Canonical containers

Canonical containers, also known as “rocks”, are a new generation of secure, stable and OCI-compliant Ubuntu images, hardened by design, and offering a specialized and predictable UX.

Browse rocks

Python

Kafka

RabbitMQ

.NET Runtime

Valkey

JRE

Use a rock

Console illustrating how to use a Python rock

Rocks are hardened to chisel away contents that are unnecessary at runtime, thus preserving the same functionality while reducing the storage footprint and attack surface. Like this Python rock.

Building steps

Initialize

Get started - quick guide
Use Rockcraft with Multipass

Craft

Rocks project file
Use parts to build your container application
Define rocks services
Harden a rock
Install a custom package slice
Define a non root user

Pack

Pack a rock

Get started with rocks

Try building a 'Hello world' rock. You can also build rocks for a variety of applications.

Flask

Django

FastAPI

Go

Express

Spring Boot