Kubernetes Cookbook. Kirill Kazakov
Чтение книги онлайн.

Читать онлайн книгу Kubernetes Cookbook - Kirill Kazakov страница 4

Название: Kubernetes Cookbook

Автор: Kirill Kazakov

Издательство: Издательские решения

Жанр:

Серия:

isbn: 9785006465633

isbn:

СКАЧАТЬ to the /health endpoint:

      curl http://localhost:8000/health

      You should see the following response:

      {“status”: “OK”}

      Running the application in Docker isn’t significantly different. We need a Dockerfile to make an image. Dockerfile is a text document with instructions for the command line. The syntax is straightforward to learn. Let’s create a Dockerfile in the root directory of our project:

      FROM rust:1.73-bookworm as builder

      WORKDIR /app

      COPY..

      RUN – mount=type=cache, target=$CARGO_HOME/registry/cache \

      cargo build – release – bins

      FROM gcr.io/distroless/cc-debian12

      ENV RUST_LOG=info

      COPY – from=builder /app/target/release/auth-app.

      CMD [”. /auth-app”, "-a”, “0.0.0.0”, "-p”, “8080”]

      Let’s go through this Dockerfile line by line:

      FROM rust:1.73-bookwork as builder

      This line tells Docker to use the official Rust image as a base image. The 1.73 tag means using the Debian 12 Bookworm distribution. We also give the base name to the image. We will use it later.

      Many base images from various vendors on the Docker Hub public registry exist. You can find any programming language, database, or full-fledged operating system. Anybody can create an image and publish it. You can inherit an image from any other image or make it from scratch.

      The vital thing to say is that each “FROM” instruction represents the build stage.

      WORKDIR /app

      This line sets the working directory for the following instructions. It is like the “cd’ command in the shell. The “WORKDIR” instruction can be used multiple times in a Dockerfile. It will create the directory if it does not exist.

      COPY..

      This line copies the current directory’s content to the `/app’ directory in the container.

      RUN – mount=type=cache, target=$CARGO_HOME/registry/cache \

      cargo build – release

      This line runs the build command. By default, the Rust origin image includes the Cargo package manager. By Cargo command, we build the static binary of our application in a release mode.

      Mounts is a relatively new Docker feature. It allows you to mount various types of volume to the container. In this case, we mount the Cargo cache directory. The persistent cache helps speed up the build steps. If you rebuild a layer, a persistent cache ensures that you only download new or changed packages.

      FROM gcr.io/distroless/cc-debian12

      Now, we are beginning the second stage of the build process. We use the Distroless Docker image by Google, which has a minimal Linux and glibc runtime. It is designed for mainly statically compiled languages such as Rust. This image is commonly used for creating highly minimal images. We chose to use it to reduce the final image size in which our app will eventually run.

      Reducing image size is important because it decreases the time it takes to download and deploy the image. It also reduces the attack surface of the image. The smaller the image, the fewer the number of packages and dependencies it contains. This means there are fewer vulnerabilities to exploit.

      ENV RUST_LOG=info

      This line sets the environment variable. It is similar to the “export’ command in the shell. We set the “RUST_LOG” variable to the “info’ level. It means that the application will log only information messages.

      COPY – from=builder /app/target/release/auth-app.

      This line copies the binary from the first build stage to the current directory of the second stage image. We didn’t set “WORKDIR” in the second build stage, so by default, the current directory is the root directory.

      CMD [”. /auth-app”, "-a”, “0.0.0.0”, "-p”, “8080”]

      This line sets the default command to run when the container starts.

      Now, we can build the image by using the following command:

      docker build -t auth-app.

      The `-t’ flag sets the image tag. The same tag as we placed in the “FROM” instruction in the first build stage. We didn’t put the version after the colon, so Docker automatically builds with the “latest’ tag. The’. ’ at the end of the command means a build’s context. The build process happens inside the build context’s directory.

      After the image is built, we can check it by using the following command:

      docker images

      See the obtained size of our build image, which is compared to a regular Rust image, is much smaller:

      REPOSITORY TAG IMAGE ID CREATED SIZE

      auth-app latest 94e11dc49c66 2 minutes ago 34.8MB

      rust 1.73-bookworm 890a6b209e1c 3 days ago 1.5GB

      Now, the time is to create an instance of this image. We call such an instance a container. We can do it by using the following command:

      docker run -p 8080:8080 auth-app: latest

      The `-p’ flag maps the container port to the host port. The first port is the host port, and the second is the container port. Also, we explicitly specified a tag. However, Docker will pull the “latest’ tag without it by default if not specified. Let’s now request the `/health’ endpoint:

      curl http://localhost:8080/health

      You should see the following response, meaning that our application is healthy:

      {“status”: “OK”}

      Containerizing with Podman

      To start with Podman, you need to install Podman Desktop. You can download it from the [official website] (https://podman.io/docs/installation). Once you’ve installed it, you can check the Podman version by using this command:

      podman – version

      You should see the version of Podman:

      podman version 4.7.0

      Compared to Docker Desktop, Podman requires an additional step from the user to start a virtual machine. You can do it by running the command below:

      podman machine start

      By default, СКАЧАТЬ