Presented by

  • Steven Ellis

    Steven Ellis

    Steve's is an Open Source Technology Evangelist in the APAC Office of Technology team at Red Hat. Over the last 25+ years he started work as a developer before transitioning to an infrastructure and operations architect across a broad range of Unix and Linux technologies. For most of that period he’s used Open Source technologies to solve business problems. His current role means he gets to help customers across APAC understand some of the latest Open Source tools and technologies, with a focus on Kubernetes and containers. In his spare time he still hacks on the MythTV project and debugs Open Source on random bits of hardware that really should know better.


We’re seen a seismic shift in recent years from long lived compute environments to ephemeral short term workloads, be they cloud based virtual machines or containerised instances. This changes not only how we provision and deploy workloads, but also our approaches for applying updates and security patches. This session will look at two different approaches for creating our standard images. - ImageBuilder for our traditional Linux Images - Buildah for our container images. ImageBuilder, based on the osbuild-composer project, allows you to create custom Linux system images in a variety of formats, and is compatible with a broad range of Cloud and Virtualization platforms. Today it can also be used to define specialized images designed for deployment on edge devices. Buildah <> aims to be a drop-in replacement for the “docker build” process for container creation, whilst exposing a smaller attack surface and can support rootless builds. It creates OCI compatible container images We’ll look at the strengths and weaknesses of these two tools and how they compare with alternatives, some steps for maintaining secure images, and looking into their roadmaps.