akashop/README.md

# akashop
https://origin-akashop.akamai-lab.com

- akashop was built on [woocommerce](https://woo.com/).
- akashop is deployed to **tee-origins** kubernetes cluster.

## How to deploy
1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
2. cd akashop/traefik
3. kubectl create namespace traefik
4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
5. kubectl get pods -n traefik
```
NAME                                  READY   STATUS    RESTARTS   AGE
traefik-deployment-6dbb5f6667-wslph   1/1     Running   0          9m2s
```
6. kubectl get services -n traefik
```
NAME                        TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
traefik-dashboard-service   LoadBalancer   10.128.46.205   172.233.169.40   8080:32174/TCP               18h
traefik-web                 LoadBalancer   10.128.2.58     172.233.168.36   80:31310/TCP,443:32696/TCP   18h
```
7. Vefiry traefik dashboard. 
```
http://{traefik-dashboard-service-external-ip}:8080
```
8. cd ../akashop
9. kubectl create namespace akashop
10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
11. DNS spoofing test
```
http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:38:47 GMT
Location: https://origin-akashop.akamai-lab.com/
Server: Apache/2.4.57 (Debian)
X-Powered-By: PHP/8.2.17
X-Redirect-By: WordPress
```
12.  Update DNS record
```
origin-akashop.akamai-lab.com.  600  IN  A  {traefik-web-external-ip}
```
13.  HTTPS test
```
http https://origin-akashop.akamai-lab.com -ph
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 18525
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:41:25 GMT
Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink
Server: Apache/2.4.57 (Debian)
Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.17
```

## How to use HTTPS ##
- traefik/traefik-deployment.yml
```yml
- --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
```
- akashop/traefik-ingressR.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: akashop-https
  namespace: akashop
spec:
  entryPoints:
    - websecure  
  tls:
    certResolver: le
```

## How to redirect HTTP to HTTPS ##
- akashop/traefik-ingressR.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: akashop-redir
  namespace: akashop
spec:
  redirectScheme:
    scheme: https
    permanent: true

---

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: akashop-http
  namespace: akashop
  ......
    middlewares:
    - name: akashop-redir
```

## How to maintain Session Stickyness ##
- akashop/traefik-ingressR.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: akashop-https
  namespace: akashop
  ......
    services:
    - name: wp
      port: 80
      sticky:
        cookie:
          httpOnly: true
```

## How to use ReadWriteMany pvc ##
- akashop/pv.yml
```yml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: wp-data
  namespace: akashop
spec:
......
  nfs:
    path: /nfs/share/akashop/volumes/wp
    server: 10.0.0.5
```

- akashop/pvc.yml
```yml  
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: wp-data-pvc
spec:
  accessModes:
    - ReadWriteMany
    ......
```
Initial commit 2024-03-20 07:37:27 +00:00			`# akashop`
modified: README.md 2024-04-02 02:06:51 +00:00			`https://origin-akashop.akamai-lab.com`
new file: akashop/redirect.yml 2024-04-02 01:57:45 +00:00
modified: README.md 2024-04-08 00:53:17 +00:00			`- akashop was built on [woocommerce](https://woo.com/).`
			`- akashop is deployed to tee-origins kubernetes cluster.`

modified: README.md 2024-04-08 00:45:10 +00:00			`## How to deploy`
			`1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git`
			`2. cd akashop/traefik`
			`3. kubectl create namespace traefik`
			`4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik`
			`5. kubectl get pods -n traefik`
			```
			`NAME READY STATUS RESTARTS AGE`
			`traefik-deployment-6dbb5f6667-wslph 1/1 Running 0 9m2s`
			```
			`6. kubectl get services -n traefik`
			```
			`NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE`
			`traefik-dashboard-service LoadBalancer 10.128.46.205 172.233.169.40 8080:32174/TCP 18h`
			`traefik-web LoadBalancer 10.128.2.58 172.233.168.36 80:31310/TCP,443:32696/TCP 18h`
			```
			`7. Vefiry traefik dashboard.`
			```
			`http://{traefik-dashboard-service-external-ip}:8080`
			```
			`8. cd ../akashop`
			`9. kubectl create namespace akashop`
			`10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop`
			`11. DNS spoofing test`
			```
			`http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com`
			`HTTP/1.1 301 Moved Permanently`
			`Content-Length: 0`
			`Content-Type: text/html; charset=UTF-8`
			`Date: Mon, 08 Apr 2024 00:38:47 GMT`
			`Location: https://origin-akashop.akamai-lab.com/`
			`Server: Apache/2.4.57 (Debian)`
			`X-Powered-By: PHP/8.2.17`
			`X-Redirect-By: WordPress`
			```
modified: README.md 2024-04-08 00:53:17 +00:00			`12. Update DNS record`
modified: README.md 2024-04-08 00:45:10 +00:00			```
			`origin-akashop.akamai-lab.com. 600 IN A {traefik-web-external-ip}`
			```
modified: README.md 2024-04-08 00:53:17 +00:00			`13. HTTPS test`
modified: README.md 2024-04-08 00:45:10 +00:00			```
			`http https://origin-akashop.akamai-lab.com -ph`
			`HTTP/1.1 200 OK`
			`Content-Encoding: gzip`
			`Content-Length: 18525`
			`Content-Type: text/html; charset=UTF-8`
			`Date: Mon, 08 Apr 2024 00:41:25 GMT`
			`Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink`
			`Server: Apache/2.4.57 (Debian)`
			`Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly`
			`Vary: Accept-Encoding`
			`X-Powered-By: PHP/8.2.17`
			```

new file: akashop/redirect.yml 2024-04-02 01:57:45 +00:00			`## How to use HTTPS ##`
modified: README.md 2024-04-08 00:53:17 +00:00			`- traefik/traefik-deployment.yml`
new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00			```yml
new file: akashop/redirect.yml 2024-04-02 01:57:45 +00:00			`- --certificatesresolvers.le.acme.email=learn@akamai.com`
			`- --certificatesresolvers.le.acme.storage=acme.json`
			`- --certificatesresolvers.le.acme.tlschallenge=true`
			`- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory`
modified: README.md 2024-04-08 00:45:10 +00:00			`# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory`
modified: README.md 2024-04-02 02:06:51 +00:00			`# change caServer to production https://acme-v02.api.letsencrypt.org/directory`
new file: akashop/redirect.yml 2024-04-02 01:57:45 +00:00			```
new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00			`- akashop/traefik-ingressR.yml`
			```yml
			`apiVersion: traefik.io/v1alpha1`
			`kind: IngressRoute`
			`metadata:`
			`name: akashop-https`
			`namespace: akashop`
			`spec:`
			`entryPoints:`
			`- websecure`
			`tls:`
			`certResolver: le`
new file: akashop/redirect.yml 2024-04-02 01:57:45 +00:00			```

			`## How to redirect HTTP to HTTPS ##`
new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00			`- akashop/traefik-ingressR.yml`
			```yml
			`apiVersion: traefik.io/v1alpha1`
			`kind: Middleware`
			`metadata:`
			`name: akashop-redir`
			`namespace: akashop`
			`spec:`
			`redirectScheme:`
			`scheme: https`
			`permanent: true`

			`---`

			`apiVersion: traefik.io/v1alpha1`
			`kind: IngressRoute`
			`metadata:`
			`name: akashop-http`
			`namespace: akashop`
			`......`
			`middlewares:`
			`- name: akashop-redir`
new file: akashop/redirect.yml 2024-04-02 01:57:45 +00:00			```

			`## How to maintain Session Stickyness ##`
modified: README.md 2024-04-08 00:53:17 +00:00			`- akashop/traefik-ingressR.yml`
new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00			```yml
			`apiVersion: traefik.io/v1alpha1`
			`kind: IngressRoute`
			`metadata:`
			`name: akashop-https`
			`namespace: akashop`
			`......`
			`services:`
			`- name: wp`
			`port: 80`
			`sticky:`
			`cookie:`
			`httpOnly: true`
new file: akashop/redirect.yml 2024-04-02 01:57:45 +00:00			```
Initial commit 2024-03-20 07:37:27 +00:00
modified: README.md 2024-04-02 02:06:51 +00:00			`## How to use ReadWriteMany pvc ##`
			`- akashop/pv.yml`
new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00			```yml
			`apiVersion: v1`
			`kind: PersistentVolume`
			`metadata:`
			`name: wp-data`
			`namespace: akashop`
			`spec:`
			`......`
			`nfs:`
			`path: /nfs/share/akashop/volumes/wp`
			`server: 10.0.0.5`
modified: README.md 2024-04-02 02:06:51 +00:00			```
new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00
			`- akashop/pvc.yml`
			```yml
			`apiVersion: v1`
			`kind: PersistentVolumeClaim`
			`metadata:`
			`name: wp-data-pvc`
			`spec:`
			`accessModes:`
			`- ReadWriteMany`
			`......`
modified: README.md 2024-04-02 02:06:51 +00:00			```