the token.
Login to the Container Registory repository
The following table provides example values used in subsequent steps in this lab.
Username | Lab placeholder |
---|---|
REGISTRY_NAMESPACE | gse00015915 |
USERNAME | oracleidentitycloudservice/luna.user@e1ab5742-7e30-463a-9017-0b48fa54197e |
TOKEN | ]y#W_iS9GKC}4l1Gq9Fn |
OCIR_INSTANCE | iad.ocir.io |
-
Create environment variables for use in the
podman login
command.Using your username and token, create the
USER
andTOKEN
environment variables. Ensure you include the<REGISTRY_NAMESPACE>
as part of the username.$ export USER="gse00015915/oracleidentitycloudservice/luna.user@e1ab5742-7e30-463a-9017-0b48fa54197e" $ export TOKEN="]y#W_iS9GKC}4l1Gq9Fn"
-
Login to the container registry.
[opc@cloud-developer-instance]$ sudo podman login -u $USER -p $TOKEN iad.ocir.io Login Succeeded!
Note: The remote instance will automatically inherit the auth credentials from the client instance.
Push the platform images
In this example, the final repository URIs with platform-specific tag are:
docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4-arm64
docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4-amd64
Podman can push local images to remote registries without the image needing to be tagged beforehard.
-
Push the local
rasdash/0.3.4-arm64
image.[opc@cloud-developer-instance]$ sudo podman push rasdash:0.3.4-arm64 docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4-arm64 Getting image source signatures Copying blob e2139ee39b4c done Copying blob 654f58d01fac done Copying blob 2f78ee744a8c done Copying blob f4753659db57 done Copying blob 57f6de05e468 done Copying config 228e26a639 done Writing manifest to image destination Storing signatures
-
Push the remote
rasdash:0.3.4-amd64
image.[opc@cloud-developer-instance]$ sudo podman --remote push rasdash:0.3.4-amd64 docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4-amd64
-
Check the Container Registry console.
Note: Pushing a remote image does not generate local output. Check the image was successfully pushed by checking the Container Registry console for the
rasdash:0.3.4-amd64
tag.In the Container Registry console, you should see 2 images -
0.3.4-amd64
and0.3.4-arm64
.
Once you have two images visible under your demo/rasdash
repository, you can
move on to the next lab.
Create and push a manifest list to the Container Registry
Now that you have two platform images, it’s time to create a manifest list to enable container runtimes the ability to select the appropriate image for their platform, which is a combination of the operating system and architecture.
Because most container images are Linux-based, a multi-platform image is often referred to as a multi-arch image, but it’s also possible to combine images that can run on Windows, macoS and Linux into a single manifest.
-
Create and populate the manifest.
On the Cloud Developer Instance, create a local manifest list with just the app version in the tag.
[opc@cloud-developer-instance]$ sudo podman manifest create rasdash:0.3.4 c335c5790c1429318afcdfe8041110c9d664faaabe922d44dbf5aa4cd334fa90
As before, the checksum output is unique to the manifest you create and will not match the one above.
-
Inspect the manifest list to reveal what
mediaType
is being used and its member images.[opc@cloud-developer-instance]$ sudo podman manifest inspect rasdash:0.3.4 { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": null }
-
Add the two platform-specific images to the list.
[opc@cloud-developer-instance]$ sudo podman manifest add rasdash:0.3.4 docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4-arm64 c335c5790c1429318afcdfe8041110c9d664faaabe922d44dbf5aa4cd334fa90
[opc@cloud-developer-instance]$ sudo podman manifest add rasdash:0.3.4 docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4-amd64 c335c5790c1429318afcdfe8041110c9d664faaabe922d44dbf5aa4cd334fa90
-
Inspect the manifest list.
[opc@cloud-developer-instance]$ sudo podman manifest inspect rasdash:0.3.4 { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 1082, "digest": "sha256:4bad046cb63793381b853eb76bdf38e7dbc788a0bb22584ddbb9cf592e392dff", "platform": { "architecture": "arm64", "os": "linux" } }, { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 1082, "digest": "sha256:9ea288587214153dd6cbd6ec3bad38115988db3498c98174b683b52ca9d6eefc", "platform": { "architecture": "amd64", "os": "linux" } } ] }
The output is more interesting now that the images have been added.
For maximum compatibility, you added the
--format docker
parameter to each build command, which instructs Podman to create the image using the Docker Image Manifest V2, Schema 2 (v2s2
) specification instead of the Open Container Initiative Image Manifest Specification which Podman will use by default.Because the manifests are using the
v2s2
specification, Podman uses the associatedv2s2
Manifest List specification instead of the Open Container Initiative Image Index Specification.The default container runtimes used by both cloud-based managed Kubernetes services including Oracle Engine for Kubernetes (OKE) and on-premise self-hosted Kubernetes distributions are compatible with both specifications.
-
Push the manifest list to the Container Registry
Now that you have created the manifest list, you can push it to the same Container Registry repository that’s storing the platform-specific images.
[opc@cloud-developer-instance]$ sudo podman manifest push --all rasdash:0.3.4 docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4 Getting image list signatures Copying 2 of 2 images in list Copying image sha256:4bad046cb63793381b853eb76bdf38e7dbc788a0bb22584ddbb9cf592e392dff (1/2) Getting image source signatures Copying blob 679d2db9c557 skipped: already exists Copying blob 54cd63300179 skipped: already exists Copying blob 4c48cda5b625 skipped: already exists Copying blob 26293fa94781 skipped: already exists Copying blob 94294e75da8d [--------------------------------------] 0.0b / 0.0b Copying config 228e26a639 [====================================] 2.7KiB / 2.7KiB Writing manifest to image destination Storing signatures Copying image sha256:9ea288587214153dd6cbd6ec3bad38115988db3498c98174b683b52ca9d6eefc (2/2) Getting image source signatures Copying blob 77fd2456db0f skipped: already exists Copying blob acb6f7f8e40a skipped: already exists Copying blob 1a77e1609215 skipped: already exists Copying blob c672a6fc89f8 skipped: already exists Copying blob 633f0a770611 [--------------------------------------] 0.0b / 0.0b Copying config dbb7ecf05c [====================================] 2.7KiB / 2.7KiB Writing manifest to image destination Storing signatures Writing manifest list to image destination Storing list signatures
Because you pushed the platform-specific images earlier, this is a very quick operation. The Container Registry just links the manifest list to the existing images.
-
Create and Run the image locally.
You can now run an instance of the image both locally and remotely using the manifest list tag instead of the platform-specific tag.
[opc@cloud-developer-instance]$ sudo podman run --rm --detach --init --publish 5808:5808 docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4 Trying to pull docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4... Getting image source signatures Copying blob 54cd63300179 skipped: already exists Copying blob 94294e75da8d skipped: already exists Copying blob 679d2db9c557 skipped: already exists Copying blob 4c48cda5b625 skipped: already exists Copying blob 26293fa94781 [--------------------------------------] 0.0b / 0.0b Copying config 228e26a639 done Writing manifest to image destination Storing signatures [STATE] Starting RasDash in service mode. [INFO ] Initializing API... [INFO ] Configuring API requests... [INFO ] Initializing application... [STATE] API mounted to application. [INFO ] Configuring application requests... [INFO ] Starting server on port 5808... [STATE] Server started.
-
Create and Run the image remotely.
[opc@cloud-developer-instance]$ sudo podman --remote run --rm --detach --init --publish 5808:5808 docker://iad.ocir.io/gse00015915/demo/rasdash:0.3.4 Trying to pull iad.ocir.io/gse00015915/demo/rasdash:0.3.4... Getting image source signatures Copying blob sha256:77fd2456db0fd579268c16176841e22ba6fc9de7444bf26e0c620748ce3e9b52 Copying blob sha256:633f0a770611d579a5162d320aa01c2ebc2b9816d6f9012603102fdc4ffbc687 Copying blob sha256:acb6f7f8e40aa7c28bdbba3f90b22503316bfd8a040225da4f819b8468586dce Copying blob sha256:1a77e160921552a3be65d8cddb341bfca17a56a3c69af8a5c951ba869c8c5c7f Copying blob sha256:c672a6fc89f8047979e6a569af30e8efad3bdac743c84e4f92d7e80e33b78c08 Copying config sha256:dbb7ecf05cc635c13f8f98dcf4b410f05b81a31f368f738906f10b6ea10087ed Writing manifest to image destination Storing signatures de28d7f7fbd9897a7f4ed17845dcecf7a5e291696bfe6d5603444809267711e7
-
Test images using your browser
If you created the necessary ingress and
firewalld
rules on the instances, you should be able to open your browser and navigate tohttp://arm64-instance-ip:5808
andhttp://amd64-instance-up:5808
to open the RasDash web application running on each instance.Otherwise, you can use SSH port-forwarding as before by creating two tunnels from your local machine.
ssh -L 5808:localhost:5808 -i <SSH_KEY> opc@<IP_ADDRESS_OF_CLOUD_DEV_INSTANCE>
Open a browser on your local machine and navigate to
http://localhost:5808
to view the arm64-based web application on the Cloud Development instance.Exit out of the ssh tunnel session.
ssh -L 5808:localhost:5808 -i <SSH_KEY> opc@<IP_ADDRESS_OF_PODMAN_SERVER_INSTANCE>
Refresh the browser on your local machine pointing to
http://localhost:5808
to view the amd64-based web application on the Podman Server instance.
You can deploy images from both private and public OCIR repositories to Oracle Engine for Kubernetes (OKE). To deploy your image to hosts external to Oracle Cloud Infrastructure, including Docker Desktop for Mac or Windows, the repository must be public.
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Building multi-platform container images using Podman on Oracle Linux
F45797-06
February 2024
Copyright © 2021, Oracle and/or its affiliates.