Canonical announced today the general availability of chiselled Ubuntu containers which come with Canonical’s security maintenance and support commitment. Chiselled Ubuntu containers are ultra-small OCI images that deliver only the application and its runtime dependencies, and no other operating system-level packages, utilities, or libraries. This makes them lightweight to maintain and operate, secure, and efficient in resource utilisation.
Canonical’s chiselled Ubuntu portfolio includes pre-built images for popular toolchains like Java, .NET and Python. Microsoft announced today the general availability of chiselled Ubuntu container images for .NET 6, 7 and 8, the result of a long-term partnership and design collaboration between Canonical and Microsoft.
“There has always been a need for smaller and tighter images. Developers remind us, as a base image provider, of that on a regular basis. Chiselled images leapfrog over approaches we’ve looked at in the past. We love the idea and implementation of Chiselled images and Canonical as a partner. When technical leaders at Canonical shared the first demos of Chiselled images with us, we immediately wanted to be a launch partner, and we’re thrilled that we’re shipping Ubuntu Chiselled images for .NET as part of this GA release.”
Richard Lander, Program Manager, .NET at Microsoft
According to GitLab’s 2022 Global DevSecOps Survey, only 64% of security professionals had a security plan for containers, and many DevOps teams don’t have a plan in place for other cutting-edge software technologies, including cloud-native/serverless, APIs, and microservices. Running applications securely at scale – with peace of mind – is one of Canonical’s key commitments to the open source world.
Chiselled Ubuntu containers provide both trusted provenance and an optimal developer-to-production experience, leading to more productive teams as well as more secure applications. At the heart of these containers sits a developer-friendly open source package manager called “Chisel”, which developers can use to sculpt meticulously precise and therefore ultra-small file systems.
Chisel relies on a curated collection of Slice Definition Files. These files are related to the upstream packages from the Ubuntu archives, and define one or more slices for any given package. A package slice details a subset of the package’s contents (comprising its maintainer scripts and dependencies) needed at run-time.
Chisel effectively layers reusable knowledge on top of traditional Ubuntu debian packages through a developer-friendly CLI and fine-grained dependency management mechanism.
The lack of unnecessary bits in the final image (as well as unused system utilities and excess package contents) reduces bloat, making it more efficient, as well as reducing their attack surface and mitigating entire classes of attacks. Faster network transfers, caching and startup, as well as reduced run times resource utilisation are guaranteed as applications carry only the dependencies they absolutely need.
With Chiselled Ubuntu organisations can simplify their containerisation journey with a smooth transition from development to production.
Key benefits include:
Learn more about Canonical containers
Chiselled Ubuntu images inherit Ubuntu’s long-term support guarantees and are updated within the same release cycle using the self-same packages as within other LTS components. They are fully supported by Canonical:
Chiselled Ubuntu and toolchains come together seamlessly. It’s a developer’s shortcut to creating and deploying secure, super-efficient images for production from their development environment.
The Chiselled Ubuntu image for the Java Runtime Engine provides a ~51% reduction in the size of the compressed image compared to Eclipse Temurin Java 17 runtime image. The Chiselled Ubuntu image does not degrade throughput or startup performance compared to the evaluated images.
Chiselled Ubuntu containers for .NET and ASP.NET are now available on AMD64- and ARM-based platforms, as well as s390x, offering precision-engineered, production-destined containers to the .NET community. Shipping only the binaries needed to run .NET applications means a ready-for-production OCI container and lets you focus your added value: layering on your world-class applications and shipping to any platform.
With the release of .NET8, Microsoft and Canonical are joining forces to release chiselled Ubuntu for .NET8, including for AOT – Ahead of Time binaries. With .NET8, users can opt-in to security hardening with chiselled Ubuntu image variants to reduce their attack surface even further, as well as optimal container build, testing and deployment.
“Many .NET developers look to the .NET Team at Microsoft for best practice guidance, particularly if they are new to a domain. Chiselled Ubuntu images are our recommended base image for developers going forward. If you want to just use containers and not learn all the ins-and-outs, just choose chiselled images.”
Richard Lander, Program Manager, Microsoft .NET
Watch our interview with Microsoft on chiselled Ubuntu.
Organisations can purchase security maintenance and support for chiselled Ubuntu containers with an Ubuntu Pro subscription. Canonical experts offer support for bug fixes and troubleshooting to help manage containers more efficiently. With Ubuntu Pro, teams can reduce their average CVE exposure time from 98 days to one with 10 years of security maintenance guaranteed.
Learn more at ubuntu.com/pro.
Canonical’s Kubernetes LTS (Long Term Support) will support FedRAMP compliance and receive at least 12…
Welcome to the Ubuntu Weekly Newsletter, Issue 878 for the week of February 2 –…
At Canonical, we firmly believe that delivering an outstanding, customer-centric support experience is impossible without…
I want to share how to install osTicket v1.14 for Ubuntu 20.04 server. osTicket written…
Now I want to share how to install WordPress on ubuntu 20.04 server. WordPress is…
Now I want to share the DNS server installation process on your Ubuntu 20.04 server.…