akamai
/
akashop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: akamai:c2a16c28027648406bf4eb7e3485c285a5df4226
Branches Tags
akamai:main
akamai:k8s
akamai:docker
..
compare: akamai:2aae669515717031cd74a09ffde1704025728ce5
Branches Tags
akamai:main
akamai:k8s
akamai:docker

3 Commits
c2a16c2802 ... 2aae669515

Author SHA1 Message Date
akamai 2aae669515 Merge pull request 'k8s' (#4) from k8s into main 
Reviewed-on: #4
 2024-04-08 01:02:58 +00:00
Sangmin Kim 55d449ed63 modified: README.md 2024-04-08 09:53:17 +09:00
Sangmin Kim b88be070fb modified: README.md 2024-04-08 09:45:10 +09:00
6 changed files with 70 additions and 11 deletions
Show Stats Expand all files Collapse all files

62
README.md
View File

@ -1,13 +1,71 @@
# akashop
https://origin-akashop.akamai-lab.com
- akashop was built on [woocommerce](https://woo.com/).
- akashop is deployed to **tee-origins** kubernetes cluster.
## How to deploy
1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
2. cd akashop/traefik
3. kubectl create namespace traefik
4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
5. kubectl get pods -n traefik
```
NAME READY STATUS RESTARTS AGE
traefik-deployment-6dbb5f6667-wslph 1/1 Running 0 9m2s
```
6. kubectl get services -n traefik
```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik-dashboard-service LoadBalancer 10.128.46.205 172.233.169.40 8080:32174/TCP 18h
traefik-web LoadBalancer 10.128.2.58 172.233.168.36 80:31310/TCP,443:32696/TCP 18h
```
7. Vefiry traefik dashboard.
```
http://{traefik-dashboard-service-external-ip}:8080
```
8. cd ../akashop
9. kubectl create namespace akashop
10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
11. DNS spoofing test
```
http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:38:47 GMT
Location: https://origin-akashop.akamai-lab.com/
Server: Apache/2.4.57 (Debian)
X-Powered-By: PHP/8.2.17
X-Redirect-By: WordPress
```
12. Update DNS record
```
origin-akashop.akamai-lab.com. 600 IN A {traefik-web-external-ip}
```
13. HTTPS test
```
http https://origin-akashop.akamai-lab.com -ph
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 18525
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:41:25 GMT
Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink
Server: Apache/2.4.57 (Debian)
Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.17
```
## How to use HTTPS ##
- traefik/02-traefik.yml
- traefik/traefik-deployment.yml
```yml
- --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
```
- akashop/traefik-ingressR.yml
@ -50,7 +108,7 @@ metadata:
```
## How to maintain Session Stickyness ##
- akashop/ingress.yml
- akashop/traefik-ingressR.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute

4
akashop/pv.yml
View File

@ -13,7 +13,7 @@ spec:
storageClassName: ""
nfs:
path: /nfs/share/akashop/volumes/wp
server: 10.0.0.5
server: 10.0.0.2
---
@ -32,4 +32,4 @@ spec:
storageClassName: ""
nfs:
path: /nfs/share/akashop/volumes/db
server: 10.0.0.5
server: 10.0.0.2

8
akashop/traefik-ingressR.yml
View File

@ -21,14 +21,14 @@ spec:
- web
routes:
- match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
- match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: wp
port: 80
middlewares:
- name: akashop-redir
# middlewares:
# - name: akashop-redir
---
@ -46,7 +46,7 @@ spec:
certResolver: le
routes:
- match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
- match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: wp

4
traefik/kubernetes-crd-rbac.yml
View File

@ -64,7 +64,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: default
namespace: traefik
---
@ -72,4 +72,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: default
namespace: traefik

3
traefik/02-traefik.yml → traefik/traefik-deployment.yml
View File

@ -33,7 +33,8 @@ spec:
- --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
ports:
- name: web

0
traefik/02-traefik-services.yml → traefik/traefik-services.yml
View File