3.9 KiB
3.9 KiB
akashop
https://origin-akashop.akamai-lab.com
How to deploy
- git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
- cd akashop/traefik
- kubectl create namespace traefik
- kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
- kubectl get pods -n traefik
NAME READY STATUS RESTARTS AGE
traefik-deployment-6dbb5f6667-wslph 1/1 Running 0 9m2s
- kubectl get services -n traefik
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik-dashboard-service LoadBalancer 10.128.46.205 172.233.169.40 8080:32174/TCP 18h
traefik-web LoadBalancer 10.128.2.58 172.233.168.36 80:31310/TCP,443:32696/TCP 18h
- Vefiry traefik dashboard.
http://{traefik-dashboard-service-external-ip}:8080
- cd ../akashop
- kubectl create namespace akashop
- kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
- DNS spoofing test
http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:38:47 GMT
Location: https://origin-akashop.akamai-lab.com/
Server: Apache/2.4.57 (Debian)
X-Powered-By: PHP/8.2.17
X-Redirect-By: WordPress
- Update DNS record
origin-akashop.akamai-lab.com. 600 IN A {traefik-web-external-ip}
- HTTPS test
http https://origin-akashop.akamai-lab.com -ph
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 18525
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Apr 2024 00:41:25 GMT
Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink
Server: Apache/2.4.57 (Debian)
Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/8.2.17
How to use HTTPS
- traefik/02-traefik.yml
- --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
- akashop/traefik-ingressR.yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: akashop-https
namespace: akashop
spec:
entryPoints:
- websecure
tls:
certResolver: le
How to redirect HTTP to HTTPS
- akashop/traefik-ingressR.yml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: akashop-redir
namespace: akashop
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: akashop-http
namespace: akashop
......
middlewares:
- name: akashop-redir
How to maintain Session Stickyness
- akashop/ingress.yml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: akashop-https
namespace: akashop
......
services:
- name: wp
port: 80
sticky:
cookie:
httpOnly: true
How to use ReadWriteMany pvc
- akashop/pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
name: wp-data
namespace: akashop
spec:
......
nfs:
path: /nfs/share/akashop/volumes/wp
server: 10.0.0.5
- akashop/pvc.yml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wp-data-pvc
spec:
accessModes:
- ReadWriteMany
......