6 changed files with 11 additions and 70 deletions
--- a/README.md
+++ b/README.md
@ -1,71 +1,13 @@
 # akashop
 https://origin-akashop.akamai-lab.com
 - akashop was built on [woocommerce](https://woo.com/).
 - akashop is deployed to **tee-origins** kubernetes cluster.
 ## How to deploy
 1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
 2. cd akashop/traefik
 3. kubectl create namespace traefik
 4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
 5. kubectl get pods -n traefik
 ```
 NAME                                  READY   STATUS    RESTARTS   AGE
 traefik-deployment-6dbb5f6667-wslph   1/1     Running   0          9m2s
 ```
 6. kubectl get services -n traefik
 ```
 NAME                        TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
 traefik-dashboard-service   LoadBalancer   10.128.46.205   172.233.169.40   8080:32174/TCP               18h
 traefik-web                 LoadBalancer   10.128.2.58     172.233.168.36   80:31310/TCP,443:32696/TCP   18h
 ```
 7. Vefiry traefik dashboard. 
 ```
 http://{traefik-dashboard-service-external-ip}:8080
 ```
 8. cd ../akashop
 9. kubectl create namespace akashop
 10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
 11. DNS spoofing test
 ```
 http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
 HTTP/1.1 301 Moved Permanently
 Content-Length: 0
 Content-Type: text/html; charset=UTF-8
 Date: Mon, 08 Apr 2024 00:38:47 GMT
 Location: https://origin-akashop.akamai-lab.com/
 Server: Apache/2.4.57 (Debian)
 X-Powered-By: PHP/8.2.17
 X-Redirect-By: WordPress
 ```
 12.  Update DNS record
 ```
 origin-akashop.akamai-lab.com.  600  IN  A  {traefik-web-external-ip}
 ```
 13.  HTTPS test
 ```
 http https://origin-akashop.akamai-lab.com -ph
 HTTP/1.1 200 OK
 Content-Encoding: gzip
 Content-Length: 18525
 Content-Type: text/html; charset=UTF-8
 Date: Mon, 08 Apr 2024 00:41:25 GMT
 Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink
 Server: Apache/2.4.57 (Debian)
 Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
 Vary: Accept-Encoding
 X-Powered-By: PHP/8.2.17
 ```
 ## How to use HTTPS ##
- traefik/traefik-deployment.yml
+- traefik/02-traefik.yml
 ```yml
 - --certificatesresolvers.le.acme.email=learn@akamai.com
 - --certificatesresolvers.le.acme.storage=acme.json
 - --certificatesresolvers.le.acme.tlschallenge=true
 - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
 # - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
 # change caServer to production https://acme-v02.api.letsencrypt.org/directory
 ```
 - akashop/traefik-ingressR.yml
@ -108,7 +50,7 @@ metadata:
 ```
 ## How to maintain Session Stickyness ##
- akashop/traefik-ingressR.yml
+- akashop/ingress.yml
 ```yml
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
--- a/akashop/pv.yml
+++ b/akashop/pv.yml
@ -13,7 +13,7 @@ spec:
  storageClassName: ""
  nfs:
    path: /nfs/share/akashop/volumes/wp
-    server: 10.0.0.2
+    server: 10.0.0.5
 ---
@ -32,4 +32,4 @@ spec:
  storageClassName: ""
  nfs:
    path: /nfs/share/akashop/volumes/db
-    server: 10.0.0.2
+    server: 10.0.0.5
--- a/akashop/traefik-ingressR.yml
+++ b/akashop/traefik-ingressR.yml
@ -21,14 +21,14 @@ spec:
    - web
  routes:
-  - match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
+  - match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: wp
      port: 80
-    # middlewares:
+    middlewares:
-    # - name: akashop-redir
+    - name: akashop-redir
 ---
@ -46,7 +46,7 @@ spec:
    certResolver: le
  routes:
-  - match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
+  - match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: wp
--- a/traefik/02-traefik-services.yml
+++ b/traefik/02-traefik-services.yml
--- a/traefik/traefik-deployment.yml
+++ b/traefik/traefik-deployment.yml
@ -33,8 +33,7 @@ spec:
            - --certificatesresolvers.le.acme.email=learn@akamai.com
            - --certificatesresolvers.le.acme.storage=acme.json
            - --certificatesresolvers.le.acme.tlschallenge=true
-            # - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+            - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
            - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
            # change caServer to production https://acme-v02.api.letsencrypt.org/directory
          ports:
            - name: web
--- a/traefik/kubernetes-crd-rbac.yml
+++ b/traefik/kubernetes-crd-rbac.yml
@ -64,7 +64,7 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
-    namespace: traefik
+    namespace: default
 ---
@ -72,4 +72,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: traefik-ingress-controller
-  namespace: traefik
+  namespace: default