Chiselled Ubuntu: the perfect present for your containerised and cloud applications
Valentin Viennot
on 19 December 2022
Tags: .NET , cloud , containers , docker , Security
As we enter the holiday season, online shopping and payment systems are gearing up for higher traffic and workloads. Ensuring that these applications can handle the increased demand without slowing down or crashing is critical for providing a smooth and efficient experience for customers. One way to improve the performance and reliability of these applications is by using chiselled Ubuntu images in your containerised deployment.
Chiselled Ubuntu images are inspired by the Distroless concept, meaning they contain only your application and its runtime dependencies, without any additional operating system-level packages or libraries. This makes them lightweight, secure, and efficient. Note, there isn’t one chiselled Ubuntu base image, but rather an infinite number of possible slices of the Ubuntu distribution that you can create chisel for your use case. Last August, we released the first set of pre-built chiselled Ubuntu runtime images, for the .NET ecosystem, in a collaboration with Microsoft.
In this blog series, I’ll focus on the key advantages of chiselled Ubuntu images over traditional “distro-full” images. I’ll compare their size, security, and performance, and explain why these factors make chiselled Ubuntu images an attractive option for deploying applications in a containerised environment. The second blog of the series will demonstrate these advantages with a hands-on demo of a simple online shop built with ASP.NET. Whether you’re a developer, system administrator, or just curious about container technologies, this blog series will provide valuable insights and practical examples of the benefits of chiselled Ubuntu images.
Save on storage and network transfer costs
The unmistakable benefit of using chiselled Ubuntu images in your containerised applications is their reduced size, significantly smaller than traditional container images. In addition to not including any operating system-level packages or libraries that are not required at runtime, chiselled Ubuntu containers do not include any package manager nor shell (no apt
, no bash
).
But why does it matter? For one, smaller container images can save on storage costs, both on your local development machine and in your production environment. Furthermore, smaller container images also speed up network transfer times. This can be beneficial when you need to pull images from a registry or push them to a registry, such as when deploying your applications to a cloud platform. Faster transfer times can help ensure that your applications are always up-to-date and ready to handle the increased traffic and workloads (and particularly during the holiday season!).
Comparing the size of the Ubuntu-based ASP.NET containers using both types of images shows the chiselled Ubuntu image is only half the size. The traditional container image, which includes an entire operating system, is 207MB in size, while the chiselled Ubuntu for ASP.NET image is only 104MB (uncompressed).
And it’s not just for the .NET platform: chiselled Ubuntu images can help for any use case. In fact, this prebuilt chiselled Ubuntu base image for self-contained dynamically-compiled applications is only 13MB in size (less than 6MB compressed)… compared to the 78MB of the Ubuntu base image.
Chiselled Ubuntu containers are not just optimised for size. They can significantly improve the security of your cloud and containerised applications.
Keep your applications safe and secure
Chiselled Ubuntu images are designed with security in mind. Besides saving on storage and network costs, their ultra-small image size greatly reduces the attack surface of chiselled Ubuntu images, making them less likely to be affected by vulnerabilities. Because they do not include a package manager or shell, they completely disarm certain classes of attacks. Finally, the chiselled Ubuntu images we ship for .NET and ASP.NET containers do not use the root
user.
These security features are especially important for applications that handle sensitive information, such as online shopping and payment systems.
Less attack surface also means fewer security updates are required, leading to less downtime or disruptions for your users during the busy holiday season. No more panicking about your website crashing while you’re trying to do last-minute online shopping!
Optimise your website performance and resources consumption
Chiselled Ubuntu images come with a number of performance benefits in addition to better security and a smaller size. Online shopping applications, which frequently have higher traffic and workloads over the holiday season and must keep up with demand, might especially benefit from these advantages..
Faster starting times are one of the main performance benefits of chiselled Ubuntu images. They can start up more quickly than traditional container images since they are significantly more lightweight and do not contain any unnecessary dependencies..
I’ll demonstrate how the ASP.NET shopping website example started 20% faster utilising chiselled Ubuntu containers rather than conventional ones in the following blog of this series. They also used less memory, particularly in intense situations. Give your applications a boost with the quickness and effectiveness of chiselled Ubuntu containers!
Reduce your carbon footprint with chiselled ubuntu images
Despite their small size, chiselled Ubuntu images can have a big and positive impact on the environment. By requiring less energy and resources to download, store, and run the images, the usage of chiselled Ubuntu images can help minimise the carbon footprint of our apps. This can result in significant storage and deployment cost savings, both economic and environmental.
Keep reading: chiselled Ubuntu containers in action
It’s time to see how chiselled Ubuntu containers perform now that I’ve discussed their size, security, performance, and potential environmental advantages. In the second and last instalment of this blog series, I’ll show off a straightforward online shopping application created on the ASP.NET platform and containerise it using both standard and chiselled Ubuntu images. You will be able to verify for yourself how smaller, quicker, and more secure chiselled Ubuntu containers are, and how they can make your applications sparkle like the star atop a Christmas tree.
Put on your top holiday tune and grab a cup of hot chocolate, it’s demo time! You’ll be astounded at how consistent and effortless it is to migrate from traditional Ubuntu to chiselled Ubuntu images.
- Part2: “See for yourself: the benefits of chiselled Ubuntu images in action with an ASP.NET shop demo”
- Microsoft and Canonical announce .NET availability in Ubuntu hosts and containers
- .NET for Ubuntu hosts and containers is now available on Arm-based platforms
- Open Source Summit Europe 2022 presentation on Chiselled Ubuntu
- Microsoft .NET developers’ 2022 conf x Chiselled Ubuntu keynote
- Last year holiday season’s blog: How to colourise black & white pictures: OpenVINO™ on Ubuntu containers demo (Part 1)
Photo by Kira auf der Heide on Unsplash.
What’s the risk of unsolved vulnerabilities in Docker images?
Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.
Newsletter signup
Related posts
Canonical announces the general availability of chiselled Ubuntu containers
Production-ready, secure-by-design, ultra-small containers with chiselled Ubuntu Canonical announced today the general availability of chiselled Ubuntu...
Implementing an Android™ based cloud game streaming service with Anbox Cloud
Since the outset, Anbox Cloud was developed with a variety of use cases for running Android at scale. Cloud gaming, more specifically for casual games as...
Canonical announces Ubuntu Security Research Alliance Program
Today, Canonical, the publisher of Ubuntu, announced its new Ubuntu Security Research Alliance Program, a free partnership between Canonical and open source...