Home

ContainerImage

ContainerImage is a portable, immutable artifact that bundles an application and its runtime environment, including libraries, dependencies, and configuration. It is designed for distribution and reproducible deployment, enabling container runtimes to instantiate running instances with consistent behavior.

A container image consists of a series of filesystem layers, a configuration object, and a manifest. Each

Formats and standards for container images are governed by the Open Container Initiative (OCI) and, historically,

Creation and distribution involve building images from instructions (for example, a Dockerfile or similar build definition),

A running container is created from a container image by applying a writable layer on top of

layer
represents
a
set
of
changes
to
the
filesystem
and
is
usually
stored
as
a
compressed
archive.
Layers
are
content-addressed
by
cryptographic
digests,
enabling
efficient
reuse
and
caching.
The
manifest
describes
the
image
content,
including
the
layers,
their
order,
the
image
configuration,
and
metadata
such
as
architecture
and
operating
system.
by
the
Docker
image
format.
The
OCI
image
format
defines
the
layout
of
the
image,
including
the
config
and
layer
blobs,
while
the
OCI
distribution
specification
covers
image
publishing
and
pulling
from
registries.
Images
are
identified
by
a
repository
name
and
a
tag,
with
a
digest
providing
content-addressable
integrity.
often
using
multi-stage
builds
to
reduce
size.
Built
images
are
stored
in
registries
and
can
be
pulled
by
container
runtimes
to
run
containers.
Security
practices
include
image
scanning
for
vulnerabilities,
signing
for
provenance,
and
ensuring
integrity
via
digests.
the
read-only
image
layers.
The
image
itself
is
immutable,
while
containers
provide
a
mutable
execution
environment.