Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Documentación de SUSE Linux Enterprise Server / Container Guide / Obtaining containers
Applies to SUSE Linux Enterprise Server 15 SP3

6 Obtaining containers

This chapter provides information on obtaining container images.

6.1 SUSE Linux Enterprise base images

SUSE offers several official base container images that can be used as a starting point for building custom containers. Each SLE base image provides a minimal environment with a shell and package management.

Base images are available from https://registry.suse.com. For information about the SUSE Registry, see Section 6.3, “SUSE Registry”. The base images in the SUSE Registry all have the status General Availability (that is, they are suitable for production use) and LTSS releases of SLES 12 and SLES 15. SUSE Linux Enterprise base images in the SUSE Registry receive security updates and are covered by the SUSE support plans. For more information about these support plans, see Chapter 14, Compatibility and support conditions.

6.2 SUSE container properties

SUSE container images have identifiers that provide information about their version, origin, and creation time. The individual identifiers listed below can be accessed after you pull a container image from the repository and run podman inspect on it.

6.2.1 Repository names

Repository names start with the name of the product, for example: suse/sle..., opensuse/tumbleweed, or caasp/.... The SLE 15 containers for all service packs reside in the repository suse/sle15. However, for SLE 12, there is a separate repository name for each service pack, for example, suse/sles12sp3, suse/sles12sp4, and suse/sles12sp5.

6.2.2 Labels

Labels help to identify images. All SLE container image labels begin with com.suse.PRODUCTCONTAINER_NAME followed by a further specification. Container images also contain org.opencontainers.image labels.

Below is a list of all currently defined labels.

org.opencontainers.image.title, com.suse.sle.base.title

  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.title

  • Description: Title of the image

  • Example: SUSE Linux Enterprise 15 Base Container

org.opencontainers.image.description, com.suse.sle.base.description

  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.description

  • Description: Short description of the image

  • Example: Image containing a minimal environment for containers based on SUSE Linux Enterprise 15

org.opencontainers.image.version, com.suse.sle.base.version

  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.version

  • Description: Image version (MAJOR.SP.CICOUNT.BUILDCOUNT)

  • Example: 15.0.4.2

org.opencontainers.image.created, com.suse.sle.base.created

  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.created

  • Description: Timestamp of image build

  • Example: 2018-07-27T14:12:30Z

org.opencontainers.image.vendor, com.suse.sle.base.vendor

  • Must be provided by derived images: No

  • OCI notation: org.opencontainers.image.vendor

  • Description: Image vendor

  • Example: SUSE LLC

org.opencontainers.image.url, com.suse.sle.base.url

  • Must be provided by derived images: No

  • OCI notation: org.opencontainers.image.url

  • Description: Additional information

  • Example: https://www.suse.com/products/server/

org.openbuildservice.disturl, com.suse.sle.base.disturl

  • Must be provided by derived images: Yes

  • OCI notation: org.openbuildservice.disturl

  • Description: Image OBS URL

  • Example: obs://build.suse.de/SUSE:SLE-15:Update:CR/images/2951b67133dd6384cacb28203174e030-sles15-image

org.opensuse.reference, com.suse.sle.base.reference

  • Must be provided by derived images: Yes

  • OCI notation: org.opensuse.reference

  • Description: Reference pointing to the image. The image you get with docker pull REF_NAME must not change.

  • Example: registry.suse.com/suse/sle15:4.2

6.2.3 Tags

Tags are used to refer to images. A tag forms a part of the image's name. Unlike labels, tags can be freely defined, and they are usually used to indicate a version number.

If a tag exists in multiple images, the newest image is used. The image maintainer decides which tags to assign to the container image.

The conventional tag format is repository name: image version specification (usually version number). For example, the tag for the latest published image of SUSE Linux Enterprise Server 15 SP2 would be suse/sle15:15.2.

6.3 SUSE Registry

The official SUSE Registry is available at https://registry.suse.com. It contains tested and updated SUSE Linux Enterprise base container images. All images in the SUSE Registry undergo a maintenance process. The images are built to contain the latest available updates and fixes. The SUSE Registry's Web user interface lists a subset of the available images.

6.4 Verifying containers

Signatures for images available through SUSE Registry are stored in the Notary. You can verify the signature of a specific image using the following command: 

docker trust inspect --pretty registry.suse.com/suseIMAGE:TAG

For example, the command docker trust inspect --pretty registry.suse.com/suse/sle15:latest verifies the signature of the latest SLE15 base image.

To automatically validate an image when you pull it, set the environment DOCKER_CONTENT_TRUST to 1. For example: 

env DOCKER_CONTENT_TRUST=1 docker pull registry.suse.com/suse/sle15:latest

6.5 Comparing containers

The container-diff tool can be used for analyzing and comparing container images. container-diff can examine images along several criteria, including the following:

  • Docker image history

  • Image file system

  • DEB packages

  • RPM packages

  • PyPI packages

  • NPM packages

You can inspect a single image or perform a diff operation on two images. container-diff supports Docker images located in both a local Docker daemon and a remote registry. It is also possible to use the tool with .tar, .tar.gz, and .tgz archives.

The container-diff package is part of the SUSE Linux Enterprise Server 15 SP3 Containers Module. Alternatively, it can be installed separately. For instructions on installing it, see the container-diff documentation.

6.6 On-premises registry

6.6.1 Portus

Portus is an on-premises application that provides a graphical interface and an authorization mechanism for Docker registries. For a more detailed description of Portus functionality, see http://port.us.org/features.html.

Portus can be deployed using a standard Docker container, inside a Kubernetes cluster, or on bare metal. For deployment options and instructions on how to get started with Portus in a development environment, see http://port.us.org/docs/deploy.html.