Container Insights (Linux) is migrating its container image to CBL-Mariner 2.0

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.



Container Insights is migrating its underlying OS image from Ubuntu 18.04 to CBL-Mariner 2.0. This has no impact on customer features and capabilities. No action is needed from customers. Customers will get many indirect benefits such as smaller package size, improved security, and software supply-chain resiliency. This change applies to both AKS and Arc enabled Kubernetes customers. The first image version with the change will be 3.1.7.


Full update

CBL-Mariner is an internal Linux distribution for Microsoft’s cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and will enhance Microsoft’s ability to stay current on Linux updates. This initiative is part of Microsoft’s increasing investment in a wide range of Linux technologies, such as SONiCAzure Sphere OS and Windows Subsystem for Linux (WSL). CBL-Mariner is being shared publicly as part of Microsoft’s commitment to Open Source and to contribute back to the Linux community. CBL-Mariner does not change our approach or commitment to any existing third-party Linux distribution offerings. Read more about CBL-Mariner in our Github repo and Dev blog


As part of a Microsoft wide effort, Container Insights is migrating to CBL-Mariner for its container image. The Container Insights Linux image is being migrated from Ubuntu 18.04 based image to CBL-Mariner 2.0 based distroless image. This change applies to both AKS and Arc enabled Kubernetes customers. The first image version with change will be 3.1.7. CBL-Mariner only includes the necessary set of packages for running container workloads. We will be using the distroless version which eliminates the OS from the containers and retains only the packages needed to run the Container Insights agent.


This provides several benefits to customers.

  • Smaller image size: We reduced our image size to about 40% of the current image. This will improve overall performance as it requires less storage space, bandwidth and time to transfer. This is especially beneficial to customers who use Container Insights in Edge environments and through Azure Arc.
  • Enhanced security: With the new image, the container only has the necessary libraries and runtime dependencies for our application, without any extra software that could introduce security risks. This can help to reduce the risk of vulnerabilities and minimize the potential for security breaches.
  • Supply chain security: As a first party image that is (1) Microsoft managed, (2) contains only the minimum needed packages, (3) gets robustly tested - customers benefit from enhanced supply chain security.

This change has no impact on customer features and capabilities apart from the improvements listed above. The new image will roll out as a part of the regular AKS update process starting the first week of May 2023. Arc-enabled Kubernetes customers need to upgrade to the chart version 3.1.7, if they have opted-out of autoUpgrade in their chart version.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.