Chiselled Ubuntu: the perfect present for your containerised and cloud applications

This article was last updated 2 years ago.


As we enter the holiday season, online shopping and payment systems are gearing up for higher traffic and workloads. Ensuring that these applications can handle the increased demand without slowing down or crashing is critical for providing a smooth and efficient experience for customers. One way to improve the performance and reliability of these applications is by using chiselled Ubuntu images in your containerised deployment.

Don’t forget to give your cloud applications a present this year: why not chiselled Ubuntu?

Chiselled Ubuntu images are inspired by the Distroless concept, meaning they contain only your application and its runtime dependencies, without any additional operating system-level packages or libraries. This makes them lightweight, secure, and efficient. Note, there isn’t one chiselled Ubuntu base image, but rather an infinite number of possible slices of the Ubuntu distribution that you can create chisel for your use case. Last August, we released the first set of pre-built chiselled Ubuntu runtime images, for the .NET ecosystem, in a collaboration with Microsoft.

In this blog series, I’ll focus on the key advantages of chiselled Ubuntu images over traditional “distro-full” images. I’ll compare their size, security, and performance, and explain why these factors make chiselled Ubuntu images an attractive option for deploying applications in a containerised environment. The second blog of the series will demonstrate these advantages with a hands-on demo of a simple online shop built with ASP.NET. Whether you’re a developer, system administrator, or just curious about container technologies, this blog series will provide valuable insights and practical examples of the benefits of chiselled Ubuntu images.

Save on storage and network transfer costs

The unmistakable benefit of using chiselled Ubuntu images in your containerised applications is their reduced size, significantly smaller than traditional container images. In addition to not including any operating system-level packages or libraries that are not required at runtime, chiselled Ubuntu containers do not include any package manager nor shell (no apt, no bash).

But why does it matter? For one, smaller container images can save on storage costs, both on your local development machine and in your production environment. Furthermore, smaller container images also speed up network transfer times. This can be beneficial when you need to pull images from a registry or push them to a registry, such as when deploying your applications to a cloud platform. Faster transfer times can help ensure that your applications are always up-to-date and ready to handle the increased traffic and workloads (and particularly during the holiday season!).

At-scale comparison of chiselled Ubuntu for .NET image sizes (from mcr.microsoft.com)

Comparing the size of the Ubuntu-based ASP.NET containers using both types of images shows the chiselled Ubuntu image is only half the size. The traditional container image, which includes an entire operating system, is 207MB in size, while the chiselled Ubuntu for ASP.NET image is only 104MB (uncompressed).

And it’s not just for the .NET platform: chiselled Ubuntu images can help for any use case. In fact, this prebuilt chiselled Ubuntu base image for self-contained dynamically-compiled applications is only 13MB in size (less than 6MB compressed)… compared to the 78MB of the Ubuntu base image.

Chiselled Ubuntu containers are not just optimised for size. They can significantly improve the security of your cloud and containerised applications.

Keep your applications safe and secure

Chiselled Ubuntu images are designed with security in mind. Besides saving on storage and network costs, their ultra-small image size greatly reduces the attack surface of chiselled Ubuntu images, making them less likely to be affected by vulnerabilities. Because they do not include a package manager or shell, they completely disarm certain classes of attacks. Finally, the chiselled Ubuntu images we ship for .NET and ASP.NET containers do not use the root user.

These security features are especially important for applications that handle sensitive information, such as online shopping and payment systems.

Less attack surface also means fewer security updates are required, leading to less downtime or disruptions for your users during the busy holiday season. No more panicking about your website crashing while you’re trying to do last-minute online shopping!

Optimise your website performance and resources consumption

Chiselled Ubuntu images come with a number of performance benefits in addition to better security and a smaller size. Online shopping applications, which frequently have higher traffic and workloads over the holiday season and must keep up with demand, might especially benefit from these advantages..

Faster starting times are one of the main performance benefits of chiselled Ubuntu images. They can start up more quickly than traditional container images since they are significantly more lightweight and do not contain any unnecessary dependencies..

I’ll demonstrate how the ASP.NET shopping website example started 20% faster utilising chiselled Ubuntu containers rather than conventional ones in the following blog of this series. They also used less memory, particularly in intense situations. Give your applications a boost with the quickness and effectiveness of chiselled Ubuntu containers!

Reduce your carbon footprint with chiselled ubuntu images

Despite their small size, chiselled Ubuntu images can have a big and positive impact on the environment. By requiring less energy and resources to download, store, and run the images, the usage of chiselled Ubuntu images can help minimise the carbon footprint of our apps. This can result in significant storage and deployment cost savings, both economic and environmental.

Keep reading: chiselled Ubuntu containers in action

It’s time to see how chiselled Ubuntu containers perform now that I’ve discussed their size, security, performance, and potential environmental advantages. In the second and last instalment of this blog series, I’ll show off a straightforward online shopping application created on the ASP.NET platform and containerise it using both standard and chiselled Ubuntu images. You will be able to verify for yourself how smaller, quicker, and more secure chiselled Ubuntu containers are, and how they can make your applications sparkle like the star atop a Christmas tree.

Put on your top holiday tune and grab a cup of hot chocolate, it’s demo time! You’ll be astounded at how consistent and effortless it is to migrate from traditional Ubuntu to chiselled Ubuntu images.

Photo by Kira auf der Heide on Unsplash.

ubuntu logo

What’s the risk of unsolved vulnerabilities in Docker images?

Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.

Integrate with hardened LTS images ›

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Canonical announces the general availability of chiselled Ubuntu containers

Production-ready, secure-by-design, ultra-small containers with chiselled Ubuntu Canonical announced today the general availability of chiselled Ubuntu...

Implementing an Android™ based cloud game streaming service with Anbox Cloud

Since the outset, Anbox Cloud was developed with a variety of use cases for running Android at scale. Cloud gaming, more specifically for casual games as...

Canonical announces Ubuntu Security Research Alliance Program 

Today, Canonical, the publisher of Ubuntu, announced its new Ubuntu Security Research Alliance Program, a free partnership between Canonical and open source...