Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15 SP2

6 Obtaining Containers Edit source

This chapter provides information on obtaining container images.

6.1 SUSE Linux Enterprise Base Images Edit source

SUSE offers a number of official base container images that can be used as a starting point for building custom containers. Each SLE base image provides a minimal environment with a shell and package management.

Base images are available from https://registry.suse.com. For information about the SUSE Registry, see Section 6.3, “SUSE Registry”. The base images in the SUSE Registry all have the status General Availability (that is, they are suitable for production use) and LTSS releases of SLES 12 and SLES 15. SUSE Linux Enterprise base images in the SUSE Registry receive security updates and are covered by the SUSE support plans. For more information about these support plans, see Chapter 14, Support Plans.

6.2 SUSE Container Properties Edit source

SUSE container images have identifiers that provide information about their version, origin, and creation time. The individual identifiers listed below can be accessed after you pull a container image from the repository and run podman inspect on it.

6.2.1 Repository Names Edit source

Repository names start with the name of the product, for example: suse/sle..., opensuse/tumbleweed, or caasp/.... The SLE 15 containers for all service packs reside in the repository suse/sle15. However, for SLE 12, there is a separate repository name for each service pack, for example suse/sles12sp3, suse/sles12sp4, suse/sles12sp5.

6.2.2 Labels Edit source

Labels help to identify images. All SLE container image labels begin with com.suse.PRODUCTCONTAINER_NAME followed by a further specification. Container images also contain org.opencontainers.image labels.

Below is a list of all currently defined labels.

org.opencontainers.image.title, com.suse.sle.base.title
  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.title

  • Description: Title of the image

  • Example: SUSE Linux Enterprise 15 Base Container

org.opencontainers.image.description, com.suse.sle.base.description
  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.description

  • Description: Short description of the image

  • Example: Image containing a minimal environment for containers based on SUSE Linux Enterprise 15

org.opencontainers.image.version, com.suse.sle.base.version
  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.version

  • Description: Image version (MAJOR.SP.CICOUNT.BUILDCOUNT)

  • Example:

org.opencontainers.image.created, com.suse.sle.base.created
  • Must be provided by derived images: Yes

  • OCI notation: org.opencontainers.image.created

  • Description: Timestamp of image build

  • Example: 2018-07-27T14:12:30Z

org.opencontainers.image.vendor, com.suse.sle.base.vendor
  • Must be provided by derived images: No

  • OCI notation: org.opencontainers.image.vendor

  • Description: Image vendor

  • Example: SUSE LLC

org.opencontainers.image.url, com.suse.sle.base.url
  • Must be provided by derived images: No

  • OCI notation: org.opencontainers.image.url

  • Description: Additional information

  • Example: https://www.suse.com/products/server/

org.openbuildservice.disturl, com.suse.sle.base.disturl
  • Must be provided by derived images: Yes

  • OCI notation: org.openbuildservice.disturl

  • Description: Image OBS URL

  • Example: obs://build.suse.de/SUSE:SLE-15:Update:CR/images/2951b67133dd6384cacb28203174e030-sles15-image

org.opensuse.reference, com.suse.sle.base.reference
  • Must be provided by derived images: Yes

  • OCI notation: org.opensuse.reference

  • Description: Reference pointing to the image. The image you get with docker pull REF_NAME must not change.

  • Example: registry.suse.com/suse/sle15:4.2

6.2.3 Tags Edit source

Tags are used to refer to images. A tag forms a part of the image's name. Unlike labels, tags can be freely defined, and they are usually used to indicate a verson number.

If a tag exists in multiple images, the newest image is used. The image maintainer decides which tags to assign to the container image.

The conventional tag format is repository name: image version specification (usually version number). For example, the tag for the latest published image of SUSE Linux Enterprise Server 15 SP2 would be suse/sle15:15.2.

6.3 SUSE Registry Edit source

The official SUSE Registry is available at https://registry.suse.com. It contains tested and updated SUSE Linux Enterprise base container images. All images in the SUSE Registry undergo a maintenance process. The images are built to contain the latest available updates and fixes. The SUSE Registry's Web user interface lists a subset of the available images.

6.4 Verifying containers Edit source

Signatures for images available through SUSE Registry are stored in the Notary. You can verify the signature of a specific image using the following command:

docker trust inspect --pretty registry.suse.com/suseIMAGE:TAG

For example, the command docker trust inspect --pretty registry.suse.com/suse/sle15:latest verifies the signature of the latest SLE15 base image.

To automatically validate an image when you pull it, set the environment DOCKER_CONTENT_TRUST to 1. For example:

env DOCKER_CONTENT_TRUST=1 docker pull registry.suse.com/suse/sle15:latest

6.5 Comparing Containers Edit source

The container-diff tool can be used for analyzing and comparing container images. container-diff can examine images along several different criteria, including the following:

  • Docker Image History

  • Image file system

  • DEB packages

  • RPM packages

  • PyPI packages

  • NPM packages

You can inspect a single image, or perform a diff operation on two images. container-diff supports Docker images located in both a local Docker daemon and a remote registry. It is also possible to use the tool with the .tar, .tar.gz, and .tgz archives.

The container-diff package is part of the SUSE Linux Enterprise Server 15 SP2 Containers Module. Alternatively, it can be installed separately. For instructions on installing it, see the container-diff documentation.

6.6 On-Premises Registry Edit source

6.6.1 Portus Edit source

Portus is an on-premises application that provides a graphical interface and an authorization mechanism for Docker registries. For a more detailed description of Portus functionality, see http://port.us.org/features.html.

Portus can be deployed using a standard Docker container, inside a Kubernetes cluster, or on bare metal. For deployment options and instructions on how to get started with Portus in a development environment, see http://port.us.org/docs/deploy.html.

Print this page