Finding and Managing Container Images

Developed with
Red Hat


Introduction & Overview
Managing Containers as Services
Review & Lab Session
Start course
1h 46m

This course covers a range of techniques to help you run your own containerized applications using Red Hat. Throughout this course, you will follow along with guided presentations from the Red Hat platform to get a first-hand understanding of how to run containers and manage your workflows using Red Hat.

Learning Objectives

  • Learn the basics of setting up web servers and containers
  • Understand how to find and manage containers
  • Understand how to perform advanced container management
  • Learn how to attach persistent storage to a container
  • Learn how to manage containers as services

Intended Audience

This course is ideal for anyone who wants to learn how to run containers with Red Hat.


To get the most out of this course, you should have a basic understanding of Red Hat and of how containers work.



We are going to continue the learning right now and we are going to be focusing on Finding and Managing Container Images. So, let's go to the terminal immediately and I want to remind you guys that in order for you to have a running container, your container needs an image. The image is the starting point and where these images come from would be registries. Now if you want to find out which registries are eligible for evaluation what you could do is have a look at the file /etc/containers/registries.conf. Now guys what I don't want to do is show you the entire contents of that file because you know what, there's quite a good number of comments. So, what I am doing with this particular command is that I am stripping out all of the lines that begin with a hash so, I am only showing you those configuration directives. So, that is a tomo file and you could see that we have a couple of directives over here. So, here we have a section called

So, over here, here we have an array of those registries that are going to be evaluated when we use the podman command. So, you could see that we are evaluating

If we can't find an image there what we are then going to do is move on to '' and if we can't find it there we're going to go to ''. If your registry makes use of a self-signed certificate or if it doesn't make use of TLS at all what you need to do is name that registry below the block registries.insecure and you could see that this is an empty array. If you don't want to communicate with any registry in particular what you could do is that you could block it. So, below registries.block there's a line that reads registries equals and it's an empty array. So, what you can now do is that you can have a comma separated list of those registries that that you don't trust or the registries that you don't want to pull images from. Now the podman info command is cool because it gives you an overview of how podman is configured on your system.

So, what I have done over there just to show you guys a little bit of a difference is that I have run podman info and I am showing you the 15 lines after the regular expression registries was found.

So, you could see that here we have some information, you can see that it says It is not blocked, it is an insecure registry and you can see the location and all the other properties.

Guys however if you wanted the full output of podman info just run podman info on its own.  

It's going to give you quite a bit of output so, I am going to pipe it out to less.

So, you could see information about the container host, this is using Red Hat Enterprise Linux 8.2 and you could see all the other properties.

Now let's move on, what I want to do is that I want to find an image so, what I could do is use the podman search command. So, the cool thing about this right now is that I am saying let's go and do a podman search. We are going to evaluate images from and we are going to consider those images that have got the the string mysql in them and I am just showing you the first couple of lines. But what I want you guys to see is that every single one of these results comes from and you could see that every single one of these search results has got the string mysql in it. Now what you can also do is that you can enhance your search by using the - - no-trunc. So, no truncates, what I am doing over here is saying podman search. We are going to have a look at We are going to look for mongo, so all images that have the string mongo in it at that particular registry and you could see that it gives me more information as far as the description is concerned. So, here you could see that mongo is a free and open source cross-platform document oriented database program. Now the podman search command does have some additional capabilities. Over here guys, what I am doing is just extending the command. I am taking that one level further by running podman search no truncates only limit the results to 3 and I am looking for unofficial images. So, what it could do is that it's a boolean so, I could have is-official set to true and again what I am doing is that I am only evaluating a registry. So, it's and then it has to contain the string Perl in the name. So, you could see the three results that we have along with their descriptions.

So, moving on right now if you want to download an image you could use podman pull and podman pull downloads the image. It doesn't start a container and again why you would do this is to reduce the time to market when a container needs to be started because the image is now already there.

So, podman pull we named the registry, we named the full path to the image. Of course if you don't specify the full path it's going to evaluate the registries inside of the registries.conf file, which is below etc containers. So, guys what you could see over here is that it's evaluating, we have named the image, we have explicitly named the image. So, it's going to the registry, it's downloading the image right now and if you run the command podman images you can see that the image is indeed there. So, once again guys you could see that I did not specify the tag and in the event that you don't specify the tag, the tag latest is assumed. So, here you can see the image that comes from that repository, you could see the TAG latest and ultimately while images may have several names, how we really identify these images would be by the image IDs.

Now what you could also do is that you could get more information about an image using Skopeo.

So, skopeo is all about managing these images so, I am doing a skopeo inspect right now and I am saying that this is an image, I specify the name of the image and again I am not using the latest tag.

Now I told you earlier on that inside of an image you would have the files that are needed to support your container but there's also a little bit more than that. There's metadata, precious metadata so, if you want to learn more about an image you could use skopeo inspect and I am piping it out to less because there's quite a quite a good number of output over here.

So, look at this over here guys, here you could see the "Name", you could see the "Digest" the "RepoTags", you can see all bits of interesting information. The description, the Kubernetes description you could see the "maintainer" the "release" you could see the various layers that make this up and one day when you guys get through OpenShift this information over here is precious like the display-name, the services, the scripts-url and so forth and then a little bit further down the road as well you could see a bunch of environment variables. Environment variables that are used by this image. So, this is not a container, this is an image. Containers are started from the images which means that this information is going to be available inside of the container. So, for example you want to know the version of the HTTPD that we are using. So, you can see HTTPD_VERSION and we are using 2.4.

Where's the config file and these variables have to be declared and they are created by the image maintainer. So, where do I dumb my HTML files?  You could see the HTML DATA_PATH is /var/www.

So, looking at the output of podman images right now, we do indeed have the image downloaded. So, if you wanted to remove the image you would use podman rmi and again what I could do is that I could either do it based on name or I could reference the image id.

So, you can now go ahead and run the command podman images.

I don't have any images and if I wanted to run a container from that image I don't have to download it first but when you do run the command podman run, if the image is not local if it hasn't been downloaded it's then going to go and evaluate your registries for the image based on the name that you had referenced and it will then download it. Obviously this increases your time to market.

So, guys it's not fair that I get to get my hands dirty right? That is why we have a guided exercise for you. So, move on to the next video where I will meet you for that guided exercise.

About the Author
Jeremy Cook
Content Lead Architect
Learning Paths

Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, GCP, Azure), Security, Kubernetes, and Machine Learning.

Jeremy holds professional certifications for AWS, GCP, and Kubernetes (CKA, CKAD, CKS).