Canonical launches lightweight Chiselled Ubuntu container image for cloud deployment

Canonical released Chiselled Ubuntu container, a super small OCI image that only provides application and runtime dependencies without other operating system-level packages, utilities or libraries to improve container security and reduce overall size. Canonical provides pre-built Chiselled Ubuntu container images for Java and Python, and through cooperation with Microsoft, also launched Chiselled Ubuntu container images for .NET 6, .NET 7 and .NET 8 development.

Chiselled Ubuntu container is a special container image file. Its design concept is to remove unnecessary components in general Ubuntu container image files and retain only the core parts necessary for application execution. The Chiselled Ubuntu container image lacks a shell and package manager, which greatly limits the attack surface. And because the image does not contain curl and wget, attackers cannot download and execute shell scripts on the control server.

In addition, these images are executed as a non-root user, further limiting the operations allowed in the image, since the non-root user only has read and execute permissions for the application. This design makes the container image file smaller and more secure, making it very suitable for cloud application deployment, which not only reduces capacity requirements but also reduces security risks.

Pre-built Chiselled image files combined with development tool chains such as .NET and Java provide developers with a simple and secure production environment. Chiselled image files including Java execution environment engines increase capacity without affecting throughput and startup performance. Than Eclipse Temurin Java 17 execution environment image is about 51% smaller.

The Chiselled container image file of .NET 8.0 also only contains 7 components. Only dependent projects that are frequently used such as OpenSSL will be included in the image file. The uncompressed aspnet Chiselled image file is only about 110 MB, which is more than 100 MB less than the existing Ubuntu image file. It is about the same size as the Alpine image file. It is the smallest image file with the fewest components that contains glibc currently released by Microsoft.