Introduction to SLES SLE Base Container Image

1 Environment #

This document applies to the following products and product versions:

SUSE Linux Enterprise Server 15 SP4

2 Decision card #

WHAT: A set of container images based on SUSE Linux Enterprise Server 15
WHY: Because you need containers to develop and deploy applications
WHERE: registry.suse.com
EFFORT: It only takes 10 minutes of reading time
GOAL: Learn what SLE Base Container Image are and what you can use them for

3 What are SLE Base Container Image? #

SLE Base Container Image (SLE BCI) are minimal SUSE Linux Enterprise Server 15-based images that you can use to develop, deploy, and share applications. There are two types of SLE BCI:

General-purpose SLE BCI can be used for building custom container images and for deploying applications.
Language stack SLE BCI provide minimal environments for developing and deploying applications in specific programming languages.

In addition to that, we will provide Application Container Images based on SLE BCI featuring popular containerized applications like Nginx, PostgreSQL, MariaDB and RMT.

4 Highlights #

SLE BCI are fully compatible with SUSE Linux Enterprise Server, but they do not require a subscription to run and distribute them.
SLE BCI automatically run in FIPS-compatible mode when the host operating system is running in FIPS mode.
Each SLE BCI includes the RPM database, which makes it possible to audit the contents of the container image. You can use the RPM database to determine the specific version of the RPM package any given file belongs to. This allows you to ensure that a container image is not susceptible to known and already fixed vulnerabilities.
All SLE BCI (except for those without zypper) come with the container-suseconnect service. This gives containers that run on a registered SLES host access to the full SLES repositories. container-suseconnect is invoked automatically when you run zypper for the first time, and the service adds the correct SLES repositories into the running container. On an unregistered SLES host or on a non-SLES host, the service does nothing.

5 General-purpose SLE BCI #

There are three general purpose SLE BCI, and each container image comes with a minimum set of packages to keep its size low. You can use a general purpose SLE BCI either as a starting point for building custom container images, or as a platform for deploying specific software.

General-purpose SLE BCI #

bci-base

registry.suse.com/bci/bci-base:15.3
The general purpose base container image. It comes with zypper and the free SLE_BCI repository preinstalled. It can be extended by installing additional packages, and it can be used for running workloads intended for SLES in containerized environments.

bci-minimal

registry.suse.com/bci/bci-minimal:15.3
A slimmer version of the bci-base container image with rpm but without the full zypper stack. This container image is suitable for deployment of a single application that is available as a RPM package.

bci-micro

registry.suse.com/bci/bci-micro:15.3
An even slimmer version of the bci-base container image without rpm and zypper. This container can act as a deployment target for static binaries or other pre-built artifacts.

6 Language stack SLE BCI #

Language stack SLE BCI are built on top of the BCI-Base general-purpose SLE BCI. Each container image comes with the zypper stack and the free SLE_BCI repository. Additionally, each image includes most common tools for building and deploying applications in the specific language environment. This includes tools like a compiler or interpreter as well as the language specific package manager.

python

URL: registry.suse.com/bci/python
Tags: 3.6, 3.9, 3.10
Ships with the python3 version from the tag and pip3, curl, git tools.

node

URL: registry.suse.com/bci/node
Tags: 12, 14, 16
Comes with nodejs version from the tag, npm and git. The yarm package manager can be installed with the npm install -g yarn command.

openjdk

URL: registry.suse.com/bci/openjdk
Tags: 11
Ships with the OpenJDK runtime. Designed for deploying Java applications.

openjdk-devel

URL: registry.suse.com/bci/openjdk-devel
Tags: 11
Includes the development part of OpenJDK in addition to the OpenJDK runtime. Instead of Bash, the default entry point is the jshell shell.

ruby

URL: registry.suse.com/bci/ruby
Tags: 2.5
A standard development environment based on Ruby 2.5, featuring ruby, gem and bundler as well as git and curl.

golang

URL: registry.suse.com/bci/golang
Tags: 1.16, 1.17
Ships with the go compiler version specified in the tag.

dotnet-runtime

URL: registry.suse.com/suse/dotnet-runtime
Tags: 3.1, 5.0, 6.0
Includes the .NET runtime from Microsoft and the Microsoft .NET repository.

dotnet-aspnet

URL: registry.suse.com/suse/dotnet-aspnet
Tags: 3.1, 5.0, 6.0
Ships with the ASP.NET runtime from Microsoft and the Microsoft .NET repository.

dotnet-sdk

URL: registry.suse.com/suse/dotnet-sdk
Tags: 3.1, 5.0, 6.0
Comes with the .NET and ASP.NET SDK from Microsoft as well as the Microsoft .NET repository.

7 Important note on status and lifecycle #

All container images, except for base, are currently classified as tech preview, and SUSE doesn't provide official support for them. This information is visible on the web on registry.suse.com. In addition to that, it is also indicated via the com.suse.techpreview label whether a container image still has the tech preview status. You can use the skopeo and jq utilities to check the status of the desired SLE BCI as follows:

skopeo inspect docker://registry.suse.com/bci/bci-micro:15.3 | jq '.Labels["com.suse.techpreview"]'
skopeo inspect docker://registry.suse.com/bci/bci-base:15.3 | jq '.Labels["com.suse.techpreview"]'
null

In the example above, the com.suse.techpreview label is set to 1 in the bci-micro container image, indicating that the image still has the tech preview status. Unlike like the general purpose SLE BCI, the language stack SLE BCI may not follow the lifecycle of the SLE distribution: they are supported as long as the respective language stack receives support. In other words, new versions of SLE BCI (indicated by the OCI tags) may be released during the lifecycle of a SLE Service Pack, while older versions may become unsupported. Refer to suse.com/lifecycle to find out whether the container in question is still under support.

8 Getting started #

The SLE BCI are available as OCI-compatible container images directly from registry.suse.com and can be used like any other container image. For example, using one of the general purpose containers:

> podman run --rm -it registry.suse.com/bci/bci-base:15.3 grep '^NAME' /etc/os-release
NAME="SLES"

Alternatively, you can use SLE BCI in Dockerfile as follows:

FROM registry.suse.com/bci/bci-base:15.3
RUN zypper -n in python3 && \
    echo "Hello Green World!" > index.html
ENTRYPOINT ["/usr/bin/python3", "-m", "http.server"]
EXPOSE 8000

You can then build container images using the docker build . or buildah bud . commands:

> docker build .
Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM registry.suse.com/bci/bci-base:15.3
 ---> e34487b4c4e1
Step 2/4 : RUN zypper -n in python3 &&     echo "Hello Green World!" > index.html
 ---> Using cache
 ---> 9b527dfa45e8
Step 3/4 : ENTRYPOINT ["/usr/bin/python3", "-m", "http.server"]
 ---> Using cache
 ---> 953080e91e1e
Step 4/4 : EXPOSE 8000
 ---> Using cache
 ---> 48b33ec590a6
Successfully built 48b33ec590a6
 
> docker run -p 8000:8000 --rm -d 48b33ec590a6
575ad7edf43e11c2c9474055f7f6b7a221078739fc8ce5765b0e34a0c899b46a
 
> curl localhost:8000
Hello Green World!