Skip to content

lifengstone/distroless-rust

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.devcontainer
.devcontainer
 
 
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
my-rust-app.tar
my-rust-app.tar
 
 

Repository files navigation

Create a powerful Tokenizer API using distroless

By using distroless, you ensure a low weight for your container. This full example will get you everything you need to run an API in a container that you can then use to deploy to a cloud provider like Azure.

This repository gives you a good starting point with a Dockerfile, GitHub Actions workflow, and Rust code.

Generate a PAT

The access token will need to be added as an Action secret. Create one with enough permissions to write to packages.

Copy the generated token and add it as a Github repository secret with the name PAT. (If that link doesn't work, make sure you're reading this on your own copy of the repo, not the original template.)

Create an Azure Service Principal

You'll need the following:

  1. An Azure subscription ID find it here or follow this guide
  2. A Service Principal with the following details the AppID, password, and tenant information. Create one with: az ad sp create-for-rbac -n "REST API Service Principal" and assign the IAM role for the subscription. Alternatively set the proper role access using the following command (use a real subscription id and replace it):
az ad sp create-for-rbac --name "CICD" --role contributor --scopes /subscriptions/$AZURE_SUBSCRIPTION_ID --sdk-auth

Capture the output and add it as a Github repository secret with the name AZURE_CREDENTIALS. (If that link doesn't work, make sure you're reading this on your own copy of the repo, not the original template.)

Azure Container Apps

Make sure you have one instance already created, and then capture the name and resource group. These will be used in the workflow file.

No need to change defaults

Unlike other language runtimes like Python, you don't need to change the default container service. Rust will be more than happy to use a single CPU!

Gotchas

There are a few things that might get you into a failed state when deploying:

  • Not using authentication for accessing the remote registry (ghcr.io in this case). Authentication is always required
  • Not using a PAT (Personal Access Token) or using a PAT that doesn't have write permissions for "packages".
  • Different port than 80 in the container. By default Azure Container Apps use 80. Update to match the container.

If running into trouble, check logs in the portal or use the following with the Azure CLI:

az containerapp logs  show  --name $CONTAINER_APP_NAME --resource-group $RESOURCE_GROUP_NAME --follow

Update both variables to match your environment

NOTE Settings for Packages in your repo may need updating. Go to Action Settings and scroll down to "Workflow Permissions" and make sure it shows "Read and write permissions" as selected, otherwise you'll see a 403 Forbidden

About

Deploy a distroless Rust API to Azure

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 89.0%
  • Dockerfile 11.0%