Rust Applications in Containers, Kubernetes and WebAssembly

Transcript

1. Running Rust Applications in Docker & Kubernetes @ThorstenHans Cloud-Native Consultant

2. Cloud-Native Consultant @ Thinktecture #Azure #Kubernetes #Cloud-Native #Docker Thorsten Hans

   [email protected] thinktecture.com thorsten-hans.com @ThorstenHans

3. • Introduction • Containerizing Rust Applications • Running Rust Applications

   in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

4. • Introduction • Containerizing Rust Applications • Running Rust Applications

   in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

5. -Container are super awesome … -Everyone uses containers… Introduction

6. -Container are super awesome … -Everyone uses containers… Introduction The

   story has been told m illion tim es. https://giphy.com/gifs/kim-novak-tXL4FHPSnVJ0A

7. Instead, let’s jump right into building Docker Images for Rust

   Applications

8. • Introduction • Containerizing Rust Applications • Running Rust Applications

   in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

9. • Introduction • Containerizing Rust Applications • Running Rust Applications

   in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

10. • Obvious things to keep in mind when building Docker

    Images • Use proper tagging strategy • Embrace multi-stage Dockerfiles • Run apps in a non-previliged user context • Expect the root-filesystem to be readonly Containerizing Rust Applications

11. • Harden your Docker Images • Check for CIS-Benchmark compliancy

    • Scan your Docker Images for vulnerabilities • Re-Scan existing images in your Container Registry Containerizing Rust Applications

12. • Ensure necessary native dependecies are part of the image

    • Containerizing Rust applications may require more up-front thinking compared to contaienrizing apps build using other languages • Static vs dynamic C runtimes • for ref see https://doc.rust-lang.org/reference/linkage.html#static-and-dynamic-c-runtimes Containerizing Rust Applications

13. Containerizing Rust Applications Demo

14. • Introduction • Containerizing Rust Applications • Running Rust Applications

    in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

15. • Introduction • Containerizing Rust Applications • Running Rust Applications

    in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

16. • Proven techniques for running applications in Kubernetes • Always

    log to STDOUT / STDERR • Hosting aspects (e.g., HTTPs redirections) are not in the responsibility of the app developer • Consume configuration using environment variables or files mounted into the container at runtime Running Rust Applications in Kubernetes

17. • Proven techniques for running applications in Kubernetes • Provide

    metrics and traces using OpenTelemetry (https://opentelemetry.io/) • Provide health probes (readiness & liveness at least) • Specify resource requests & limits for every container Running Rust Applications in Kubernetes

18. Running Rust Applications in Kubernetes Demo

19. • Introduction • Containerizing Rust Applications • Running Rust Applications

    in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

20. • Introduction • Containerizing Rust Applications • Running Rust Applications

    in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

21. • Connect to any Kubernetes • From inside or outside

    of the cluster • Official crate • https://github.com/kube-rs/kube • https://crates.io/crates/kube Interacting and Extending Kubernetes with Rust

22. kube-rs capabilities • Cluster interaction (read & write) • Custom

    Kubernetes Controllers • Custom Resource Definitions (CRDs) Interacting and Extending Kubernetes with Rust

23. Interacting and Extending Kubernetes with Rust Demo

24. • Introduction • Containerizing Rust Applications • Running Rust Applications

    in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

25. • Introduction • Containerizing Rust Applications • Running Rust Applications

    in Kubernetes • Interacting and Extending Kubernetes with Rust • WebAssembly workloads in Kubernetes Agenda

26. • Previously we had krustlet 💀 • A kubelet implementation

    made in Rust to run WebAssembly Modules using wasmtime • Now we have containerd-shim in preview • Run Spin and Slight applications WebAssembly workloads in Kubernetes

27. containerd-wasm-shims • https://github.com/deislabs/containerd-wasm-shims • Microsoft provides them already in AKS

    • Limitations & gotchas • Supporting only simple workloads for now (HTTP) • Scratch Container is used for distribution WebAssembly workloads in Kubernetes

28. So; What is Spin “Spin is a framework for building

    and running event-driven microservice applications with WebAssembly (Wasm) components. With Spin, we’re trying to make it easier to get started with using WebAssembly on the server so that we can all take advantage of the security, portability, and speed WebAssembly provides when it comes to running microservices.” WebAssembly workloads in Kubernetes https://developer.fermyon.com/spin/index

29. WebAssembly workloads in Kubernetes Demo

30. Thank you [email protected] @ThorstenHans