Bootable Containers: Immutable OS Images
Key Points
- About a decade ago, containers revolutionized software delivery by encapsulating code, dependencies, and configuration in a single source‑of‑truth file (Dockerfile) and leveraging GitOps/DevOps pipelines for deployment to any environment.
- Despite this progress, the underlying operating system still struggles with challenges like validation, transactional upgrades, drift, maintenance, and versioning that are not as easily standardized.
- The speaker proposes extending the containerization model to the OS itself, introducing “bootable containers” that treat the full OS image as an immutable, atomic unit.
- Bootable containers are built with existing container tools (e.g., Docker, Podman) using a specialized base image that includes both the operating system and its kernel, following the same Dockerfile‑based workflow.
- This approach enables developers to apply familiar container‑native processes to create, test, and deliver entire bootable system images, simplifying OS packaging and deployment.
Sections
- Untitled Section
- Unified Image Build and Deploy - The speaker describes creating a bootc-enabled container image, pushing it to a registry, and then using the bootc utility to deploy that same image across edge devices, virtual machines, or hybrid cloud environments, enabling single‑time builds with automatic updates and rollback capabilities.
- Getting Started with Bootable Containers - The speaker encourages viewers to explore bootable container images on repositories like GitHub and to use Podman's desktop extension for testing and deployment, concluding with a reminder to like the video and subscribe for more developer content.
Full Transcript
# Bootable Containers: Immutable OS Images **Source:** [https://www.youtube.com/watch?v=cBom7aDuy9w](https://www.youtube.com/watch?v=cBom7aDuy9w) **Duration:** 00:06:51 ## Summary - About a decade ago, containers revolutionized software delivery by encapsulating code, dependencies, and configuration in a single source‑of‑truth file (Dockerfile) and leveraging GitOps/DevOps pipelines for deployment to any environment. - Despite this progress, the underlying operating system still struggles with challenges like validation, transactional upgrades, drift, maintenance, and versioning that are not as easily standardized. - The speaker proposes extending the containerization model to the OS itself, introducing “bootable containers” that treat the full OS image as an immutable, atomic unit. - Bootable containers are built with existing container tools (e.g., Docker, Podman) using a specialized base image that includes both the operating system and its kernel, following the same Dockerfile‑based workflow. - This approach enables developers to apply familiar container‑native processes to create, test, and deliver entire bootable system images, simplifying OS packaging and deployment. ## Sections - [00:00:00](https://www.youtube.com/watch?v=cBom7aDuy9w&t=0s) **Untitled Section** - - [00:03:04](https://www.youtube.com/watch?v=cBom7aDuy9w&t=184s) **Unified Image Build and Deploy** - The speaker describes creating a bootc-enabled container image, pushing it to a registry, and then using the bootc utility to deploy that same image across edge devices, virtual machines, or hybrid cloud environments, enabling single‑time builds with automatic updates and rollback capabilities. - [00:06:17](https://www.youtube.com/watch?v=cBom7aDuy9w&t=377s) **Getting Started with Bootable Containers** - The speaker encourages viewers to explore bootable container images on repositories like GitHub and to use Podman's desktop extension for testing and deployment, concluding with a reminder to like the video and subscribe for more developer content. ## Full Transcript
I want to travel back in time with you
just for a second, because about a decade ago,
software went through a fundamental shift.
Containers, which define our applications,
including the code base, its dependencies
and everything else that we have to package up for it to run, pave
the way for a new era of software delivery,
defined by, for example,
a container file or Dockerfile, which is our single source of truth
for what this workload will be.
And then after that, of course, we used
GitOps and DevOps
in order to run pipelines
for authenticating, packaging
and delivering our workload to all types of environments, right?
This could be our Kubernetes cluster,
or maybe it's an on-prem or other type of virtualized environment. But,
as you know, this is the application
delivery and development pipeline up here.
And, when we actually go to the underlying
operating system underneath, well, that's a much bigger challenge
because a lot of this standardization, packaging
and delivering that we created for containers
is still a challenge for the underlying operating system.
You've got different factors such as validation.
So, the testing and validation, where we might
just use a patch-and-pray type of approach
to fix something, can be quite an issue.
To other issues such as transactional ... transactional updates. So,
what do I mean by this? Well, it's having the confidence
to upgrade your Linux system from one version to another.
But there's also other sorts of challenges with the ... with
the operating system, such as drift,
and maintenance of our operating system,
and versioning, for example, which can be quite difficult. Now,
a lot of this has been solved
with containers and containerization processes.
But what if we could extend the learning that we've done there and that industry
standard that we've created from containers
to operating systems themselves?
What I want to introduce you to today is a technology
that's called bootable containers. So,
bootable containers, what they allow us to do
is essentially package up a single atomic
and immutable system image
using uh ... existing container-native workflows
that we;re already used to, such as Podman or Docker.
And in this video, you're going to learn
how specifically this works.
So, like ordinary application containers, you can build bootable containers
by using existing container technologies. For
example, the container file. So,
when we work with this container file,
uh, maybe you'd call it a Dockerfile as well. Um,
what essentially is happening here is we're defining
the intended state of our application, right?
But instead of u ... using, say for example, Fedora
as our base image, we're going to be using a specific base image
that has been built for bootable containers,
which includes the operating system plus the kernel.
Now, the next stage is pretty standard.
We're going to take this container file and build it into an image. Right?
And now this image also includes the operating system, which is great.
And we can take that image, as we're used to,
and send this and push it to our registry of choice.
So we've got this registry right here.
Now, this is pretty standard.
We're used to doing this container and cloud-native process
in order to build applications, to deploy them.
But the big difference here
is that when we have this image,
what we can do is prepare it
to be deployed on uh ... our system of choice. So,
here is this kind of deploy step
where we're going to take our bootc-enabled image,
and we're going to use the bootc utility to deploy it
to a wide variety of different environments. So,
for example, this could be edge
that we would deploy to
or maybe a virtual machine
or say for example, somewhere on the hybrid cloud.
And so, this is really cool right here
that we're able to essentially build
one time and deploy anywhere.
And when we actually have an update to make, what we're going to do
is actually rebuild the image
and push it to the registry. So,
once we have that image up in the registry,
we would essentially pull it down from our system of choice.
And this allows for automatic updates and rollback capabilities
that are similar to an appliance, for example.
Now, for administrators or those who are looking to actually manage the systems,
I want to introduce you to the utility, which is called bootc itself. So,
for managing these operating systems,
this allows us to, for example, do these updates. So,
let's say that we have a new version of our bootc-enabled
image that we push to a registry.
When we actually do an update, we would do a bootc update.
And this could either be done manually, where we would
download and stage this update on reboot,
or perhaps we could do this manually.
And there's other commands that we can use as well
in order to do a rollback to a previous version
in case there's an error when we do this update.
So where do we typically see bootable containers being used? Well,
it's a great question because rather than deploying the OS
and the application separately,
what we're doing actually is deploying them both together. So,
the operating system,
the application and its dependencies,
all as this single immutable and atomic unit.
And this is really helpful for solving a number of problems. Firstly,
configuration drift. So,
we're able to manage that as well as different security concerns.
So let's say that something gets released.
You're able to patch and make these quick security patches to all of your systems
by essentially updating one single unit.
Now, we also see edge devices as a common use case here. So,
edge devices, retail devices, situations
where you're working with different environmental challenges and constraints
like internet access, for example,
as well as, for example, AI
applications where you're dealing
with a carefully curated set of different kernels, drivers,
accelerators and more.
But no matter what you want to deploy, this
open-source project lets you manage entire operating systems
the same way we manage applications,
helping to scale, to automate,
and to make our lives just a little bit easier.
So I encourage you to check out bootable containers
online on repositories such as GitHub, for example, uh ...
but also using the container engine Podman.
So, Podman has on its desktop application
a specific extension that can help you get started
working with bootable container images,
testing them out, and deploying them wherever you deploy your apps. But,
as always, thank you so much for watching!
Please like the video if you learned something today
and subscribe for more developer and engineering content.
I'll see you next time.