# akashop
https://origin-akashop.akamai-lab.com

## How to deploy
1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
2. cd akashop/traefik
3. kubectl create namespace traefik
4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
5. kubectl get pods -n traefik
```
NAME                                  READY   STATUS    RESTARTS   AGE
traefik-deployment-6dbb5f6667-wslph   1/1     Running   0          9m2s
```
6. kubectl get services -n traefik
```
NAME                        TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
traefik-dashboard-service   LoadBalancer   10.128.46.205   172.233.169.40   8080:32174/TCP               18h
traefik-web                 LoadBalancer   10.128.2.58     172.233.168.36   80:31310/TCP,443:32696/TCP   18h
```
7. Vefiry traefik dashboard. 
```
http://{traefik-dashboard-service-external-ip}:8080
```
8. cd ../akashop
9. kubectl create namespace akashop
10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
11. DNS spoofing test
```
http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:38:47 GMT
Location: https://origin-akashop.akamai-lab.com/
Server: Apache/2.4.57 (Debian)
X-Powered-By: PHP/8.2.17
X-Redirect-By: WordPress
```
1.  Update DNS record
```
origin-akashop.akamai-lab.com.  600  IN  A  {traefik-web-external-ip}
```
1.  HTTPS test
```
http https://origin-akashop.akamai-lab.com -ph
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 18525
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:41:25 GMT
Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink
Server: Apache/2.4.57 (Debian)
Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.17
```

## How to use HTTPS ##
- traefik/02-traefik.yml
```yml
- --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
```
- akashop/traefik-ingressR.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: akashop-https
  namespace: akashop
spec:
  entryPoints:
    - websecure  
  tls:
    certResolver: le
```

## How to redirect HTTP to HTTPS ##
- akashop/traefik-ingressR.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: akashop-redir
  namespace: akashop
spec:
  redirectScheme:
    scheme: https
    permanent: true

---

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: akashop-http
  namespace: akashop
  ......
    middlewares:
    - name: akashop-redir
```

## How to maintain Session Stickyness ##
- akashop/ingress.yml
```yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: akashop-https
  namespace: akashop
  ......
    services:
    - name: wp
      port: 80
      sticky:
        cookie:
          httpOnly: true
```

## How to use ReadWriteMany pvc ##
- akashop/pv.yml
```yml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: wp-data
  namespace: akashop
spec:
......
  nfs:
    path: /nfs/share/akashop/volumes/wp
    server: 10.0.0.5
```

- akashop/pvc.yml
```yml  
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: wp-data-pvc
spec:
  accessModes:
    - ReadWriteMany
    ......
```