diff --git a/README.md b/README.md
index 06af8e8..c35306f 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,71 @@
# akashop
https://origin-akashop.akamai-lab.com
+- akashop was built on [woocommerce](https://woo.com/).
+- akashop is deployed to **tee-origins** kubernetes cluster.
+
+## How to deploy
+1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
+2. cd akashop/traefik
+3. kubectl create namespace traefik
+4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
+5. kubectl get pods -n traefik
+```
+NAME READY STATUS RESTARTS AGE
+traefik-deployment-6dbb5f6667-wslph 1/1 Running 0 9m2s
+```
+6. kubectl get services -n traefik
+```
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+traefik-dashboard-service LoadBalancer 10.128.46.205 172.233.169.40 8080:32174/TCP 18h
+traefik-web LoadBalancer 10.128.2.58 172.233.168.36 80:31310/TCP,443:32696/TCP 18h
+```
+7. Vefiry traefik dashboard.
+```
+http://{traefik-dashboard-service-external-ip}:8080
+```
+8. cd ../akashop
+9. kubectl create namespace akashop
+10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
+11. DNS spoofing test
+```
+http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
+HTTP/1.1 301 Moved Permanently
+Content-Length: 0
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 08 Apr 2024 00:38:47 GMT
+Location: https://origin-akashop.akamai-lab.com/
+Server: Apache/2.4.57 (Debian)
+X-Powered-By: PHP/8.2.17
+X-Redirect-By: WordPress
+```
+12. Update DNS record
+```
+origin-akashop.akamai-lab.com. 600 IN A {traefik-web-external-ip}
+```
+13. HTTPS test
+```
+http https://origin-akashop.akamai-lab.com -ph
+HTTP/1.1 200 OK
+Content-Encoding: gzip
+Content-Length: 18525
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 08 Apr 2024 00:41:25 GMT
+Link: ; rel="https://api.w.org/", ; rel="alternate"; type="application/json", ; rel=shortlink
+Server: Apache/2.4.57 (Debian)
+Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
+Vary: Accept-Encoding
+X-Powered-By: PHP/8.2.17
+```
+
## How to use HTTPS ##
-- traefik/02-traefik.yml
+- traefik/traefik-deployment.yml
```yml
- --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
```
- akashop/traefik-ingressR.yml
@@ -50,7 +108,7 @@ metadata:
```
## How to maintain Session Stickyness ##
-- akashop/ingress.yml
+- akashop/traefik-ingressR.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
diff --git a/akashop/pv.yml b/akashop/pv.yml
index 5783d4c..c9bd1de 100644
--- a/akashop/pv.yml
+++ b/akashop/pv.yml
@@ -13,7 +13,7 @@ spec:
storageClassName: ""
nfs:
path: /nfs/share/akashop/volumes/wp
- server: 10.0.0.5
+ server: 10.0.0.2
---
@@ -32,4 +32,4 @@ spec:
storageClassName: ""
nfs:
path: /nfs/share/akashop/volumes/db
- server: 10.0.0.5
+ server: 10.0.0.2
diff --git a/akashop/traefik-ingressR.yml b/akashop/traefik-ingressR.yml
index 9026b53..5c27832 100644
--- a/akashop/traefik-ingressR.yml
+++ b/akashop/traefik-ingressR.yml
@@ -21,14 +21,14 @@ spec:
- web
routes:
- - match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
+ - match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: wp
port: 80
- middlewares:
- - name: akashop-redir
+ # middlewares:
+ # - name: akashop-redir
---
@@ -46,7 +46,7 @@ spec:
certResolver: le
routes:
- - match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
+ - match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: wp
diff --git a/traefik/kubernetes-crd-rbac.yml b/traefik/kubernetes-crd-rbac.yml
index a1e5875..afb974a 100644
--- a/traefik/kubernetes-crd-rbac.yml
+++ b/traefik/kubernetes-crd-rbac.yml
@@ -64,7 +64,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
- namespace: default
+ namespace: traefik
---
@@ -72,4 +72,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
- namespace: default
+ namespace: traefik
diff --git a/traefik/02-traefik.yml b/traefik/traefik-deployment.yml
similarity index 90%
rename from traefik/02-traefik.yml
rename to traefik/traefik-deployment.yml
index d3be2ea..ea0108a 100644
--- a/traefik/02-traefik.yml
+++ b/traefik/traefik-deployment.yml
@@ -33,7 +33,8 @@ spec:
- --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+ # - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+ - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
ports:
- name: web
diff --git a/traefik/02-traefik-services.yml b/traefik/traefik-services.yml
similarity index 100%
rename from traefik/02-traefik-services.yml
rename to traefik/traefik-services.yml