This repository serves as a Proof of Concept (POC) to assess the feasibility of using Rust within a containerized microservices architecture. Having used Rust intermittently for a couple of years, I believe it's time to explore its potential for API development.
Disclaimer: This project represents my hobby work to develop a viable solution in my spare time, mostly on weekends, over roughly a month. While this is functional, there are likely areas for improvement. However I set myself a goal of a month so it is good enough as is.
However, due to Rust being a relatively new language, some libraries may not be fully matured. For instance, implementing different authentication methods like OAuth or LDAP might require low-level coding or a code change, which I aimed to avoid in Rust.
In light of this, I leveraged my expertise in API Gateways, sidecar patterns, and other DevOps skills to create a usable solution.
Caveat: I have not tested this on Windows or Mac, but since the entire project is containerized, it should theoretically run.
The project aimed to achieve the following objectives:
- Ease of Development and Testing: Ensure a smooth development and testing workflow for the Rust REST API.
- Production Readiness: Strive for near-production readiness of the Rust API, focusing on security and observability.
- Support for Multiple Authentication and Authorization Technologies: Enable the Rust API to accommodate various authentication and authorization mechanisms, facilitated by ApiSix.
- High-Level Security: Implement robust security measures, including HTTPS and mTLS.
- Framework: Actix
- Database Access: SQLX
- Additional Crates: Utilized for configuration management and tracing
- Apache APISIX
- Nginx
- BZT (BlazeMeter Taurus)
Since this setup uses SSL certificates, you will need Server Name Indication (SNI) working to get results when using curl or other tools from your machine to the Docker stack. Add the following entry to your /etc/hosts file:
127.0.0.1 gateway.svc.docker.local.
The Docker Compose setup also creates a Docker network with each container having static IP addresses. This is not strictly necessary but can help with troubleshooting.
The easiest way to run the setup is by using one of the following commands:
docker compose up./rebuild-stack.sh
Once the system is up and running, you can execute Taurus tests located in the benchmark folder, or use a CURL command like this:
curl https://gateway.svc.docker.local:9443/health -kv -u health:healthWhen running the dockerstack note that the RUST API is now available on any port from its container it is listening to localhost only.
- Local Testing and Development: Running the API locally allows you to test and modify the CRUD functions.
- Configuration: The API can be configured using the .env file in the project folder or environment variables as shown in the compose.yaml file.
- Docker Image: The Docker image for the API is 36MB, utilizing distroless images for minimal footprint. Note that the image does not include SSH/Bash or other tools once running as a Docker container.
- Nginx Sidecar: An Nginx sidecar is created to share the API image's networking and expose Nginx to the outside world.
- Performance Testing: When running the entire stack, you can execute Gatling tests on the API's performance by running a Docker execute command. Refer to the README in the benchmark folder for detailed instructions.
- Development and Testing: Each directory contains instructions for getting started with development and testing.
- Authentication: ApiSix adds authentication to the API. It supports over eight types of authentication, allowing you to change the authentication method without modifying the code.
- Security: ApiSix sanitizes headers for improved security.
- Request Tracing: ApiSix adds an x-request-id to each call. This x-request-id is logged by the Rust API, enabling you to trace issues effectively.
This was a POC I doubt I will every use it or ever update it. Pretty cool for about 24 hours or work over a month or so. Thought I would share but dont expect updates or anything.
This project is licensed under the MIT License.