Introduction to .NET Chiseled Containers

Last updated on July 17, 2024

In the evolving landscape of containerization, Docker has emerged as an essential tool for developers seeking streamlined application deployment. Among the recent advancements in this domain are .NET Chiseled Docker containers. These containers are designed to offer enhanced performance, security, and efficiency. In this blog post, we’ll explore .NET Chiseled Docker containers, their benefits, and how to implement them using guidance from the official GitHub documentation.

What are .NET Chiseled Docker Containers?

.NET Chiseled Docker containers are minimalist containers crafted specifically for running .NET applications. They adopt a “chiseled” approach, which means they are stripped down to include only the essential components needed for the application to function. This results in containers that are smaller, faster, and more secure compared to traditional Docker containers that may include a full operating system and various libraries.

Benefits of .NET Chiseled Docker Containers

1. Reduced Size

One of the most significant advantages of Chiseled containers is their reduced size. Traditional Docker containers, such as those based on Debian, Alpine, or Ubuntu, include a variety of libraries and utilities that might not be necessary for running a .NET application. In contrast, Chiseled containers are stripped down to include only the essentials.

To illustrate, let’s compare the sizes of different base images:

• Debian-based .NET Runtime Image: ~200 MB
• Ubuntu-based .NET Runtime Image: ~180 MB
• Alpine-based .NET Runtime Image: ~50 MB
• Chiseled .NET Runtime Image: ~30 MB

As seen in the comparison, the Chiseled .NET runtime image is significantly smaller than even the Alpine-based image, which is known for its minimal footprint. This reduction in size leads to faster download times, quicker start-up times, and reduced storage requirements, making it ideal for environments where resource efficiency is crucial.

This optimization is achieved through the following features:

• Minimal set of packages required to run a .NET application
• Non-root user by default
• No package manager
• No shell

2. Improved Security

With fewer components included, the attack surface of Chiseled containers is much smaller. This minimizes the risk of vulnerabilities associated with unused software, making these containers inherently more secure. Running as a non-root user by default further enhances security, reducing the potential impact of any security breaches.

3. Enhanced Performance

The reduced overhead from using smaller containers translates to better performance. Chiseled containers can start up faster and consume fewer resources, making them ideal for high-efficiency environments.

4. Easier Maintenance

Maintaining smaller and more focused containers is easier than dealing with larger ones. Updates and patches can be applied more swiftly, reducing the risk of disruptions caused by removing unnecessary components.

How to Create a .NET Chiseled Docker Container

The following steps guide you through creating a .NET Chiseled Docker container, based on the official GitHub documentation.

Step 1: Create a .NET Application

First, create a simple .NET application. If you don’t have one already, you can use the .NET CLI to create a new one:

dotnet new console -o MyChiseledApp
cd MyChiseledApp
dotnet run

Step 2: Write a Dockerfile

Next, create a Dockerfile to define your Chiseled container. Here’s an example, adapted from the official documentation:

# Use the official .NET SDK image to build the application
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
WORKDIR /app
# Copy everything
COPY . ./
# Restore as distinct layers
RUN dotnet restore
# Build and publish a release
RUN dotnet publish -c release -r linux-x64 --force -o ./published

# Use the .NET 8.0 Chiseled image as a runtime
FROM mcr.microsoft.com/dotnet/aspnet:8.0-noble-chiseled-extra
WORKDIR /app/published/
COPY --from=build-env /app/published .
ENTRYPOINT ["dotnet", "MyChiseledApp.dll"]

Step 3: Build and Run the Docker Container

With your Dockerfile ready, you can build and run your Chiseled container:

docker build -t mychiseledapp .
docker run --rm mychiseledapp

Step 4: Optimize the Container

To further optimize your container, consider leveraging the guidance from the official documentation, which provides additional best practices for refining your container.

Available Chiseled Images

Ubuntu Chiseled images are available for the following image repositories:

• mcr.microsoft.com/dotnet/runtime
• mcr.microsoft.com/dotnet/aspnet
• mcr.microsoft.com/dotnet/runtime-deps (for self-contained apps)

.NET Chiseled Docker containers offer a powerful way to run .NET applications with improved performance, security, and efficiency. By adopting a chiseled approach, you can achieve faster startup times, reduced storage requirements, and a smaller attack surface. Whether you’re deploying microservices in a Kubernetes cluster or running a single application in a Docker environment, Chiseled containers can help you achieve a leaner, more efficient deployment strategy.