Canonical’s ‘distroless’ Linux images are a game-changer for enterprises
Canonical’s Everything LTS service will offer customized Docker container Long Term Support (LTS) Linux images. These custom “distroless” Linux images will come with 12 years of security support for Linux, and any included open-source application or dependency within the container.
Mark Shuttleworth, Canonical’s CEO, didn’t mince his words: “Everything LTS means CVE maintenance for your entire open-source dependency tree, including open source that is not already packaged as a deb in Ubuntu.” This shift is a game-changer for enterprises and ISVs looking to meet stringent regulatory requirements with complex open-source stacks.
Also: Thinking about switching to Linux? 10 things you need to know
Shuttleworth said Canonical will deliver, “distroless or Ubuntu-based Docker images to your spec, which we will support on RHEL, VMware, Ubuntu or major public cloud K8s. Our enterprise and ISV customers can now count on Canonical to meet regulatory maintenance requirements with any open source stack, no matter how large or complex, wherever they want to deploy it.”
Although Shuttleworth implied Canonical, which is Ubuntu Linux’s parent company, would support Red Hat Enterprise Linux (RHEL), it appears he meant Canonical would support these new Linux images on Red Hat OpenShift as well as all other Kubernetes distributions and cloud platforms.
Also: Sparky Linux is a blazing-fast distro that can keep your older machines running for years
Specifically, Canonical will back its images on all of Canonical’s Kubernetes offerings — MicroK8s or Charmed Kubernetes. VMware will be supported on Tanzu Kubernetes Grid or vSphere with Kubernetes or Ubuntu virtual machines (VMs) on the vSphere cluster. On public clouds, Canonical will support containers on Azure, AWS, Google, IBM, and Oracle public cloud Kubernetes offerings.
In these new Open Container Initiative images, Canonical embraces the “distroless” container paradigm. With this model, images contain enough of the operating system and software to run a specific application. These hardened, minimal containers have a reduced attack surface, making them much more secure than conventional Linux VMs or containers. Distros that use this approach include Alpine Linux, Fedora CoreOS, and Wolfi.
These new “chiseled” containers are built on Ubuntu with Chisel. This program chisels Debian packages into a filesystem containing only the minimal collections of files needed for the container to function properly.
Also: Why I use the Linux tree command daily – and what it can do for you
Ubuntu Pro subscriptions will include the right to run unlimited ‘Everything LTS’ containers. VMware, OpenShift, and public cloud Kubernetes hosts will be supported at the same price as Ubuntu Pro hosts.
The Ubuntu Pro service will now include thousands of new open-source upstream components, including the latest AI/ML dependencies and tools. Canonical will maintain the 2,000 widely used AI/ML libraries and tools, including heavy hitters such as PyTorch, TensorFlow, and Rapids. These libraries will be maintained as source code instead of as Debian/Ubuntu deb packages.
Canonical has also partnered with Microsoft to create chiseled containers, which are a mere 100MB, for the .NET community. A self-contained .NET application runtime base image is only 6MB compressed.
Canonical also promises its average time for fixing critical Common Vulnerabilities and Exposures security problems will check-in at less than 24 hours. Canonical is positioning itself as the go-to partner for organizations that want rock-solid security and cutting-edge, open-source tech.
At the same time, Canonical appears to be distancing itself from its Ubuntu brand. Ubuntu is still key, but meeting customer demands for tiny, ultra-secure images is coming first. As such, Shuttleworth is making a bold move in the ever-evolving market for enterprise Linux and cloud computing.
