chore: add current provisioning state before migration

cluster/web/default/bin/apply.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+ROOT=${ROOT:-.} 
+if [ -r "$ROOT/ssl/fullchain.pem" ] ; then 
+   if [ -x "$ROOT/make_istio-system_secret.sh" ] ; then 
+      $ROOT/make_istio-system_secret.sh $ROOT/ssl
+   else
+      kubectl delete secret web-certs -n cloudnative-zone 2>/dev/null
+      kubectl create secret tls web-certs --cert=$ROOT/ssl/fullchain.pem --key=$ROOT/ssl/privkey.pem -n cloudnative-zone
+  fi
+  if [ ! -r "$ROOT/ssl/fullchain.pem" ] ; then 
+     echo "No SSL certificate" 
+     exit  
+  fi 
+fi
+echo "checking configMaps ..." 
+kubectl delete -f $ROOT/configMap-etc.yaml 2>/dev/null
+kubectl apply -f $ROOT/configMap-etc.yaml 
+
+kubectl delete -f $ROOT/web.yaml 2>/dev/null 
+kubectl delete -f $ROOT/srvc-web.yaml 2>/dev/null 
+kubectl delete -f $ROOT/prxy-virtual-srvc-web.yaml 2>/dev/null 
+kubectl delete -f $ROOT/prxy-gateway-web.yaml 2>/dev/null 
+
+kubectl apply -f $ROOT/srvc-web.yaml
+kubectl apply -f $ROOT/prxy-virtual-srvc-web.yaml
+kubectl apply -f $ROOT/prxy-gateway-web.yaml
+kubectl apply -f $ROOT/web.yaml
+
+#echo "web.cloudnative-zone reload ..." 
+#curl -s -o /dev/null -I -w "%{http_code}" https://web.cloudnative.zone
+echo "__oOo__________oOo__________oOo__" 

cluster/web/default/configMap-etc.yaml

@@ -0,0 +1,126 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: web-etc
+  namespace: cloudnative-zone
+data:
+  htpasswd: |
+    daka:saTqF5QXUuD26
+  nginx.conf: |
+      user nginx;
+
+      # Set to number of CPU cores, auto will try to autodetect.
+      worker_processes auto;
+
+      # Maximum open file descriptors per process. Should be greater than worker_connections.
+      worker_rlimit_nofile 8192;
+
+      events {
+      	# Set the maximum number of connection each worker process can open. Anything higher than this
+      	# will require Unix optimisations.
+      	worker_connections 8000;
+
+      	# Accept all new connections as they're opened.
+      	multi_accept on;
+      }
+
+      http {
+      	# HTTP
+      	#include global/http.conf;
+
+      	# MIME Types
+      	include mime.types;
+      	default_type application/octet-stream;
+
+      	# Limits & Timeouts
+      	#include global/limits.conf;
+
+        # Specifies the main log format.
+        #log_format main '$http_x_real_ip - $real_ip_header - $http_x_forwarder_for - $http_x_real_ip - $remote_addr - $remote_user [$time_local] "$request" '
+        log_format main '$http_x_real_ip - $http_x_forwarder_for - $http_x_real_ip - $remote_addr - $remote_user [$time_local] "$request" '
+                        '$status $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" ';
+        # Default Logs
+        error_log /var/log/nginx/error.log warn;
+        access_log /var/log/nginx/access.log main;
+
+      	# Gzip
+      	#include global/gzip.conf;
+
+      	# Modules
+      	include /etc/nginx/conf.d/*.conf;
+        #upstream web {
+        #  server auth:8080;
+        #}
+      	# Sites
+      	#include /etc/nginx/sites-enabled/*;
+      }
+  default: |
+    # Define path to cache and memory zone. The memory zone should be unique.
+    # keys_zone=fatstcgi-cache:100m creates the memory zone and sets the maximum size in MBs.
+    # inactive=60m will remove cached items that haven't been accessed for 60 minutes or more.
+    fastcgi_cache_path /cache levels=1:2 keys_zone=fatstcgi-cache:100m inactive=60m;
+    
+    server {
+    	# Ports to listen on, uncomment one.
+      listen 443 ssl http2;
+    	listen [::]:443 ssl http2;
+
+    	# Server name to listen for
+      server_name web.cloudnative.zone;
+
+    	# Path to document root
+    	root   /var/www/static;
+
+      # Paths to certificate files.
+      ssl_certificate /etc/ssl-dom/fullchain.pem;
+      ssl_certificate_key /etc/ssl-dom/privkey.pem;
+
+    	# File to be used as index
+    	index index.php;
+
+    	# Overrides logs defined in nginx.conf, allows per site logs.
+      error_log /dev/stdout warn;
+    	access_log /dev/stdout main;
+    	# Default server block rules
+    	include server/defaults.conf;
+    	# Fastcgi cache rules
+    	include server/fastcgi-cache.conf;
+
+      # SSL rules
+    	include server/ssl.conf;
+    	# disable_symlinks off;
+
+      #Used when a load balancer wants to determine if this server is up or not
+      location /health_check {
+        return 200;
+      }
+      location / {
+           root   /usr/share/nginx/html;
+           index  index.html index.htm;
+      }
+      #location / {
+      #  #auth_basic  "Login";
+      #  #auth_basic_user_file  /etc/nginx/htpasswd;
+      #  proxy_set_header Host $http_host;
+      #  proxy_set_header X-Real-IP $remote_addr;
+      #  proxy_set_header X-Forwarded-For
+      #  $proxy_add_x_forwarded_for;
+      #  proxy_redirect off;
+      #  proxy_pass web;
+      #}  
+    }
+
+    # Redirect http to https
+    server {
+      listen 80;
+    	listen [::]:80;
+    	server_name web.cloudnative.zone;
+      #server_name localhost;
+      #return 301 https://web.cloudnative.zone$request_uri;
+    	#return 301 https://fatstcgi-cache$request_uri;
+      location / {
+           root   /usr/share/nginx/html;
+           index  index.html index.htm;
+      }
+    }

cluster/web/default/install-web.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+kubectl apply -f ns
+kubectl apply -f volumes
+
+[ -r "bin/apply.sh" ] && ./bin/apply.sh 
+
+exit 0
+

cluster/web/default/make_istio-system_secret.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+SECRET_NAME=cloudnative-web-credentials
+SSL_PATH=${1:-ssl}
+[ ! -r "$SSL_PATH" ] && echo "SSL_PATH $SSLPATH not directory"  && exit 1
+
+NAMESPACE=istio-system
+
+echo "create $NAMESPACE secret $SECRET_NAME for tls ... "
+kubectl delete -n $NAMESPACE secret $SECRET_NAME 2>/dev/null
+kubectl create -n $NAMESPACE secret tls $SECRET_NAME \
+  --key=$SSL_PATH/privkey.pem \
+  --cert=$SSL_PATH/fullchain.pem 
+

cluster/web/default/ns/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cloudnative-zone

cluster/web/default/prxy-gateway-web.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: web-cloudnative-zone-gwy
+  namespace: istio-system
+spec:
+  selector:
+    istio: ingressgateway # use istio default ingress gateway
+  servers:
+  - port:
+      number: 80
+      name: http-cnr
+      protocol: HTTP
+    tls:
+      httpsRedirect: true
+    hosts:
+    - "web.cloudnative.zone"
+  - port:
+      number: 443
+      name: https-cnr
+      protocol: HTTPS
+    tls:
+      #mode: PASSTHROUGH
+      mode: SIMPLE
+      credentialName: cloudnative-web-credentials
+    hosts:
+    - "web.cloudnative.zone"
+    

cluster/web/default/prxy-virtual-srvc-web.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: web-cloudnative-zone
+  namespace: istio-system
+spec:
+  hosts:
+  - "web.cloudnative.zone"
+  gateways:
+  - web-cloudnative-zone-gwy
+#  tcp:
+#  - match:
+#    - port: 
+#    route:
+#    - destination:
+#        port:
+#          number: 
+#        host: web.cloudnative-zone.svc.cluster.local
+  http:
+  - match:
+    - port: 443
+    route:
+    - destination:
+        port:
+          number: 80
+        host: web.cloudnative-zone.svc.cluster.local
+ # tls:
+ # - match:
+ #   - port:
+ #     sniHosts:
+ #     - "web.cloudnative.zone"
+ #   route:
+ #   - destination:
+ #       port:
+ #         number:
+ #       host: crates.cloudnative-zone.svc.cluster.local
+ # - match:
+ #   - port: 443
+ #     sniHosts:
+ #     - "web.cloudnative.zone"
+ #   route:
+ #   - destination:
+ #       port:
+ #        number: 3000
+ #       host: web.cloudnative-zone.svc.cluster.local

cluster/web/default/srvc-web.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: web
+  namespace: cloudnative-zone
+  labels:
+    app: web-cloudnative
+spec:
+  ports:
+    - port: 443
+      name: cn-https
+    - port: 80
+      name: cn-http
+  selector:
+    app: web-cloudnative

cluster/web/default/volumes/PersistentVolumeData.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: web-data-vol
+  namespace: cloudnative-zone
+  labels:
+    app: cloudnative-zone-repo
+spec:
+  storageClassName: nfs-client
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi

cluster/web/default/web.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cloudnative-zone
+  name: web-deployment
+  labels:
+    app: web-cloudnative
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web-cloudnative
+  template:
+    metadata:
+      labels:
+        app: web-cloudnative
+    spec:
+      containers:
+        - name: web-container
+          image: docker.io/nginx:alpine
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 80
+              name: cn-http
+            - containerPort: 443
+              name: cn-https
+          env:
+          volumeMounts:
+            - name: web-data-storage
+              mountPath: /usr/share/nginx/html
+            #- mountPath: /etc/ssl-dom
+            #  readOnly: true
+            #  name: web-certs
+            - mountPath: /etc/nginx/nginx.conf
+              readOnly: true
+              name: web-etc
+              subPath: nginx.conf
+      volumes:
+        - name: web-data-storage
+          persistentVolumeClaim:
+             claimName: web-data-vol
+             #claimName: web-data-claim
+        - name: web-etc
+          configMap:
+            name: web-etc
+            items:
+              - key: nginx.conf
+                path: nginx.conf
+        #- name:  web-certs
+        #  secret:
+        #    secretName: repo-certs
+        #    items:
+        #    - key: tls.crt
+        #      path: fullchain.pem
+        #    - key: tls.key
+        #      path: privkey.pem