Build and Run Your Own FreeBSD-native Containers with Buildah, Containerfiles and Podman

Introduction

Would you like to run a full Docker-style setup under FreeBSD?

Did you hear it’s not possible? Not production-ready? Or a bit iffy?

Would you like to try anyway?

Building a Container With buildah from Containerfiles

On your host, or newly-created virtual machine:

pkg update
pkg install podman-suite

Create /etc/pf.conf with the following contents. If the network interface is not vtnet0, adjust to the correct interface name:

# Change these to the interface(s) with the default route
v4egress_if = "vtnet0"
v6egress_if = "vtnet0"

nat on $v4egress_if inet from <cni-nat> to any -> ($v4egress_if)
nat on $v6egress_if inet6 from <cni-nat> to !ff00::/8 -> ($v6egress_if)

rdr-anchor "cni-rdr/*"
nat-anchor "cni-rdr/*"
table <cni-nat>

Make sure to enable and start pf:

service pf enable
service pf start

Make sure to enable and start the podman_service service:

service podman_service enable
service podman_service start

Create a working directory, with a base directory inside:

mkdir -p mycontainers/base
cd mycontainers

Start off by adding the Containerfile file, which uses an image pulled from dougrabson/freebsd14.0-minimal.

cd base
nano Containerfile

This still will inform buildah to update the package sources, and install pkg and ca_root_nss, along with setting the entrypoint.

Add to Containerfile:

FROM quay.io/dougrabson/freebsd14.0-minimal
RUN pkg update -f
RUN pkg install -y pkg
RUN pkg install -y ca_root_nss
ADD entrypoint.sh /usr/local/bin/entrypoint.sh
ENTRYPOINT "/usr/local/bin/entrypoint.sh"

Create the entrypoint.sh file with executable permissions:

nano entrypoint.sh && chmod +x entrypoint.sh

Add to entrypoint.sh as below. No actual commands are included, because this is a base image:

#!/bin/sh
# echo "micropod base image"

Create the base container, and publish to the localhost repository in one command:

sudo buildah bud -t micropod-base-0.0.1 .
cd ..

When done, verify the base image is there with:

sudo buildah images

Now create an additional container using this one as a base. This elminates steps for pkg updating and makes things faster with additional containers.

Create a minio container. First make a directory, change to it, then create Containerfile and entrypoint.sh as follows:

cd ~mycontainers
mkdir minio; cd minio
nano Containerfile

Add to Containerfile:

FROM localhost/micropod-base-0.0.1
# Set default environment variables
ENV MINIO_USER="admin"
ENV MINIO_PASS="l0ng-c0mpl1c4t3d-p4ssw0rd"

# Install minio
RUN pkg install -y minio

# Set entrypoint
ADD entrypoint.sh /usr/local/bin/entrypoint.sh
ENTRYPOINT "/usr/local/bin/entrypoint.sh"

Create the entrypoint.sh file with executable permissions:

nano entrypoint.sh && chmod +x entrypoint.sh

Add to entrypoint.sh:

#!/bin/sh
MINIO_ROOT_USER="${MINIO_USER}" MINIO_ROOT_PASSWORD="${MINIO_PASS}" MINIO_PROMETHEUS_AUTH_TYPE=public /usr/local/bin/minio --quiet server --address=":9000" --console-address :9001 /var/db/minio

Create the minio container and publish to localhost repository in one command:

sudo buildah bud -t minio-0.0.1 .
cd ..

Persistent Storage

For persistent storage, the container will use a mounted in ZFS dataset.

Create a ZFS dataset for the persistent data, assumes zroot/data is at /mnt/data.

sudo zfs create zroot/data/minio

Running a Container With podman And Variables

Run the container with podman as follows:

sudo podman run -dt \
  --ip=10.88.0.2 \
  --volume "/mnt/data/minio:/var/db/minio:rw" \
  -e MINIO_USER="admin" \
  -e MINIO_PASS="set-your-own-password" \
  -h minio1 \
  minio-0.0.1:latest

Check the container is running with:

sudo podman ps

Minio will be available at 10.88.0.2:9000

If you wish to expose minio to rest of network, run podman with the following options, and minio will be avalable at <host-ip>:9000:

sudo podman run -dt \
  --ip=10.88.0.2 \
  --volume "/mnt/data/minio:/var/db/minio:rw" \
  -e MINIO_USER="admin" \
  -e MINIO_PASS="set-your-own-password" \
  -p 9000:9000 \
  -p 9001:9001 \
  -h minio1 \
  minio-0.0.1:latest

Conclusion

It’s possible to run Docker-style FreeBSD-native, containers on FreeBSD.

More complicated setups for virtual data center environments will be covered in the next blog post.