modified: README.md

README.md

@@ -1,2 +1,107 @@
 # origin33
 
+## Sample Workflow
+
+ - [ ] **Alice** : Content Creator
+ - [ ] **Bob** : Lab Administrator
+
+**1. Servers vs Clients**
+```
+Alice ->> Bob: I'd like to create a new lab for ION.
+Bob ->> Alice: Do you want servers or clients? 
+Alice ->> Bob: I just need a web server that will be shared by learners.
+```
+
+***OPTION 1:*** Bob can create diverse types of servers (**Linux only!**) such as, web servers, application servers, database servers, and so on.
+
+>Sample server: https://origin-akashop.akamai-lab.com/
+
+***OPTION 2:*** Bob can create one type of clients based on **Visual Studio Code**. Clients can be assigned to learners one to one or one to many.
+
+>Sample client: https://training.akamai.com/ewp
+
+**2. Software**
+```
+Bob ->> Alice: Do you have any prefered web server software, like apache or nginx?
+Alice ->> Bob: nginx with php would be good.
+Bob ->> Alice: Do you need any other softwares?
+Alice ->> Bob: Yes. Please install python3 and flask, too.
+```
+Bob can install other softwares or tools such as **akamai cli**, based on the lab scenario. 
+
+**3. Infrastructure**
+```
+Alice ->> Bob: Can you upload my files(html, css, js, images, app.py,...) to the server?
+Bob ->> Alice: Certainly. We will have multiple server instances for high availability. Do you want all server instances to access the same files, or should each server have its own copy?
+Alice ->> Bob: All server instances should be able to read or write the same files.
+```
+Bob needs to use ReadWriteMany [persistent volume access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). However, Linode block storage does NOT support ReadWriteMany mode and NFS can be a good alternative. In this sample scenario, we will use NFS.
+
+**4. Docker Image**
+```
+Bob ->> Alice: Do you have a custom docker image for this lab?
+Alice ->> Bob: No.  
+Bob ->> Alice: OK. Then I will build a docker image based on public nginx docker image.
+```
+Bob builds a docker image and Alice validates it iteratively until they finalize the image. After the docker image is ready, Bob push it to a docker repository.
+```shell
+$ docker login gitea-ptl.akamai-lab.com
+$ docker tag origin33 gitea-ptl.akamai-lab.com/akamai/origin33
+$ docker push gitea-ptl.akamai-lab.com/akamai/origin33
+```
+
+**5. Staging Deployment**
+
+Bob builds kubernetes yaml files and Alice validates them iteratively until they finalize the yaml files. They might need more discussion on the technical details such as health check, auto scaling, and etc.
+
+Bob applies the yaml files to Kubernetes staging environment.
+```shell
+$ kubectl create namespace origin33
+$ kubectl apply -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n origin33
+```
+
+**6. Staging Test**
+
+Bob finds the IP address of the LoadBalancer. In the following example, it is {traefik-web-EXTERNAL-IP} (172.233.168.36).
+
+```shell
+$ kubectl get services -n traefik
+NAME                        TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
+traefik-dashboard-service   LoadBalancer   10.128.46.205   172.233.169.40   8080:32174/TCP               18h
+traefik-web                 LoadBalancer   10.128.2.58     172.233.168.36   80:31310/TCP,443:32696/TCP   18h
+```
+
+Bob tests the server by DNS spoofing.
+
+```shell
+$ http http://{traefik-web-EXTERNAL-IP} Host:origin-33.akamai-lab.com
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=UTF-8
+Date: Mon, 08 Apr 2024 14:01:08 GMT
+Server: nginx/1.24.0
+Set-Cookie: _30cb3=9435af3328ab4cfe; Path=/; HttpOnly; SameSite=Strict
+Transfer-Encoding: chunked
+X-Powered-By: PHP/8.1.22
+```
+
+Bob commits and pushes files to git repository.(https://gitea-ptl.akamai-lab.com)
+
+**6. Production Deployment & Test**
+
+> Bob create or update DNS record for the hostname.
+```shell
+origin-33.akamai-lab.com. 600   IN      A       172.233.168.36
+```
+Bob applies the yaml files to Kubernetes staging environment.
+
+Alice validates the environment by end-to-end test.
+
+## More Sample Codes ##
+
+[How to use HTTPS](https://gitea-ptl.akamai-lab.com/akamai/akashop#how-to-use-https)
+
+[How to redirect HTTP to HTTPS](https://gitea-ptl.akamai-lab.com/akamai/akashop#how-to-redirect-http-to-https)
+
+[How to maintain Session Stickyness](https://gitea-ptl.akamai-lab.com/akamai/akashop#how-to-maintain-session-stickyness)
+
+[How to use ReadWriteMany pvc](https://gitea-ptl.akamai-lab.com/akamai/akashop#how-to-use-readwritemany-pvc)

origin33/deployment.yml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: origin33 
+  namespace: origin33
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: origin33
+  template:
+    metadata:
+      labels:
+        app: origin33
+    spec:
+      containers:
+      - name: origin33
+        image: gitea-ptl.akamai-lab.com/akamai/origin33
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: "1"
+            memory: "1Gi"
+          requests:
+            cpu: "0.5"
+            memory: "200Mi"
+        ports:
+        - name: http
+          containerPort: 80
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 80
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        volumeMounts:
+          - name: origin33-data
+            mountPath: /usr/share/nginx/html/learn
+      volumes:
+        - name: origin33-data
+          persistentVolumeClaim:
+            claimName: origin33-data-pvc

origin33/pvc.yml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: origin33-data-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 1Gi
+  volumeName: origin33-data
+
+---
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: origin33-data
+  namespace: origin33
+spec:
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  storageClassName: ""
+  nfs:
+    path: /nfs/share/origin33/volumes/learn
+    server: 10.0.0.5

origin33/service.yml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: origin33
+  namespace: origin33
+spec:
+  selector:
+    app: origin33
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: http
+  type: ClusterIP

origin33/traefik-ingressR.yml

@@ -0,0 +1,66 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: origin33-redir
+  namespace: origin33
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true  # Set to true for permanent (301) redirect
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: origin33-http
+  namespace: origin33
+
+spec:
+  entryPoints:
+    - web
+
+  routes:
+  - match: Host(`origin-33.akamai-lab.com`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: origin33
+      port: 80
+      sticky:
+        cookie:
+          httpOnly: true
+          sameSite: strict
+
+    # middlewares:
+    # - name: akashop-redir
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: origin33-https
+  namespace: origin33
+
+spec:
+  entryPoints:
+    - websecure
+  
+  tls:
+    certResolver: le
+
+  routes:
+  - match: Host(`origin-33.akamai-lab.com`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: origin33
+      port: 80
+      sticky:
+        cookie:
+          httpOnly: true
+          # name: cookie
+          # secure: true
+          sameSite: strict
+      # strategy: RoundRobin
+      # weight: 10
+      # nativeLB: true