![Podmanlogo](Pictures/podman-logo.png)

# Managing container images

In the previous section of this workshop we've seen how to run container images pulled from different registries but, what if I want to create a container image for my own application? No worries, podman has your back.

Podman can be used for building your own container images and push them to a container registry. In order to do it you need to first build a file called "Containerfile" and then used the "podman build" command to create your image out of the content of the Containerfile.

Lets see an example.

## Creating a new container image

Lets begin by creating a new Container file with the definition of our container image:

In [None]:
%login student491@16.31.86.187

In [None]:
echo -e "FROM docker.io/redhat/ubi9\nRUN dnf -y update && dnf -y install httpd  && dnf clean all\nCOPY index.html /var/www/html/index.html\nEXPOSE 80\nENTRYPOINT /usr/sbin/httpd -DFOREGROUND" > Containerfile
cat Containerfile

The output of the command is the content of our newly created Containerfile. Let's review it line by line.

First we have specified the "FROM" option, this line is mandatory, you need it to build your container image. With this line we specify the base container image that we will use for our application, in our example we've chosen a redhat/ubi9 image as base for our application. Choosing an image that you can trust is critical to maintain a secure environment, if your base image has vulnerabilities it may affect your application and potentially your whole enviroment. This is why we have chosen a Red Hat Universal Base Image (UBI) image for Red Hat Enterprise Linux 9 (RHEL9).

Red Hat creates UBI images that are analyzed often and gives you information about the vulnerabilities that it may have and how to solve them. There are many options for your UBI images, from the standard RHEL 8 or RHEL 9 to a much more secure micro image and even images for specific types of applications (like http, nodejs, etc). You can find a detailed list of all the CVE's and security status of Red Hat's UBI images in [Red Hat's catalog](https://catalog.redhat.com/software/containers/search).
Also, if you're a Red Hat customer you will have full support for these images. But, if you're not, do not worry as some of this images are also uploaded to docker.io so you can access them and have enterprise grade security in your containers for free.

![redhatcatalog](Pictures/certifiedcontainers.png)

With that we know that our application will be running on top of a trusted and secured container image. Now we need to add our software layer. To do so we added the second line in which we used the "RUN" option to specify the command that needs to be executed to install the required software in our container image. If you don't have any experience with RHEL, we're just using the dnf command to update all packages, install httpd and clean the cache (this last step is used only to have lighter container image).

Once the httpd package is installed we would like to customize the message that our containerized web server will show to the world. For that we used the "COPY" command. This command will copy a file from our local directory into the container that we are building. For our container we are passing a file index.html from our local directory to the directory /var/www/html/ inside the container. We do this because we know that httpd uses that file to define the content to be posted through our web server.
If we want it to work we will need to create the index.html file so it can the be copied inside the container once we build it. Let's do it.

In [None]:
echo "Hello from HPE Dev and Red Hat teams :)" > index.html
cat index.html

You see a message as output from the previous command, that is the message that our web server will be showing.

Next line in our Containerfile is using the "EXPOSE" instruction. The EXPOSE instruction informs Podman that the container listens on the specified network ports at runtime, in our case the port 80.

Last, an ENTRYPOINT allows you to configure the command that your container will run when started, in our case we want it to run the httpd binary to make sure our web server is running.

Next thing we need to do is building our newly created container image and that is quite a simple task. We just need to run the following command:

In [None]:
podman build --tag myhttpd:v1 -f ./Containerfile

As you can see we passed two options to the podman build command. The first one, the tag option, specifies the name and tag of the container, in our case the name is myhttpd and v1 is the tag. Next, we used the "-f" option to specify the Containerfile that we want to use for building our container, by default podman build would take any file called Containerfile in the current directory but it's a best practice to use the "-f" option to make sure we use the correct file.

Our container image is now stored locally in our server and we can see it by running the following command:

In [None]:
podman images

Our brand new container image is listed in the repository localhost/myhttpd and the tag v1 as we specified. Now our image is limited to be used in our local system, if we wanted to use it from other platforms we should upload the image to a container registry by running the command "podman push". We wont be doing this in this workshop, but you can look at all the details on how to use it by running "man podman-push".

As a last step let's run our image and check if it works fine.

In [None]:
podman run -d -p 8080:80 --name myhttpd --rm myhttpd:v1

We called our container "myhttpd" and pay attention to the option "-p". With this option we specified that the port 8080 of our system will be mapped to the port 80 of our container, if you remember correctly we specified in our Containerfile that our application was using the port 80 and now if anything within our network reaches the port 8080 of our RHEL machine it will be redirected to the port 80 of the container.

Lets test it by running a curl command against our local machine and the output should be the text we specified previously in our index.html file:

In [None]:
curl -s localhost:8080

# Cleanup

In [None]:
podman stop --all
podman rm --all
podman rmi localhost/myhttpd:v1
rm ./Containerfile ./index.html

In [None]:
%logout