Red Hat SummitChapter 5. Containers
The following chapter contains the most notable changes to containers between RHEL 9 and RHEL 10.
The system connections and farm information stored in the containers.conf file are now read-only
-
The system connections and farm information stored in the
containers.conffile are now read-only. The system connections and farm information will now be stored in thepodman.connections.jsonfile, managed only by Podman. Podman continues to support the old configuration options such as[engine.service_destinations]and the[farms]section. You can still add connections or farms manually if needed; however, it is not possible to delete a connection from thecontainers.conffile with thepodman system connection rmcommand.
The slirp4netns network mode is deprecated
-
The
slirp4netnsnetwork mode is deprecated and will be removed in a future major release of RHEL. Thepastanetwork mode is the default network mode for rootless containers.
The cgroups v1 for rootless containers is deprecated
- The cgroups v1 for rootless containers is deprecated and will be removed in a future major release of RHEL. The cgroups v2 is used by default instead of cgroups v1.
The containernetworking-plugins package and the CNI network stack are no longer supported
The
containernetworking-pluginspackage is removed, and the CNI network stack is no longer supported.-
If you upgrade from the previous RHEL versions to RHEL 10.0 or if you have a fresh installation of RHEL 10.0, the CNI network backend is no longer available. Existing containers that use CNI for networking will no longer function and will need to be removed and recreated. Newly created containers will use the default
netavarknetwork backend. -
If present, the
cnivalue in the containers.conf file for thenetwork_backendoption must be changed tonetavarkor can be unset.
-
If you upgrade from the previous RHEL versions to RHEL 10.0 or if you have a fresh installation of RHEL 10.0, the CNI network backend is no longer available. Existing containers that use CNI for networking will no longer function and will need to be removed and recreated. Newly created containers will use the default
The runc container runtime has been removed
The runc container runtime is removed. The default container runtime is crun. If you upgrade from the previous RHEL versions to RHEL 10.0, you have to run the podman system migrate --new-runtime=crun command to set a new OCI runtime for all containers.
tzdata package is no longer installed by default in the minimal container images
The tzdata package is no longer installed in the registry.access.redhat.com/ubi10-minimal container image. As a consequence, if you migrate your minimal container builds from a previous RHEL release to RHEL 10.0, and you enter the microdnf reinstall tzdata command to reinstall the tzdata package, you get an error message because the tzdata package is no longer installed by default. In this case, enter the microdnf install tzdata command to install tzdata. Without the tzdata package, only the UTC timezone will be available.
composefs filesystem is available as a Technology Preview
The key technologies composefs uses are:
- OverlayFS as the kernel interface
- Enhanced Read-Only File System (EROFS) for a mountable metadata tree
-
The
fs-verityfeature (optional) from the lower filesystem
Key advantages of composefs:
-
Separation between metadata and data.
composefsdoes not store any persistent data. The underlying metadata and data files are stored in a valid lower Linux filesystem such asext4,xfs, and so on. -
Mounting multiple
composefswith a shared storage. - Data files are shared in the page cache to enable multiple container images to share their memory.
-
Support
fs-verityvalidation of the content files.
Running RHEL 7 containers on a RHEL 10 host is not supported
Running RHEL 7 containers on a RHEL 10 host is not supported. For more information, see Red Hat Enterprise Linux Container Compatibility Matrix.
Changed location of the storage.conf file
Beginning with RHEL 10.0, the storage.conf configuration file is located in the /usr/share/containers directory instead of /etc/containers.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}