From 1a7861633665eb6a209675c4f35186fd493ed29a Mon Sep 17 00:00:00 2001 From: Fabian Schmidt Date: Mon, 16 Sep 2024 12:39:06 +0200 Subject: [PATCH] Dockerfile templates for rust projects --- .gitignore | 1 + Cargo.lock | 7 +++++ Cargo.toml | 11 +++++++ docker-compose.yml | 10 +++++++ docker/alpine.Dockerfile | 56 ++++++++++++++++++++++++++++++++++++ docker/distroless.Dockerfile | 46 +++++++++++++++++++++++++++++ docker/scratch.Dockerfile | 47 ++++++++++++++++++++++++++++++ src/main.rs | 3 ++ 8 files changed, 181 insertions(+) create mode 100644 .gitignore create mode 100644 Cargo.lock create mode 100644 Cargo.toml create mode 100644 docker-compose.yml create mode 100755 docker/alpine.Dockerfile create mode 100644 docker/distroless.Dockerfile create mode 100755 docker/scratch.Dockerfile create mode 100644 src/main.rs diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ea8c4bf --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/target diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..51973f4 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,7 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "small-rust" +version = "0.1.0" diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..8878772 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "small-rust" +version = "0.1.0" +edition = "2021" + +[dependencies] + +[profile.release] +lto = true +codegen-units = 1 +strip = "symbols" diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..26a21c6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,10 @@ +services: + small-rust-distroless: + build: + dockerfile: ./docker/distroless.Dockerfile + small-rust-alpine: + build: + dockerfile: ./docker/alpine.Dockerfile + small-rust-scratch: + build: + dockerfile: ./docker/scratch.Dockerfile diff --git a/docker/alpine.Dockerfile b/docker/alpine.Dockerfile new file mode 100755 index 0000000..d2dcd75 --- /dev/null +++ b/docker/alpine.Dockerfile @@ -0,0 +1,56 @@ +#################################################################################################### +## Builder +#################################################################################################### +FROM rust:1-alpine3.19 +# This is important, see https://github.com/rust-lang/docker-rust/issues/85 +ENV RUSTFLAGS="-C target-feature=-crt-static" + +RUN apk add --no-cache musl-dev + +WORKDIR /app + +COPY ./ /app + +RUN cargo build --release +RUN strip target/release/small-rust + +#################################################################################################### +## Final image +#################################################################################################### +FROM alpine:3.19 + +RUN apk add --no-cache libgcc + +COPY --from=0 /app/target/release/small-rust . + +ENTRYPOINT ["/small-rust"] + + +#################################################################################################### +## Alternatively use this builder +#################################################################################################### +#FROM rust:latest AS builder +# +#RUN rustup target add x86_64-unknown-linux-musl +#RUN apt update && apt install -y musl-tools musl-dev +#RUN update-ca-certificates +# +## Create appuser +#ENV USER=myip +#ENV UID=10001 +# +#RUN adduser \ +# --disabled-password \ +# --gecos "" \ +# --home "/nonexistent" \ +# --shell "/sbin/nologin" \ +# --no-create-home \ +# --uid "${UID}" \ +# "${USER}" +# +# +#WORKDIR /myip +# +#COPY ./ . +# +#RUN cargo build --target x86_64-unknown-linux-musl --release diff --git a/docker/distroless.Dockerfile b/docker/distroless.Dockerfile new file mode 100644 index 0000000..ada35b6 --- /dev/null +++ b/docker/distroless.Dockerfile @@ -0,0 +1,46 @@ +#################################################################################################### +## Builder +#################################################################################################### +FROM rust:latest AS builder + +RUN update-ca-certificates + +# Create appuser +ENV USER=small-rust +ENV UID=10001 + +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid "${UID}" \ + "${USER}" + + +WORKDIR /app + +COPY ./ . + +# We no longer need to use the x86_64-unknown-linux-musl target +RUN cargo build --release + +#################################################################################################### +## Final image +#################################################################################################### +FROM gcr.io/distroless/cc + +# Import from builder. +COPY --from=builder /etc/passwd /etc/passwd +COPY --from=builder /etc/group /etc/group + +WORKDIR /app + +# Copy our build +COPY --from=builder /app/target/release/small-rust ./ + +# Use an unprivileged user. +USER small-rust:small-rust + +CMD ["/app/small-rust"] diff --git a/docker/scratch.Dockerfile b/docker/scratch.Dockerfile new file mode 100755 index 0000000..84c70a3 --- /dev/null +++ b/docker/scratch.Dockerfile @@ -0,0 +1,47 @@ +#################################################################################################### +## Builder +#################################################################################################### +FROM rust:latest AS builder + +RUN rustup target add x86_64-unknown-linux-musl +RUN apt update && apt install -y musl-tools musl-dev +RUN update-ca-certificates + +# Create appuser +ENV USER=small-rust +ENV UID=10001 + +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid "${UID}" \ + "${USER}" + + +WORKDIR /app + +COPY ./ . + +RUN cargo build --target x86_64-unknown-linux-musl --release + +#################################################################################################### +## Final image +#################################################################################################### +FROM scratch + +# Import from builder. +COPY --from=builder /etc/passwd /etc/passwd +COPY --from=builder /etc/group /etc/group + +WORKDIR /app + +# Copy our build +COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/small-rust ./ + +# Use an unprivileged user. +USER small-rust:small-rust + +CMD ["/app/small-rust"] diff --git a/src/main.rs b/src/main.rs new file mode 100644 index 0000000..e7a11a9 --- /dev/null +++ b/src/main.rs @@ -0,0 +1,3 @@ +fn main() { + println!("Hello, world!"); +}