From b88be070fbd6bada62d956e3599e94ebfb7be5d5 Mon Sep 17 00:00:00 2001 From: Sangmin Kim Date: Mon, 8 Apr 2024 09:45:10 +0900 Subject: [PATCH] modified: README.md --- README.md | 55 +++++++++++++++++++ akashop/pv.yml | 4 +- akashop/traefik-ingressR.yml | 8 +-- traefik/kubernetes-crd-rbac.yml | 4 +- ...{02-traefik.yml => traefik-deployment.yml} | 3 +- ...efik-services.yml => traefik-services.yml} | 0 6 files changed, 65 insertions(+), 9 deletions(-) rename traefik/{02-traefik.yml => traefik-deployment.yml} (90%) rename traefik/{02-traefik-services.yml => traefik-services.yml} (100%) diff --git a/README.md b/README.md index 06af8e8..da7455c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,60 @@ # akashop https://origin-akashop.akamai-lab.com +## How to deploy +1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git +2. cd akashop/traefik +3. kubectl create namespace traefik +4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik +5. kubectl get pods -n traefik +``` +NAME READY STATUS RESTARTS AGE +traefik-deployment-6dbb5f6667-wslph 1/1 Running 0 9m2s +``` +6. kubectl get services -n traefik +``` +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +traefik-dashboard-service LoadBalancer 10.128.46.205 172.233.169.40 8080:32174/TCP 18h +traefik-web LoadBalancer 10.128.2.58 172.233.168.36 80:31310/TCP,443:32696/TCP 18h +``` +7. Vefiry traefik dashboard. +``` +http://{traefik-dashboard-service-external-ip}:8080 +``` +8. cd ../akashop +9. kubectl create namespace akashop +10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop +11. DNS spoofing test +``` +http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com +HTTP/1.1 301 Moved Permanently +Content-Length: 0 +Content-Type: text/html; charset=UTF-8 +Date: Mon, 08 Apr 2024 00:38:47 GMT +Location: https://origin-akashop.akamai-lab.com/ +Server: Apache/2.4.57 (Debian) +X-Powered-By: PHP/8.2.17 +X-Redirect-By: WordPress +``` +1. Update DNS record +``` +origin-akashop.akamai-lab.com. 600 IN A {traefik-web-external-ip} +``` +1. HTTPS test +``` +http https://origin-akashop.akamai-lab.com -ph +HTTP/1.1 200 OK +Content-Encoding: gzip +Content-Length: 18525 +Content-Type: text/html; charset=UTF-8 +Date: Mon, 08 Apr 2024 00:41:25 GMT +Link: ; rel="https://api.w.org/", ; rel="alternate"; type="application/json", ; rel=shortlink +Server: Apache/2.4.57 (Debian) +Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly +Vary: Accept-Encoding +X-Powered-By: PHP/8.2.17 +``` + ## How to use HTTPS ## - traefik/02-traefik.yml ```yml @@ -8,6 +62,7 @@ https://origin-akashop.akamai-lab.com - --certificatesresolvers.le.acme.storage=acme.json - --certificatesresolvers.le.acme.tlschallenge=true - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory +# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory # change caServer to production https://acme-v02.api.letsencrypt.org/directory ``` - akashop/traefik-ingressR.yml diff --git a/akashop/pv.yml b/akashop/pv.yml index 5783d4c..c9bd1de 100644 --- a/akashop/pv.yml +++ b/akashop/pv.yml @@ -13,7 +13,7 @@ spec: storageClassName: "" nfs: path: /nfs/share/akashop/volumes/wp - server: 10.0.0.5 + server: 10.0.0.2 --- @@ -32,4 +32,4 @@ spec: storageClassName: "" nfs: path: /nfs/share/akashop/volumes/db - server: 10.0.0.5 + server: 10.0.0.2 diff --git a/akashop/traefik-ingressR.yml b/akashop/traefik-ingressR.yml index 9026b53..5c27832 100644 --- a/akashop/traefik-ingressR.yml +++ b/akashop/traefik-ingressR.yml @@ -21,14 +21,14 @@ spec: - web routes: - - match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`) + - match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`) kind: Rule services: - name: wp port: 80 - middlewares: - - name: akashop-redir + # middlewares: + # - name: akashop-redir --- @@ -46,7 +46,7 @@ spec: certResolver: le routes: - - match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`) + - match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`) kind: Rule services: - name: wp diff --git a/traefik/kubernetes-crd-rbac.yml b/traefik/kubernetes-crd-rbac.yml index a1e5875..afb974a 100644 --- a/traefik/kubernetes-crd-rbac.yml +++ b/traefik/kubernetes-crd-rbac.yml @@ -64,7 +64,7 @@ roleRef: subjects: - kind: ServiceAccount name: traefik-ingress-controller - namespace: default + namespace: traefik --- @@ -72,4 +72,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: traefik-ingress-controller - namespace: default + namespace: traefik diff --git a/traefik/02-traefik.yml b/traefik/traefik-deployment.yml similarity index 90% rename from traefik/02-traefik.yml rename to traefik/traefik-deployment.yml index d3be2ea..ea0108a 100644 --- a/traefik/02-traefik.yml +++ b/traefik/traefik-deployment.yml @@ -33,7 +33,8 @@ spec: - --certificatesresolvers.le.acme.email=learn@akamai.com - --certificatesresolvers.le.acme.storage=acme.json - --certificatesresolvers.le.acme.tlschallenge=true - - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory + # - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory + - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory # change caServer to production https://acme-v02.api.letsencrypt.org/directory ports: - name: web diff --git a/traefik/02-traefik-services.yml b/traefik/traefik-services.yml similarity index 100% rename from traefik/02-traefik-services.yml rename to traefik/traefik-services.yml