Containerization

Use a Dockerfile from rocket guide, but modified to include a custom root certificate (uncomment and copy it here!) and a json folder as well as a static folder.

• Start your Linux from this root folder using a cool windows terminal

wsl

• Pull Kaniko image into ctr (start containerd first)

sudo ctr i pull gcr.io/kaniko-project/executor:latest

• build with Kaniko and export to a local tar

sudo ctr run --net-host --rm --mount type=bind,src=$(pwd),dst=/workspace,options=rbind:rw gcr.io/kaniko-project/executor:latest kaniko-executor /kaniko/executor --dockerfile=/workspace/Dockerfile --context=/workspace --no-push --skip-tls-verify --build-arg pkg=rocket-app --build-arg OPENWEATHER_API_KEY=$OPENWEATHER_API_KEY --tarPath=/workspace/rust-playground-kaniko.tar --destination=localhost/rust-playground-kaniko:latest

• Import the image into containerd

sudo ctr image import rust-playground-kaniko.tar

• Create the container

sudo ctr c create --net-host --env OPENWEATHER_API_KEY=<your api key>  localhost/rust-playground-kaniko:latest rust-playground

• Start the task

sudo ctr t start rust-playground

• Open in the browser

  • http://localhost:8080/
  • http://localhost:8080/json
  • http://localhost:8080/api/data

• Eventually split the terminal window and stop the task

sudo ctr t kill -s 9 rust-playground

• Tag the image

sudo ctr image tag localhost/rust-playground-kaniko:latest docker.io/${DHUSER}/rust-playground-kaniko:latest

• Push the image

sudo ctr images push \
    --user "${DHUSER}:${DHTOKEN}" \
    docker.io/${DHUSER}/rust-playground-kaniko:latest

• Deploy to Kubernetes (create the cluster, see my instructions for digitalocean, update the certificate email, etc...)

cd k8s
kubectl apply -f deployment.yml
kubectl rollout status deployment/rust-web -n rust

• Open in the browser your website, e.g.:
  • https://myweb.giuliohome.org/
  • https://myweb.giuliohome.org/json
  • https://myweb.giuliohome.org/api/data

Weather Forecast

Added with this commit

Android Client App: https://github.com/giuliohome-org/weatherforecastapp

Cert-Manager

Cert Manager can also be used in on-premises Kubernetes environments. In such cases, referencing the DigitalOcean domain is beneficial, as it integrates well with the automated Let's Encrypt challenge for issuing certificates. The integration simplifies DNS management, making certificate issuance more efficient. Use DO token in the deployment to automate the TXT DNS challange. In case of a Minikube PoC in one's home intranet, one will need a port forward in the router's NAT and an Nginx reverse proxy to the Minikube tunnel (127.0.0.1) on Windows 11.

Hyper-V

When using Hyper-V (instead of Docker), you don't need the minikube tunnel. Instead, you can forward directly to minikube ip in nginx.conf, e.g.:

    server {
    listen 443 ssl;
    server_name myweb.giuliohome.org;
    ssl_certificate c:/development/mycert/cert.crt;
    ssl_certificate_key c:/development/mycert/cert.key;

    location / {
        # The configuration line below is for the Hyper-V Minikube IP;
        proxy_pass https://192.168.203.194:443;
        # no Minikube tunnel is needed
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}