What is a container image?

A container image assembles all the components needed to create a container on an operating system, and it comprises different image layers stacked on top of each other. Container images are immutable and share the same functions as templates.

Container images are stored within a container image registry (or container registry) that serves as a type of file system. Container registries are data repositories (or multiple repositories) that warehouse container images for storage and/or access.

One notable advantage of container registries is how smoothly they connect to container orchestration systems/platforms like Kubernetes and Docker. In addition, container registries can be used in a DevOps capacity during container-based application development, enabling optimized workflow integration.

A container image is an assembled accumulation of layers that include the following:

• Base image
• Libraries
• Binaries
• Dependencies
• Configuration files

In new images built from scratch, it all starts with the bottom layer, the base image. The base image is where most container-based development workflows begin. Many base images comprise basic or minimal Linux® distributions (like Debian, Ubuntu, Red Hat® Enterprise Linux (RHEL), Rocky Linux or Alpine). Base images are where the container’s filesystem files are stored. The process of creating base images (known as “building”) enables developers to construct a standardized environment, which supports custom container images.

Then, a succession of file system layers is added and stacked on top of the base image, including the following:

• Required libraries, which are standard collections of algorithms and class templates that programmers can use to create common data structures (e.g., lists, stacks and queues)

• Necessary binaries, which are executable files required for the implementation of different programs and commands. Binary folders are designed so users can have fast access to needed executables.

• Various dependencies, which govern the creation and operation of containers.

• Configuration files (configs) that are needed to run the container in question.

For container images that incorporate existing images, the base image of existing images is known as the Parent Image. If an image is wholly original, it’s said to have no Parent Image.

Container images are stored in container registries, where images can either be uploaded to that registry (“pushing”) or downloaded into a different system (“pulling”).

Container registries use object storage to manifest metadata about container images. This offers a means for successfully transferring such metadata, but it’s limited. For example, in the case of data that involves multiple images, there are limits on the possible number of available listing tags.

Dependency containers offer another storage method. These containers enable the management, registration and resolution of dependencies within an application. Dependencies describe situations where one object or process must occur before another object can function as ordered.

Considering the pressing need for online security, the authentication of individuals granted access to repositories is essential. Authentication uses a series of permissions specific to that container registry. Permissions define who’s authorized to use computer resources from a container registry.

The concept of runtimes is vitally important. Container runtimes are software that lets containers operate within a host system. Container runtimes use a series of steps to carry out the creation of containers. These steps encompass the entire process of forming containers and initializing their environment, as guided by a container image that holds the app and its dependencies.

There are two providers of container orchestration that are central to the use of containers and container images:

Docker is a container orchestration system that reduces the complexity of creating, deploying and running apps. Docker is viewed as an easy way to build lightweight and self-contained containers that can run on any platform, despite the particular infrastructure. Because they can be moved from one machine to another, Docker containers also offer supreme portability. In addition, Docker provides a standard means for the deployment of microservices, by letting the user package microservices as container images.

Docker’s image resource is DockerHub, offering free access to 100,000+ images and other Docker files shared by Docker users, software vendors and open source projects. A paid Docker container registry service is also available for private use. Docker images use a Docker command-line interface (Docker CLI) that enables key operations like login, push and pull. Users create Docker images with the Docker Engine’s Docker Build feature, which enables the packaging and bundling of source code. Docker can be configured by using JavaScript Object Notation (JSON) configuration files. JSON is the preferred format because it maintains all configurations in one place.

Kubernetes is an open source platform for container orchestration. Kubernetes is used to automate numerous software processes, like management, deployment and scaling. In a Kubernetes service, one or more computers (either virtual machines or bare metal servers) are linked in a Kubernetes cluster, where container workloads of varying sizes and types can be run. The Kubernetes Application Programming Interface (API) server configures data for API objects like pods, services, replication controllers and so on. APIs let different software apps intercommunicate and share data in full cooperation with each other.

While Docker and Kubernetes provide similar services, they differ in their respective sense of scale. Docker is a container runtime, but Kubernetes is a full platform that accommodates containers from multiple container runtimes. Docker is just one of the container runtimes that Kubernetes supports.

Container images are a key component of container registry use.

The following activities make extensive use of container images:

Container-based deployments—empowered by the use of container images—support cloud-native architectures and provide them with needed isolation and flexibility. Containers and container images let users build and optimize scalable, cloud-native apps.

Many container registries (and the container images in them) assist microservices users by clarifying the process of locating and connecting to a specific microservice within a container cluster.

Virtual machines (VMs) are computer systems that use software on one computer to mimic the functions of another computer. ViMs have a unique relationship with container images. Users often substitute VMs as a host operating system for containers, instead of running containers directly on hardware, especially when containers need to run in the cloud.

The market for container image providers is both fluid and dynamic, with much activity and numerous industry players both entering and exiting the market. However, these providers have built lasting reputations in this market:

• Amazon: Amazon Web Services (AWS) operates Amazon Elastic Container Registry (ECR), incorporating the use of Amazon Inspector, which manages the vulnerability scanning of container images. ECR also supports cross-account and cross-regional replication, enabling easier access to images.

• Apache: Apache is an open source web server software that is available free of charge and offered by the Apache Software Foundation, which estimates that Apache software runs on approximately 30% of all web servers.

• GitHub: The GitHub platform (now owned by Microsoft) has won wide support from developers, who appreciate the way this proprietary software enables code-sharing, code management and collaboration efforts.

• IBM: IBM Cloud® Container Registry lets users easily start their own registry and begin pushing private images to the registry, for use with IBM Cloud Kubernetes Service. Users benefit from the privacy of having their own, fully managed registry. The service, which can be test-driven without cost, features pay-as-you-go pricing, so users only pay for what they consume.

• Microsoft: Microsoft’s Azure platform uses Azure Container Registry (ACR), which holds Docker images and Open Container Initiative (OCI) images, and supports OCI artifacts. ACR’s connected registry feature (part of the program’s premium service tier) constructs an on-premises or remote replica that synchronizes container images and OCI artifacts with the cloud-based ACR, which can accommodate both Windows® and Linux images. A method of interacting with computer programs involves writing and inputting lines of text, also known as command lines. Operating systems that use this method of interaction incorporate a command-line interface (CLI). Most computer users now rely on graphical user interfaces (GUIs), although CLIs are still favored by those writing scripts as part of automation efforts. Azure gives users the flexibility to use Docker CLI to run key container image operations.

• Python: Python is an interpreted, object-oriented, high-level programming language that’s offered by the Python Software Foundation. Its built-in data structures make Python perfectly suited for workloads requiring rapid application development. Python’s main advantage for software programmers is ease of use, largely due to its lack of a compilation step. This enables programmers to use an accelerated debugging cycle, which saves time.

• Red Hat: Red Hat has championed Linux-based programming since the company’s 1993 inception. The container registry that Red Hat offers, OpenShift® Container Platform (OCP), allows users to automatically gain access to image repositories on demand and also gives users a standard location to push the images that result from application builds.