×

Understanding containers, images, and image streams

Containers, images, and image streams are important concepts to understand when you set out to create and manage containerized software. An image holds a set of software that is ready to run, while a container is a running instance of a container image. An image stream provides a way of storing different versions of the same basic image. Those different versions are represented by different tags on the same image name.

Images

Containers in Red Hat OpenShift Service on AWS are based on OCI- or Docker-formatted container images. An image is a binary that includes all of the requirements for running a single container, as well as metadata describing its needs and capabilities.

You can think of it as a packaging technology. Containers only have access to resources defined in the image unless you give the container additional access when creating it. By deploying the same image in multiple containers across multiple hosts and load balancing between them, Red Hat OpenShift Service on AWS can provide redundancy and horizontal scaling for a service packaged into an image.

You can use the podman or docker CLI directly to build images, but Red Hat OpenShift Service on AWS also supplies builder images that assist with creating new images by adding your code or configuration to existing images.

Because applications develop over time, a single image name can actually refer to many different versions of the same image. Each different image is referred to uniquely by its hash, a long hexadecimal number such as fd44297e2ddb050ec4f…​, which is usually shortened to 12 characters, such as fd44297e2ddb.

You can create and manage container images.

Image registry

An image registry is a content server that can store and serve container images. For example:

registry.redhat.io

A registry contains a collection of one or more image repositories, which contain one or more tagged images. Red Hat provides a registry at registry.redhat.io for subscribers. Red Hat OpenShift Service on AWS can also supply its own OpenShift image registry for managing custom container images.

Image repository

An image repository is a collection of related container images and tags identifying them. For example, the Red Hat OpenShift Service on AWS Jenkins images are in the repository:

docker.io/openshift/jenkins-2-centos7

Image tags

An image tag is a label applied to a container image in a repository that distinguishes a specific image from other images in an image stream. Typically, the tag represents a version number of some sort. For example, here :v3.11.59-2 is the tag:

registry.access.redhat.com/openshift3/jenkins-2-rhel7:v3.11.59-2

You can add additional tags to an image. For example, an image might be assigned the tags :v3.11.59-2 and :latest.

Red Hat OpenShift Service on AWS provides the oc tag command, which is similar to the docker tag command, but operates on image streams instead of directly on images.

Image IDs

An image ID is a SHA (Secure Hash Algorithm) code that can be used to pull an image. A SHA image ID cannot change. A specific SHA identifier always references the exact same container image content. For example:

docker.io/openshift/jenkins-2-centos7@sha256:ab312bda324

Containers

The basic units of Red Hat OpenShift Service on AWS applications are called containers. Linux container technologies are lightweight mechanisms for isolating running processes so that they are limited to interacting with only their designated resources. The word container is defined as a specific running or paused instance of a container image.

Many application instances can be running in containers on a single host without visibility into each others' processes, files, network, and so on. Typically, each container provides a single service, often called a micro-service, such as a web server or a database, though containers can be used for arbitrary workloads.

The Linux kernel has been incorporating capabilities for container technologies for years. The Docker project developed a convenient management interface for Linux containers on a host. More recently, the Open Container Initiative has developed open standards for container formats and container runtimes. Red Hat OpenShift Service on AWS and Kubernetes add the ability to orchestrate OCI- and Docker-formatted containers across multi-host installations.

Though you do not directly interact with container runtimes when using Red Hat OpenShift Service on AWS, understanding their capabilities and terminology is important for understanding their role in Red Hat OpenShift Service on AWS and how your applications function inside of containers.

Tools such as podman can be used to replace docker command-line tools for running and managing containers directly. Using podman, you can experiment with containers separately from Red Hat OpenShift Service on AWS.

Why use imagestreams

An image stream and its associated tags provide an abstraction for referencing container images from within Red Hat OpenShift Service on AWS. The image stream and its tags allow you to see what images are available and ensure that you are using the specific image you need even if the image in the repository changes.

Image streams do not contain actual image data, but present a single virtual view of related images, similar to an image repository.

You can configure builds and deployments to watch an image stream for notifications when new images are added and react by performing a build or deployment, respectively.

For example, if a deployment is using a certain image and a new version of that image is created, a deployment could be automatically performed to pick up the new version of the image.

However, if the image stream tag used by the deployment or build is not updated, then even if the container image in the container image registry is updated, the build or deployment continues using the previous, presumably known good image.

The source images can be stored in any of the following:

  • Red Hat OpenShift Service on AWS’s integrated registry.

  • An external registry, for example registry.redhat.io or quay.io.

  • Other image streams in the Red Hat OpenShift Service on AWS cluster.

When you define an object that references an image stream tag, such as a build or deployment configuration, you point to an image stream tag and not the repository. When you build or deploy your application, Red Hat OpenShift Service on AWS queries the repository using the image stream tag to locate the associated ID of the image and uses that exact image.

The image stream metadata is stored in the etcd instance along with other cluster information.

Using image streams has several significant benefits:

  • You can tag, rollback a tag, and quickly deal with images, without having to re-push using the command line.

  • You can trigger builds and deployments when a new image is pushed to the registry. Also, Red Hat OpenShift Service on AWS has generic triggers for other resources, such as Kubernetes objects.

  • You can mark a tag for periodic re-import. If the source image has changed, that change is picked up and reflected in the image stream, which triggers the build or deployment flow, depending upon the build or deployment configuration.

  • You can share images using fine-grained access control and quickly distribute images across your teams.

  • If the source image changes, the image stream tag still points to a known-good version of the image, ensuring that your application does not break unexpectedly.

  • You can configure security around who can view and use the images through permissions on the image stream objects.

  • Users that lack permission to read or list images on the cluster level can still retrieve the images tagged in a project using image streams.

Image stream tags

An image stream tag is a named pointer to an image in an image stream. An image stream tag is similar to a container image tag.

Image stream images

An image stream image allows you to retrieve a specific container image from a particular image stream where it is tagged. An image stream image is an API resource object that pulls together some metadata about a particular image SHA identifier.

Image stream triggers

An image stream trigger causes a specific action when an image stream tag changes. For example, importing can cause the value of the tag to change, which causes a trigger to fire when there are deployments, builds, or other resources listening for those.

How you can use the Cluster Samples Operator

During the initial startup, the Operator creates the default samples resource to initiate the creation of the image streams and templates. You can use the Cluster Samples Operator to manage the sample image streams and templates stored in the openshift namespace.

As a cluster administrator, you can use the Cluster Samples Operator to:

About templates

A template is a definition of an object to be replicated. You can use templates to build and deploy configurations.

How you can use Ruby on Rails

As a developer, you can use Ruby on Rails to:

  • Write your application:

    • Set up a database.

    • Create a welcome page.

    • Configure your application for Red Hat OpenShift Service on AWS.

    • Store your application in Git.

  • Deploy your application in Red Hat OpenShift Service on AWS:

    • Create the database service.

    • Create the frontend service.

    • Create a route for your application.