From 126036d8b3fbdb8bc208ea92c414a0c860ee7535 Mon Sep 17 00:00:00 2001
From: Sangmin Kim <sakim@akamai.com>
Date: Wed, 3 Apr 2024 17:28:45 +0900
Subject: [PATCH] 	new file:   juiceshop/deployment.yml

---
 juiceshop/deployment.yml        | 35 +++++++++++++++++++++++++
 juiceshop/ingress.yml           | 45 +++++++++++++++++++++++++++++++++
 juiceshop/pv.yml                | 35 +++++++++++++++++++++++++
 juiceshop/pvc.yml               | 29 +++++++++++++++++++++
 juiceshop/redirect.yml          |  9 +++++++
 juiceshop/service.yml           | 13 ++++++++++
 traefik/00-account.yml          |  4 +++
 traefik/00-role.yml             | 33 ++++++++++++++++++++++++
 traefik/01-role-binding.yml     | 13 ++++++++++
 traefik/02-traefik-services.yml | 30 ++++++++++++++++++++++
 traefik/02-traefik.yml          | 42 ++++++++++++++++++++++++++++++
 11 files changed, 288 insertions(+)
 create mode 100644 juiceshop/deployment.yml
 create mode 100644 juiceshop/ingress.yml
 create mode 100644 juiceshop/pv.yml
 create mode 100644 juiceshop/pvc.yml
 create mode 100644 juiceshop/redirect.yml
 create mode 100644 juiceshop/service.yml
 create mode 100644 traefik/00-account.yml
 create mode 100644 traefik/00-role.yml
 create mode 100644 traefik/01-role-binding.yml
 create mode 100644 traefik/02-traefik-services.yml
 create mode 100644 traefik/02-traefik.yml

diff --git a/juiceshop/deployment.yml b/juiceshop/deployment.yml
new file mode 100644
index 0000000..40f3891
--- /dev/null
+++ b/juiceshop/deployment.yml
@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: juiceshop 
+  namespace: origin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: juiceshop
+  template:
+    metadata:
+      labels:
+        app: juiceshop
+    spec:
+      containers:
+      - name: juiceshop
+        image: bkimminich/juice-shop
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: "1"
+            memory: "1Gi"
+          requests:
+            cpu: "0.5"
+            memory: "200Mi"
+        ports:
+        - name: http
+          containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 3000
+          initialDelaySeconds: 5
+          periodSeconds: 10
diff --git a/juiceshop/ingress.yml b/juiceshop/ingress.yml
new file mode 100644
index 0000000..1c2a21e
--- /dev/null
+++ b/juiceshop/ingress.yml
@@ -0,0 +1,45 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: juiceshop-https
+  namespace: origin
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.tls.certresolver: le
+    # traefik.ingress.kubernetes.io/router.sticky.cookie: sticky
+spec:
+  rules:
+  - host: whoami.172.233.169.18.nip.io
+    http:
+      paths:
+      - path: / 
+        pathType: Prefix
+        backend:
+          service: 
+            name: juiceshop
+            port:
+              number: 3000 
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: juiceshop-http
+  namespace: origin
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+    # traefik.ingress.kubernetes.io/router.middlewares: "http-to-https-redirect@kubernetescrd"
+spec:
+  rules:
+  - host: whoami.172.233.169.18.nip.io
+    http:
+      paths:
+      - path: / 
+        pathType: Prefix
+        backend:
+          service: 
+            name: juiceshop
+            port:
+              number: 3000
diff --git a/juiceshop/pv.yml b/juiceshop/pv.yml
new file mode 100644
index 0000000..5783d4c
--- /dev/null
+++ b/juiceshop/pv.yml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: wp-data
+  namespace: akashop
+spec:
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  storageClassName: ""
+  nfs:
+    path: /nfs/share/akashop/volumes/wp
+    server: 10.0.0.5
+
+---
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: db-data
+  namespace: akashop
+spec:
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  storageClassName: ""
+  nfs:
+    path: /nfs/share/akashop/volumes/db
+    server: 10.0.0.5
diff --git a/juiceshop/pvc.yml b/juiceshop/pvc.yml
new file mode 100644
index 0000000..9b5a3e6
--- /dev/null
+++ b/juiceshop/pvc.yml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wp-data-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 1Gi
+  volumeName: wp-data
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: db-data-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 1Gi
+  volumeName: db-data
\ No newline at end of file
diff --git a/juiceshop/redirect.yml b/juiceshop/redirect.yml
new file mode 100644
index 0000000..795a705
--- /dev/null
+++ b/juiceshop/redirect.yml
@@ -0,0 +1,9 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: http-to-https-redirect
+  namespace: origin
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true  # Set to true for permanent (301) redirect
\ No newline at end of file
diff --git a/juiceshop/service.yml b/juiceshop/service.yml
new file mode 100644
index 0000000..8a0748b
--- /dev/null
+++ b/juiceshop/service.yml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: juiceshop
+  namespace: origin
+spec:
+  selector:
+    app: juiceshop
+  ports:
+  - protocol: TCP
+    port: 3000
+    targetPort: http
+  type: ClusterIP
\ No newline at end of file
diff --git a/traefik/00-account.yml b/traefik/00-account.yml
new file mode 100644
index 0000000..566d892
--- /dev/null
+++ b/traefik/00-account.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: traefik-account
diff --git a/traefik/00-role.yml b/traefik/00-role.yml
new file mode 100644
index 0000000..7e07e3f
--- /dev/null
+++ b/traefik/00-role.yml
@@ -0,0 +1,33 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-role
+
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update
diff --git a/traefik/01-role-binding.yml b/traefik/01-role-binding.yml
new file mode 100644
index 0000000..c461a14
--- /dev/null
+++ b/traefik/01-role-binding.yml
@@ -0,0 +1,13 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-role-binding
+
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-role
+subjects:
+  - kind: ServiceAccount
+    name: traefik-account
+    namespace: origin
diff --git a/traefik/02-traefik-services.yml b/traefik/02-traefik-services.yml
new file mode 100644
index 0000000..76303c6
--- /dev/null
+++ b/traefik/02-traefik-services.yml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-dashboard-service
+
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 8080
+      targetPort: dashboard
+  selector:
+    app: traefik
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-web
+
+spec:
+  type: LoadBalancer
+  ports:
+    - name: http
+      targetPort: web
+      port: 80
+    - name: https
+      targetPort: websecure
+      port: 443
+  selector:
+    app: traefik
\ No newline at end of file
diff --git a/traefik/02-traefik.yml b/traefik/02-traefik.yml
new file mode 100644
index 0000000..c9e9eae
--- /dev/null
+++ b/traefik/02-traefik.yml
@@ -0,0 +1,42 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: traefik-deployment
+  labels:
+    app: traefik
+
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik
+  template:
+    metadata:
+      labels:
+        app: traefik
+    spec:
+      serviceAccountName: traefik-account
+      containers:
+        - name: traefik
+          image: traefik:latest
+          args:
+            - --api.insecure
+            - --accesslog
+            - --log.level=DEBUG
+            - --providers.kubernetesingress
+            - --providers.kubernetesingress.allowexternalnameservices=true
+            # - --providers.kubernetescrd
+            # - --providers.kubernetescrd.allowCrossNamespace=true
+            - --entrypoints.web.address=:80
+            - --entrypoints.websecure.address=:443
+            - --certificatesresolvers.le.acme.email=learn@akamai.com
+            - --certificatesresolvers.le.acme.storage=acme.json
+            - --certificatesresolvers.le.acme.tlschallenge=true
+            - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+          ports:
+            - name: web
+              containerPort: 80
+            - name: websecure
+              containerPort: 443
+            - name: dashboard
+              containerPort: 8080