A container image is a static, read-only template that serves as the blueprint for creating containers. It packages system tools, libraries, configurations, and application code into a single portable unit. Unlike virtual machines, images do not include a guest OS but share the host kernel, significantly reducing overhead and boot times.
How it works
Images are built using a layered file system. Each layer represents a specific instruction in the configuration file, such as installing a package or adding source code. Layers are cached and shared across different images, optimizing storage and build speed. When a container starts, the runtime adds a thin writable layer on top of the immutable image layers.
Container images are essential for standardizing deployments within CI/CD pipelines. They ensure consistency across development, staging, and production environments. By encapsulating the entire runtime environment, images eliminate environmental drift and enable predictable scaling in orchestration platforms like Kubernetes.
Images are stored and distributed via registries like Docker Hub or Amazon ECR. For instance, the command docker pull redis:alpine fetches a lightweight version of the Redis database. Using minimal base images can reduce image size to under 10 MB, facilitating rapid distribution and decreasing the security attack surface.