A container image is a standalone executable that contains codes, tools, and resources. It is a small operating system of specific configuration that can be easily created, updated, and modified using Dockerfiles. The image consists of system libraries, system tools, and other platform settings that a software program needs to run on a container platform. The image shares the OS kernel of its host machine.
A container image is compiled from file system layers built on top of a parent or base image. These layers promote the reuse of various components so that the user does not have to build everything from scratch for each project. Technically, a base image is used for a completely new image, while a parent image indicates the modification of an existing image. In practice, however, the terms are used interchangeably.
Container images are stored in a registry that is either private or public on a repository. The Image Creator pushes it into the registry, and a user drags the image when they want to run it as a container. To ensure that the image files that users download from the public repositories are original and unaltered, they are digitallysigned.