Compare commits
3 Commits
c2a16c2802
...
2aae669515
Author | SHA1 | Date |
---|---|---|
akamai | 2aae669515 | |
Sangmin Kim | 55d449ed63 | |
Sangmin Kim | b88be070fb |
62
README.md
62
README.md
|
@ -1,13 +1,71 @@
|
||||||
# akashop
|
# akashop
|
||||||
https://origin-akashop.akamai-lab.com
|
https://origin-akashop.akamai-lab.com
|
||||||
|
|
||||||
|
- akashop was built on [woocommerce](https://woo.com/).
|
||||||
|
- akashop is deployed to **tee-origins** kubernetes cluster.
|
||||||
|
|
||||||
|
## How to deploy
|
||||||
|
1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
|
||||||
|
2. cd akashop/traefik
|
||||||
|
3. kubectl create namespace traefik
|
||||||
|
4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
|
||||||
|
5. kubectl get pods -n traefik
|
||||||
|
```
|
||||||
|
NAME READY STATUS RESTARTS AGE
|
||||||
|
traefik-deployment-6dbb5f6667-wslph 1/1 Running 0 9m2s
|
||||||
|
```
|
||||||
|
6. kubectl get services -n traefik
|
||||||
|
```
|
||||||
|
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||||
|
traefik-dashboard-service LoadBalancer 10.128.46.205 172.233.169.40 8080:32174/TCP 18h
|
||||||
|
traefik-web LoadBalancer 10.128.2.58 172.233.168.36 80:31310/TCP,443:32696/TCP 18h
|
||||||
|
```
|
||||||
|
7. Vefiry traefik dashboard.
|
||||||
|
```
|
||||||
|
http://{traefik-dashboard-service-external-ip}:8080
|
||||||
|
```
|
||||||
|
8. cd ../akashop
|
||||||
|
9. kubectl create namespace akashop
|
||||||
|
10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
|
||||||
|
11. DNS spoofing test
|
||||||
|
```
|
||||||
|
http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
|
||||||
|
HTTP/1.1 301 Moved Permanently
|
||||||
|
Content-Length: 0
|
||||||
|
Content-Type: text/html; charset=UTF-8
|
||||||
|
Date: Mon, 08 Apr 2024 00:38:47 GMT
|
||||||
|
Location: https://origin-akashop.akamai-lab.com/
|
||||||
|
Server: Apache/2.4.57 (Debian)
|
||||||
|
X-Powered-By: PHP/8.2.17
|
||||||
|
X-Redirect-By: WordPress
|
||||||
|
```
|
||||||
|
12. Update DNS record
|
||||||
|
```
|
||||||
|
origin-akashop.akamai-lab.com. 600 IN A {traefik-web-external-ip}
|
||||||
|
```
|
||||||
|
13. HTTPS test
|
||||||
|
```
|
||||||
|
http https://origin-akashop.akamai-lab.com -ph
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
Content-Encoding: gzip
|
||||||
|
Content-Length: 18525
|
||||||
|
Content-Type: text/html; charset=UTF-8
|
||||||
|
Date: Mon, 08 Apr 2024 00:41:25 GMT
|
||||||
|
Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink
|
||||||
|
Server: Apache/2.4.57 (Debian)
|
||||||
|
Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
|
||||||
|
Vary: Accept-Encoding
|
||||||
|
X-Powered-By: PHP/8.2.17
|
||||||
|
```
|
||||||
|
|
||||||
## How to use HTTPS ##
|
## How to use HTTPS ##
|
||||||
- traefik/02-traefik.yml
|
- traefik/traefik-deployment.yml
|
||||||
```yml
|
```yml
|
||||||
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
||||||
- --certificatesresolvers.le.acme.storage=acme.json
|
- --certificatesresolvers.le.acme.storage=acme.json
|
||||||
- --certificatesresolvers.le.acme.tlschallenge=true
|
- --certificatesresolvers.le.acme.tlschallenge=true
|
||||||
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
||||||
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
||||||
```
|
```
|
||||||
- akashop/traefik-ingressR.yml
|
- akashop/traefik-ingressR.yml
|
||||||
|
@ -50,7 +108,7 @@ metadata:
|
||||||
```
|
```
|
||||||
|
|
||||||
## How to maintain Session Stickyness ##
|
## How to maintain Session Stickyness ##
|
||||||
- akashop/ingress.yml
|
- akashop/traefik-ingressR.yml
|
||||||
```yml
|
```yml
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: IngressRoute
|
kind: IngressRoute
|
||||||
|
|
|
@ -13,7 +13,7 @@ spec:
|
||||||
storageClassName: ""
|
storageClassName: ""
|
||||||
nfs:
|
nfs:
|
||||||
path: /nfs/share/akashop/volumes/wp
|
path: /nfs/share/akashop/volumes/wp
|
||||||
server: 10.0.0.5
|
server: 10.0.0.2
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -32,4 +32,4 @@ spec:
|
||||||
storageClassName: ""
|
storageClassName: ""
|
||||||
nfs:
|
nfs:
|
||||||
path: /nfs/share/akashop/volumes/db
|
path: /nfs/share/akashop/volumes/db
|
||||||
server: 10.0.0.5
|
server: 10.0.0.2
|
||||||
|
|
|
@ -21,14 +21,14 @@ spec:
|
||||||
- web
|
- web
|
||||||
|
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
|
- match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: wp
|
- name: wp
|
||||||
port: 80
|
port: 80
|
||||||
|
|
||||||
middlewares:
|
# middlewares:
|
||||||
- name: akashop-redir
|
# - name: akashop-redir
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ spec:
|
||||||
certResolver: le
|
certResolver: le
|
||||||
|
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
|
- match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: wp
|
- name: wp
|
||||||
|
|
|
@ -64,7 +64,7 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: traefik-ingress-controller
|
name: traefik-ingress-controller
|
||||||
namespace: default
|
namespace: traefik
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -72,4 +72,4 @@ apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: traefik-ingress-controller
|
name: traefik-ingress-controller
|
||||||
namespace: default
|
namespace: traefik
|
||||||
|
|
|
@ -33,7 +33,8 @@ spec:
|
||||||
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
||||||
- --certificatesresolvers.le.acme.storage=acme.json
|
- --certificatesresolvers.le.acme.storage=acme.json
|
||||||
- --certificatesresolvers.le.acme.tlschallenge=true
|
- --certificatesresolvers.le.acme.tlschallenge=true
|
||||||
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
# - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
- --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
||||||
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
||||||
ports:
|
ports:
|
||||||
- name: web
|
- name: web
|
Loading…
Reference in New Issue