From 6bb64c5601f6934b9796dbb68916689d5349c068 Mon Sep 17 00:00:00 2001 From: Sangmin Kim Date: Tue, 2 Apr 2024 10:22:38 +0900 Subject: [PATCH 1/3] modified: akashop/ingress.yml --- akashop/deployment.yml | 14 +++++++------- akashop/ingress.yml | 1 + 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/akashop/deployment.yml b/akashop/deployment.yml index 7e9fdae..716ceb3 100644 --- a/akashop/deployment.yml +++ b/akashop/deployment.yml @@ -4,7 +4,7 @@ metadata: name: wp namespace: akashop spec: - replicas: 1 + replicas: 3 selector: matchLabels: app: wp @@ -41,12 +41,12 @@ spec: # secretKeyRef: # name: my-secret # Name of the secret containing the variable # key: VAR2_KEY - # livenessProbe: - # httpGet: - # path: / - # port: 80 - # initialDelaySeconds: 5 - # periodSeconds: 10 + livenessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: 5 + periodSeconds: 10 volumeMounts: - name: wp-data mountPath: /var/www/html diff --git a/akashop/ingress.yml b/akashop/ingress.yml index 9d61447..7dc3334 100644 --- a/akashop/ingress.yml +++ b/akashop/ingress.yml @@ -7,6 +7,7 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls.certresolver: le + traefik.ingress.kubernetes.io/router.sticky.cookie: "sticky" spec: rules: - host: whoami.172.233.168.9.nip.io -- 2.40.1 From 5f934c40a06177ca1149fc77891afcad5976327b Mon Sep 17 00:00:00 2001 From: Sangmin Kim Date: Tue, 2 Apr 2024 10:57:45 +0900 Subject: [PATCH 2/3] new file: akashop/redirect.yml --- README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ akashop/ingress.yml | 23 +---------------------- akashop/nginx-ext.yml | 12 ------------ akashop/redirect.yml | 8 ++++++++ 4 files changed, 52 insertions(+), 34 deletions(-) delete mode 100644 akashop/nginx-ext.yml create mode 100644 akashop/redirect.yml diff --git a/README.md b/README.md index e7d30db..d82c123 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,45 @@ # akashop +origin-akashop.akamai-lab.com + +## How to use HTTPS ## +- traefik/02-traefik.yml +``` +- --certificatesresolvers.le.acme.email=learn@akamai.com +- --certificatesresolvers.le.acme.storage=acme.json +- --certificatesresolvers.le.acme.tlschallenge=true +- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory +``` +- akashop/ingress.yml +``` +traefik.ingress.kubernetes.io/router.entrypoints: websecure +traefik.ingress.kubernetes.io/router.tls: "true" +traefik.ingress.kubernetes.io/router.tls.certresolver: le +``` + +## How to redirect HTTP to HTTPS ## +- akashop/redirect.yml +- akashop/ingress.yml +``` +traefik.ingress.kubernetes.io/router.middlewares: "http-to-https-redirecte@kubernetescrd" +``` + +## How to maintain Session Stickyness ## +- akashop/ingress.yml +``` +traefik.ingress.kubernetes.io/router.sticky.cookie: "sticky" +``` +- origin code (functions.php) +```php +// Define cookie name and value +$cookie_name = "sticky"; +$cookie_value = time(); + +// Set expiration time (optional, defaults to session end) +$expire = time() + 60 * 60 * 24; // Expires in 24 hours + +if(!isset($_COOKIE[$cookie_name])) { + // Set cookie with secure flag (recommended) + setcookie($cookie_name, $cookie_value, $expire, "/", "", true); +} +``` diff --git a/akashop/ingress.yml b/akashop/ingress.yml index 7dc3334..f4b48bf 100644 --- a/akashop/ingress.yml +++ b/akashop/ingress.yml @@ -30,6 +30,7 @@ metadata: namespace: akashop annotations: traefik.ingress.kubernetes.io/router.entrypoints: web + traefik.ingress.kubernetes.io/router.middlewares: "http-to-https-redirecte@kubernetescrd" spec: rules: - host: whoami.172.233.168.9.nip.io @@ -42,25 +43,3 @@ spec: name: wp port: number: 80 - ---- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: wp-origin - namespace: akashop - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web -spec: - rules: - - host: origin-akashop.akamai-lab.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: wp - port: - number: 80 diff --git a/akashop/nginx-ext.yml b/akashop/nginx-ext.yml deleted file mode 100644 index 424df54..0000000 --- a/akashop/nginx-ext.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx - namespace: akashop -spec: - type: ExternalName - externalName: nginx.nginx.svc.cluster.local - ports: - - name: http - port: 80 - protocol: TCP \ No newline at end of file diff --git a/akashop/redirect.yml b/akashop/redirect.yml new file mode 100644 index 0000000..e0182e6 --- /dev/null +++ b/akashop/redirect.yml @@ -0,0 +1,8 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: http-to-https-redirect +spec: + redirectScheme: + scheme: https + permanent: true # Set to true for permanent (301) redirect \ No newline at end of file -- 2.40.1 From a4dd3492fed13a3d7fe1bbbccb0599a988fa1649 Mon Sep 17 00:00:00 2001 From: Sangmin Kim Date: Tue, 2 Apr 2024 11:06:51 +0900 Subject: [PATCH 3/3] modified: README.md --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d82c123..47c202c 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # akashop -origin-akashop.akamai-lab.com +https://origin-akashop.akamai-lab.com ## How to use HTTPS ## - traefik/02-traefik.yml @@ -8,6 +8,7 @@ origin-akashop.akamai-lab.com - --certificatesresolvers.le.acme.storage=acme.json - --certificatesresolvers.le.acme.tlschallenge=true - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory +# change caServer to production https://acme-v02.api.letsencrypt.org/directory ``` - akashop/ingress.yml ``` @@ -43,3 +44,11 @@ if(!isset($_COOKIE[$cookie_name])) { } ``` +## How to use ReadWriteMany pvc ## +- akashop/pv.yml +``` +nfs: + path: /nfs/share/akashop/volumes/db + server: 10.0.0.5 +``` +- akashop/pvc.yml \ No newline at end of file -- 2.40.1