Use a Dockerfile from rocket guide, but modified to include a custom root certificate (uncomment and copy it here!) and a json folder as well as a static folder.
- Start your Linux from this root folder using a cool windows terminal
wsl
- Pull Kaniko image into ctr (start containerd first)
sudo ctr i pull gcr.io/kaniko-project/executor:latest
- build with Kaniko and export to a local tar
sudo ctr run --net-host --rm --mount type=bind,src=$(pwd),dst=/workspace,options=rbind:rw gcr.io/kaniko-project/executor:latest kaniko-executor /kaniko/executor --dockerfile=/workspace/Dockerfile --context=/workspace --no-push --skip-tls-verify --build-arg pkg=hello-rocket --build-arg OPENWEATHER_API_KEY=$OPENWEATHER_API_KEY --tarPath=/workspace/rust-playground-kaniko.tar --destination=localhost/rust-playground-kaniko:latest
- Import the image into containerd
sudo ctr image import rust-playground-kaniko.tar
- Create the container
sudo ctr c create --net-host localhost/rust-playground-kaniko:latest rust-playground
- Start the task
sudo ctr t start rust-playground
-
Open in the browser
-
Eventually split the terminal window and stop the task
sudo ctr t kill -s 9 rust-playground
- Tag the image
sudo ctr image tag localhost/rust-playground-kaniko:latest docker.io/${DHUSER}/rust-playground-kaniko:latest
- Push the image
sudo ctr images push \
--user "${DHUSER}:${DHTOKEN}" \
docker.io/${DHUSER}/rust-playground-kaniko:latest
- Deploy to Kubernetes (create the cluster, see my instructions for digitalocean, update the certificate email, etc...)
cd k8s
kubectl apply -f deployment.yml
kubectl rollout status deployment/rust-web -n rust
- Open in the browser your website, e.g.:
Added with this commit
Cert Manager can also be used in on-premises Kubernetes environments. In such cases, referencing the DigitalOcean domain is beneficial, as it integrates well with the automated Let's Encrypt challenge for issuing certificates. The integration simplifies DNS management, making certificate issuance more efficient. Use DO token in the deployment to automate the TXT DNS challange. In case of a Minikube PoC in one's home intranet, one will need a port forward in the router's NAT and an Nginx reverse proxy to the Minikube tunnel (127.0.0.1) on Windows 11.