Introduction to SLES SLE Base Container Image
1 Environment #
This document applies to the following products and product versions:
SUSE Linux Enterprise Server 15 SP4
2 Decision card #
- WHAT
A set of container images based on SUSE Linux Enterprise Server 15
- WHY
Because you need containers to develop and deploy applications
- WHERE
- EFFORT
It only takes 10 minutes of reading time
- GOAL
Learn what SLE Base Container Image are and what you can use them for
3 What are SLE Base Container Image? #
SLE Base Container Image (SLE BCI) are minimal SUSE Linux Enterprise Server 15-based images that you can use to develop, deploy, and share applications. There are two types of SLE BCI:
General-purpose SLE BCI can be used for building custom container images and for deploying applications.
Language stack SLE BCI provide minimal environments for developing and deploying applications in specific programming languages.
In addition to that, we will provide Application Container Images based on SLE BCI featuring popular containerized applications like Nginx, PostgreSQL, MariaDB and RMT.
4 Highlights #
SLE BCI are fully compatible with SUSE Linux Enterprise Server, but they do not require a subscription to run and distribute them.
SLE BCI automatically run in FIPS-compatible mode when the host operating system is running in FIPS mode.
Each SLE BCI includes the RPM database, which makes it possible to audit the contents of the container image. You can use the RPM database to determine the specific version of the RPM package any given file belongs to. This allows you to ensure that a container image is not susceptible to known and already fixed vulnerabilities.
All SLE BCI (except for those without
zypper
) come with thecontainer-suseconnect
service. This gives containers that run on a registered SLES host access to the full SLES repositories.container-suseconnect
is invoked automatically when you runzypper
for the first time, and the service adds the correct SLES repositories into the running container. On an unregistered SLES host or on a non-SLES host, the service does nothing.
5 General-purpose SLE BCI #
There are three general purpose SLE BCI, and each container image comes with a minimum set of packages to keep its size low. You can use a general purpose SLE BCI either as a starting point for building custom container images, or as a platform for deploying specific software.
- bci-base
The general purpose base container image. It comes with
zypper
and the freeSLE_BCI
repository preinstalled. It can be extended by installing additional packages, and it can be used for running workloads intended for SLES in containerized environments.
- bci-minimal
A slimmer version of the
bci-base
container image withrpm
but without the fullzypper
stack. This container image is suitable for deployment of a single application that is available as a RPM package.
- bci-micro
An even slimmer version of the
bci-base
container image withoutrpm
andzypper
. This container can act as a deployment target for static binaries or other pre-built artifacts.
6 Language stack SLE BCI #
Language stack SLE BCI are built on top of the BCI-Base
general-purpose SLE BCI. Each container image comes with the
zypper
stack and the free
SLE_BCI
repository. Additionally, each image includes
most common tools for building and deploying applications in the specific
language environment. This includes tools like a compiler or interpreter as
well as the language specific package manager.
- python
Tags: 3.6, 3.9, 3.10
Ships with the python3 version from the tag and pip3, curl, git tools.
- node
Tags: 12, 14, 16
Comes with nodejs version from the tag, npm and git. The yarm package manager can be installed with the
npm install -g yarn
command.
- openjdk
Tags: 11
Ships with the OpenJDK runtime. Designed for deploying Java applications.
- openjdk-devel
Tags: 11
Includes the development part of OpenJDK in addition to the OpenJDK runtime. Instead of Bash, the default entry point is the
jshell
shell.
- ruby
Tags: 2.5
A standard development environment based on Ruby 2.5, featuring ruby, gem and bundler as well as git and curl.
- golang
Tags: 1.16, 1.17
Ships with the go compiler version specified in the tag.
- dotnet-runtime
Tags: 3.1, 5.0, 6.0
Includes the .NET runtime from Microsoft and the Microsoft .NET repository.
- dotnet-aspnet
Tags: 3.1, 5.0, 6.0
Ships with the ASP.NET runtime from Microsoft and the Microsoft .NET repository.
- dotnet-sdk
Tags: 3.1, 5.0, 6.0
Comes with the .NET and ASP.NET SDK from Microsoft as well as the Microsoft .NET repository.
7 Important note on status and lifecycle #
All container images, except for base, are currently classified as tech
preview, and SUSE doesn't provide official support for them. This
information is visible on the web on
registry.suse.com. In
addition to that, it is also indicated via the
com.suse.techpreview
label whether a container image
still has the tech preview status. You can use the skopeo and jq utilities
to check the status of the desired SLE BCI as follows:
skopeo inspect docker://registry.suse.com/bci/bci-micro:15.3 | jq '.Labels["com.suse.techpreview"]' skopeo inspect docker://registry.suse.com/bci/bci-base:15.3 | jq '.Labels["com.suse.techpreview"]' null
In the example above, the com.suse.techpreview
label is
set to 1 in the bci-micro
container image, indicating
that the image still has the tech preview status. Unlike like the general
purpose SLE BCI, the language stack SLE BCI may not follow the lifecycle of
the SLE distribution: they are supported as long as the respective
language stack receives support. In other words, new versions of SLE BCI
(indicated by the OCI tags) may be released during the lifecycle of a SLE
Service Pack, while older versions may become unsupported. Refer to
suse.com/lifecycle to
find out whether the container in question is still under support.
8 Getting started #
The SLE BCI are available as OCI-compatible container images directly from registry.suse.com and can be used like any other container image. For example, using one of the general purpose containers:
>
podman run --rm -it registry.suse.com/bci/bci-base:15.3 grep '^NAME' /etc/os-release
NAME="SLES"
Alternatively, you can use SLE BCI in Dockerfile as follows:
FROM registry.suse.com/bci/bci-base:15.3 RUN zypper -n in python3 && \ echo "Hello Green World!" > index.html ENTRYPOINT ["/usr/bin/python3", "-m", "http.server"] EXPOSE 8000
You can then build container images using the docker build
.
or buildah bud .
commands:
>
docker build . Sending build context to Docker daemon 2.048kB Step 1/4 : FROM registry.suse.com/bci/bci-base:15.3 ---> e34487b4c4e1 Step 2/4 : RUN zypper -n in python3 && echo "Hello Green World!" > index.html ---> Using cache ---> 9b527dfa45e8 Step 3/4 : ENTRYPOINT ["/usr/bin/python3", "-m", "http.server"] ---> Using cache ---> 953080e91e1e Step 4/4 : EXPOSE 8000 ---> Using cache ---> 48b33ec590a6 Successfully built 48b33ec590a6>
docker run -p 8000:8000 --rm -d 48b33ec590a6 575ad7edf43e11c2c9474055f7f6b7a221078739fc8ce5765b0e34a0c899b46a>
curl localhost:8000 Hello Green World!