rust_hello is a lightweight Axum-based web service that reports how long a Kubernetes Service has been running and how many pod endpoints are currently available. It is designed for quick status pages, such as self-hosted homepages, and degrades gracefully when it cannot talk to a cluster.
I want to push the limits of a practical Rust container and see how small it can be.
Also, non-x86 computing platforms(Arm and RiscV) are emerging, so multi-arch support is essential for the deployment of Rust applications in hybrid clusters.
To build a minimal image, static linking is necessary.
The Axum server itself does not require TLS and in actual services TLS usually terminates at the API gateway like Ngnix.
However, kube-rs needs TLS to talk to K8S. Therefore, use rust-tls.
Instead of the scatch base image, use distroless: just like scratch, but run as non-root and timezone data is included.
- Minimal image size: 10.4 MB(a Go Gin helloworld web server is 20.1 MB)
- Minimal runtime memory footprint: 1 MB(after using mimalloc: 20MB)
- Computes uptime for a named Kubernetes Service by reading its
creationTimestamp. - Counts ready endpoints via the Kubernetes Endpoints API to highlight replica availability.
- Renders a minimal HTML page suitable for dashboards or homepages.
- Falls back to informative error messaging when run outside a cluster or without credentials.
- Ships with a distroless-compatible Dockerfile, Helm chart, and helper script for deployments.
- Rust toolchain (2024 edition support; install via
rustupornix develop). - Access to a Kubernetes cluster if you want live data. The binary still runs without one.
cargo runBy default the server listens on 0.0.0.0:3000. If your kubeconfig is available (e.g., ~/.kube/config), the application uses it automatically. Otherwise it logs a warning and serves an error page instead of uptime data.
SERVICE_NAME(default:rust-hello) – target Service to inspect.POD_NAMESPACE– overrides the namespace detection. If unset, the app reads/var/run/secrets/kubernetes.io/serviceaccount/namespaceand falls back todefault.
Build a static container image using the provided multi-stage Dockerfile:
podman build -t rust-hello:local .
podman run --rm -p 3000:3000 -e SERVICE_NAME=your-service rust-hello:local| Commit | Description | Size(MB) |
|---|---|---|
| a71d829 | Regular Cargo.toml | 14.4 |
| 0c64813 | Optimized Cargo.toml | 10.4 |
Symbols: 1MB.
The final stage is based on gcr.io/distroless/static-debian12, runs as a non-root user, and exposes port 3000.
- Multi-architecture friendly: the build args
TARGETARCHandTARGETPLATFORMplug into BuildKit/buildx, so you can producelinux/amd64andlinux/arm64images from a single definition without edits. - Deterministic dependency caching:
cargo chef prepareandcargo chef cookwarm the dependency layer before the app sources are copied, which keeps rebuilds fast. - Fully static binaries: the builder stage uses
allheil/rust-musl-crossso the resulting binary links againstmusland can run in the distroless static image. - Distroless runtime: the final stage inherits a non-root user and the minimal Debian 12 base, yielding a tiny, scratch-like image with timezone data included.
podman -r buildx build \
--platform linux/amd64,linux/arm64 \
--manifest rust-hello:multi \
--file Dockerfile \
.
podman -r manifest push --all rust-hello:multi - Helm chart:
charts/rust-hello - Helper script:
deploy.sh(builds with Podman, pushes to a registry, and upgrades the Helm release)
Quick deploy (adjust registry and namespace inside deploy.sh first):
./deploy.shAlternatively, install the chart manually:
helm upgrade --install rust-hello ./charts/rust-hello \
--namespace default \
--set image.repository=docker.io/you/rust-hello \
--set image.tag=latestThis repository ships a flake.nix that sets up a reproducible toolchain and pre-commit hooks:
nix developThe shell prints toolchain versions on entry and ensures rustfmt, clippy, and other helpful Cargo tools are available.
src/main.rs– service implementation and Kubernetes integration.Dockerfile– static, distroless build pipeline usingcargo-chef.deploy.sh– Podman + Helm automation script.charts/rust-hello– Helm chart templates and default values.flake.nix– reproducible development environment (optional).TODO.md
The service currently focuses on uptime reporting. Enhancements on the roadmap (see TODO.md) include reducing image size and improving replica handling.