From 69cd63b317196ee432d0333293b746b73d6315cd Mon Sep 17 00:00:00 2001 From: Piotr Biernat Date: Sat, 13 Dec 2025 13:12:25 +0100 Subject: [PATCH] Update --- deploy/k8s/api-cache.yml | 2 +- deploy/k8s/api-eventbus.yml | 2 +- deploy/k8s/api-gateway.yml | 498 ++++++++++++++++++++++++++++++------ deploy/k8s/api-logger.yml | 8 +- deploy/k8s/basket-svc.yml | 4 +- deploy/k8s/catalog-svc.yml | 4 +- deploy/k8s/config-svc.yml | 4 +- deploy/k8s/db-postgres.yml | 2 +- deploy/k8s/identity-svc.yml | 4 +- deploy/scripts/init-k8s.sh | 20 +- 10 files changed, 439 insertions(+), 109 deletions(-) diff --git a/deploy/k8s/api-cache.yml b/deploy/k8s/api-cache.yml index bc49ad4..e177012 100644 --- a/deploy/k8s/api-cache.yml +++ b/deploy/k8s/api-cache.yml @@ -72,7 +72,7 @@ spec: spec: containers: - name: api-cache - image: git.ego.freeddns.org/egommerce/api-cache:dev + image: localhost:32000/egommerce/api-cache:dev imagePullPolicy: Always command: [ "redis-server" diff --git a/deploy/k8s/api-eventbus.yml b/deploy/k8s/api-eventbus.yml index 7389906..bd3585c 100644 --- a/deploy/k8s/api-eventbus.yml +++ b/deploy/k8s/api-eventbus.yml @@ -65,7 +65,7 @@ spec: containers: - name: api-eventbus image: apache/kafka:latest - imagePullPolicy: Always # For future image + imagePullPolicy: Always ports: - containerPort: 9092 name: eventbus-brkr diff --git a/deploy/k8s/api-gateway.yml b/deploy/k8s/api-gateway.yml index b7a3252..ca05f94 100644 --- a/deploy/k8s/api-gateway.yml +++ b/deploy/k8s/api-gateway.yml @@ -1,18 +1,165 @@ +kind: Service apiVersion: v1 -kind: ConfigMap metadata: - name: api-gateway-config + name: apisix-etcd namespace: egommerce -data: - global-config-snippet: | - # lua-prepend-path /usr/local/lib/lua/5.4/?.lua - # set-dumpable - log 127.0.0.1 local0 debug - lua-load /etc/haproxy/lua/jwt_auth.lua - frontend-config-snippet: | - http-request lua.jwt_auth - http-response lua.jwt_auth - # http-request deny if !{ var(txn.authenticated) -m bool } + labels: + app.kubernetes.io/instance: apisix-etcd + app.kubernetes.io/name: apisix-etcd + annotations: + meta.helm.sh/release-name: apisix-etcd + meta.helm.sh/release-namespace: egommerce +spec: + type: NodePort + ports: + - name: client + protocol: TCP + port: 2379 + nodePort: 31801 + - name: peer + protocol: TCP + port: 2380 + nodePort: 31802 + selector: + app.kubernetes.io/instance: apisix-etcd + app.kubernetes.io/name: apisix-etcd +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: apisix-etcd + namespace: egommerce + labels: + app.kubernetes.io/instance: apisix-etcd + app.kubernetes.io/name: apisix-etcd +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: apisix-etcd + app.kubernetes.io/name: apisix-etcd + template: + metadata: + labels: + app.kubernetes.io/instance: apisix-etcd + app.kubernetes.io/name: apisix-etcd + spec: + containers: + - name: apisix-etcd + image: quay.io/coreos/etcd:v2.3.8 + args: + - --initial-cluster="apisix-etcd-0=http://apisix-etcd-0.apisix-etcd.egommerce.svc.cluster.local:2380" + ports: + - name: client + containerPort: 2379 + protocol: TCP + - name: peer + containerPort: 2380 + protocol: TCP + env: + - name: BITNAMI_DEBUG + value: 'false' + - name: MY_POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: MY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ETCDCTL_API + value: '3' + - name: ETCD_ON_K8S + value: 'yes' + - name: ETCD_START_FROM_SNAPSHOT + value: 'no' + - name: ETCD_DISASTER_RECOVERY + value: 'no' + - name: ETCD_NAME + value: $(MY_POD_NAME) + - name: ETCD_DATA_DIR + value: /bitnami/etcd/data + - name: ETCD_LOG_LEVEL + value: info + - name: ALLOW_NONE_AUTHENTICATION + value: 'yes' + - name: ETCD_ADVERTISE_CLIENT_URLS + value: >- + http://$(MY_POD_NAME).apisix-etcd.egommerce.svc.cluster.local:2379 + - name: ETCD_LISTEN_CLIENT_URLS + value: http://0.0.0.0:2379 + - name: ETCD_INITIAL_ADVERTISE_PEER_URLS + value: >- + http://$(MY_POD_NAME).apisix-etcd.egommerce.svc.cluster.local:2380 + - name: ETCD_LISTEN_PEER_URLS + value: http://0.0.0.0:2380 + resources: {} + volumeMounts: + - name: data + mountPath: /bitnami/etcd + livenessProbe: + exec: + command: + - /opt/bitnami/scripts/etcd/healthcheck.sh + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + exec: + command: + - /opt/bitnami/scripts/etcd/healthcheck.sh + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 1001 + runAsNonRoot: true + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + serviceAccountName: default + serviceAccount: default + securityContext: + fsGroup: 1001 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: apisix-etcd + app.kubernetes.io/name: apisix-etcd + namespaces: + - egommerce + topologyKey: kubernetes.io/hostname + schedulerName: default-scheduler + volumeClaimTemplates: + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeMode: Filesystem + serviceName: apisix-etcd-headless + podManagementPolicy: Parallel + updateStrategy: + type: RollingUpdate + revisionHistoryLimit: 10 --- apiVersion: v1 kind: Service @@ -22,46 +169,37 @@ metadata: spec: type: NodePort ports: - - name: api-gateway-https - port: 8443 + - name: api-gateway-http + port: 9080 nodePort: 31800 - - name: api-gateway-stats - port: 1024 - nodePort: 31899 + - name: api-gateway-https + port: 9443 + nodePort: 31843 + # - name: api-gateway-stats + # port: 1024 + # nodePort: 31899 selector: app: api-gateway ---- -kind: IngressClass -apiVersion: networking.k8s.io/v1 -metadata: - name: api-gateway - namespace: egommerce -spec: - controller: haproxy.org/ingress-controller/haproxy +# --- +# kind: IngressClass +# apiVersion: networking.k8s.io/v1 +# metadata: +# name: api-gateway +# namespace: egommerce +# spec: +# controller: haproxy.org/ingress-controller/haproxy --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: api-gateway namespace: egommerce - annotations: - haproxy.org/server-ssl: "true" - haproxy.org/server-ca: "egommerce/ca-root" - haproxy.org/server-alpn: "h2,http/1.1" - haproxy.org/enable-lua: "true" - haproxy.org/backend-config-snippet: | - http-response set-header X-Custom-Backend-Header "value" - haproxy.org/path-rewrite: | - /api/identity/(.*) /\1 - /api/catalog/(.*) /\1 - /api/basket/(.*) /\1 - /api/config/(.*) /\1 spec: - ingressClassName: api-gateway - tls: - - secretName: api-gateway-cert - hosts: - - egommerce.io # CHANGE TO THE PROD DOMAIN + # ingressClassName: api-gateway + # tls: + # - secretName: api-gateway-cert + # hosts: + # - egommerce.io # CHANGE TO THE PROD DOMAIN rules: - host: egommerce.io # CHANGE TO THE PROD DOMAIN http: @@ -95,49 +233,253 @@ spec: port: number: 443 --- +kind: ConfigMap +apiVersion: v1 +metadata: + name: apisix + namespace: default +data: + config.yaml: >- + # + + # Licensed to the Apache Software Foundation (ASF) under one or more + + # contributor license agreements. See the NOTICE file distributed with + + # this work for additional information regarding copyright ownership. + + # The ASF licenses this file to You under the Apache License, Version 2.0 + + # (the "License"); you may not use this file except in compliance with + + # the License. You may obtain a copy of the License at + + # + + # http://www.apache.org/licenses/LICENSE-2.0 + + # + + # Unless required by applicable law or agreed to in writing, software + + # distributed under the License is distributed on an "AS IS" BASIS, + + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + + # See the License for the specific language governing permissions and + + # limitations under the License. + + # + + apisix: + node_listen: 9080 # APISIX listening port + enable_heartbeat: true + enable_admin: true + enable_admin_cors: true + enable_debug: false + enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true + enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true. + enable_ipv6: true + config_center: etcd # etcd: use etcd to store the config value + # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml` + + + #proxy_protocol: # Proxy Protocol configuration + # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin. + # This port can only receive http request with proxy protocol, but node_listen & port_admin + # can only receive http request. If you enable proxy protocol, you must use this port to + # receive http request with proxy protocol + # listen_https_port: 9182 # The port with proxy protocol for https + # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option + # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server + + proxy_cache: # Proxy Caching configuration + cache_ttl: 10s # The default caching time if the upstream does not specify the cache time + zones: # The parameters of a cache + - name: disk_cache_one # The name of the cache, administrator can be specify + # which cache to use by name in the admin api + memory_size: 50m # The size of shared memory, it's used to store the cache index + disk_size: 1G # The size of disk, it's used to store the cache data + disk_path: "/tmp/disk_cache_one" # The path to store the cache data + cache_levels: "1:2" # The hierarchy levels of a cache + # - name: disk_cache_two + # memory_size: 50m + # disk_size: 1G + # disk_path: "/tmp/disk_cache_two" + # cache_levels: "1:2" + + allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow + - 127.0.0.1/24 + # - "::/64" + port_admin: 9180 + + # Default token when use API to call for Admin API. + # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. + # Disabling this configuration item means that the Admin API does not + # require any authentication. + admin_key: + # admin: can everything for configuration data + - name: "admin" + key: edd1c9f034335f136f87ad84b625c8f1 + role: admin + # viewer: only can view configuration data + - name: "viewer" + key: 4054f7cf07e344346cd3f287985e76a2 + role: viewer + router: + http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree) + # radixtree_host_uri: match route by host + uri(base on radixtree) + ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree) + # dns_resolver: + # + # - 127.0.0.1 + # + # - 172.20.0.10 + # + # - 114.114.114.114 + # + # - 223.5.5.5 + # + # - 1.1.1.1 + # + # - 8.8.8.8 + # + dns_resolver_valid: 30 + resolver_timeout: 5 + ssl: + enable: false + enable_http2: true + listen_port: 9443 + ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" + ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA" + + nginx_config: # config for render the template to + genarate nginx.conf + error_log: "/dev/stderr" + error_log_level: "warn" # warn,error + worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections + event: + worker_connections: 10620 + http: + access_log: "/dev/stdout" + keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side. + client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client + client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client + send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed + underscores_in_headers: "on" # default enables the use of underscores in client request header fields + real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header + real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from + - 127.0.0.1 + - 'unix:' + + etcd: + host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. + - "http://apisix-etcd-0.egommerce.svc.cluster.local:2379" + prefix: "/apisix" # apisix configurations prefix + timeout: 30 # 30 seconds + plugins: # plugin list + - api-breaker + - authz-keycloak + - basic-auth + - batch-requests + - consumer-restriction + - cors + - echo + - fault-injection + - grpc-transcode + - hmac-auth + - http-logger + - ip-restriction + - ua-restriction + - jwt-auth + - kafka-logger + - key-auth + - limit-conn + - limit-count + - limit-req + - node-status + - openid-connect + - authz-casbin + - prometheus + - proxy-cache + - proxy-mirror + - proxy-rewrite + - redirect + - referer-restriction + - request-id + - request-validation + - response-rewrite + - serverless-post-function + - serverless-pre-function + - sls-logger + - syslog + - tcp-logger + - udp-logger + - uri-blocker + - wolf-rbac + - zipkin + - server-info + - traffic-split + - gzip + - real-ip + stream_plugins: + - mqtt-proxy + - ip-restriction + - limit-conn + plugin_attr: + server-info: + report_interval: 60 + report_ttl: 3600 +--- apiVersion: apps/v1 kind: Deployment metadata: name: api-gateway namespace: egommerce + labels: + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: apisix + app.kubernetes.io/version: 2.10.0 spec: replicas: 1 selector: matchLabels: - app: api-gateway + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: apisix template: metadata: labels: - app: api-gateway + app.kubernetes.io/instance: apisix + app.kubernetes.io/name: apisix spec: restartPolicy: Always + initContainers: + - name: wait-etcd + image: busybox:1.28 + command: + - sh + - '-c' + - >- + until nc -z apisix-etcd.egommerce.svc.cluster.local 2379; do echo + waiting for etcd `date`; sleep 2; done; + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent containers: - name: api-gateway - image: git.ego.freeddns.org/egommerce/api-gateway:dev + image: localhost:32000/egommerce/api-gateway:dev imagePullPolicy: Always - args: - - --publish-service=egommerce/api-gateway - - --configmap=egommerce/api-gateway-config - - --ingress.class=haproxy - - --https-bind-port=8443 + # args: + # - --publish-service=egommerce/api-gateway + # - --configmap=egommerce/api-gateway-config + # - --ingress.class=haproxy + # - --https-bind-port=8443 ports: - - containerPort: 8443 - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - # - name: POD_IP - # valueFrom: - # fieldRef: - # apiVersion: v1 - # fieldPath: status.podIP + - containerPort: 9080 # Proxy HTTP + - containerPort: 9443 # Proxy HTTPS + - containerPort: 9444 # Admin API resources: limits: cpu: 100m @@ -145,22 +487,14 @@ spec: requests: cpu: 50m memory: 256M - # securityContext: - # capabilities: - # add: - # - NET_BIND_SERVICE - # drop: - # - ALL - # readOnlyRootFilesystem: false - # runAsUser: 1000 - # runAsGroup: 1000 - # runAsNonRoot: true - # allowPrivilegeEscalation: false - # seccompProfile: - # type: RuntimeDefault + volumeMounts: + - name: apisix-config + mountPath: /usr/local/apisix/conf/config.yaml + subPath: config.yaml volumes: - - name: api-gateway-config + - name: apisix-config configMap: - name: api-gateway-config + name: apisix + defaultMode: 420 imagePullSecrets: - name: regcred \ No newline at end of file diff --git a/deploy/k8s/api-logger.yml b/deploy/k8s/api-logger.yml index 24e77e8..552ea3c 100644 --- a/deploy/k8s/api-logger.yml +++ b/deploy/k8s/api-logger.yml @@ -33,7 +33,7 @@ spec: spec: containers: - name: api-logger-loki - image: git.ego.freeddns.org/egommerce/api-logger-loki:dev + image: localhost:32000/egommerce/api-logger-loki:dev imagePullPolicy: Always args: - "-config.file=/etc/loki/loki.yaml" @@ -77,7 +77,7 @@ spec: automountServiceAccountToken: true containers: - name: api-logger-promtail - image: git.ego.freeddns.org/egommerce/api-logger-promtail:dev + image: localhost:32000/egommerce/api-logger-promtail:dev imagePullPolicy: Always env: - name: HOSTNAME @@ -237,7 +237,7 @@ spec: runAsNonRoot: true containers: - name: api-logger-prometheus - image: git.ego.freeddns.org/egommerce/api-logger-prometheus:dev + image: localhost:32000/egommerce/api-logger-prometheus:dev imagePullPolicy: Always env: - name: GOMAXPROCS @@ -390,7 +390,7 @@ spec: subPath: grafana containers: - name: api-logger-grafana - image: git.ego.freeddns.org/egommerce/api-logger-grafana:dev + image: localhost:32000/egommerce/api-logger-grafana:dev imagePullPolicy: Always env: - name: GOMAXPROCS diff --git a/deploy/k8s/basket-svc.yml b/deploy/k8s/basket-svc.yml index 2c306cb..d3f1502 100644 --- a/deploy/k8s/basket-svc.yml +++ b/deploy/k8s/basket-svc.yml @@ -49,7 +49,7 @@ spec: # ] containers: - name: basket-svc - image: git.ego.freeddns.org/egommerce/basket-svc:dev + image: localhost:32000/egommerce/basket-svc:dev imagePullPolicy: Always env: - name: APP_NAME @@ -104,7 +104,7 @@ spec: # - --web.listen-address=:9090 # - --web.telemetry-path=/metrics - name: basket-scheduler # Scheduler Container - image: git.ego.freeddns.org/egommerce/basket-svc:dev + image: localhost:32000/egommerce/basket-svc:dev imagePullPolicy: Always command: [ "/usr/local/bin/scheduler" diff --git a/deploy/k8s/catalog-svc.yml b/deploy/k8s/catalog-svc.yml index 0c2e7ed..5a84688 100644 --- a/deploy/k8s/catalog-svc.yml +++ b/deploy/k8s/catalog-svc.yml @@ -49,7 +49,7 @@ spec: # ] containers: - name: catalog-svc - image: git.ego.freeddns.org/egommerce/catalog-svc:dev + image: localhost:32000/egommerce/catalog-svc:dev imagePullPolicy: Always env: - name: APP_NAME @@ -104,7 +104,7 @@ spec: # - --web.listen-address=:9090 # - --web.telemetry-path=/metrics - name: catalog-scheduler # Scheduler Container - image: git.ego.freeddns.org/egommerce/catalog-svc:dev + image: localhost:32000/egommerce/catalog-svc:dev imagePullPolicy: Always command: [ "/usr/local/bin/scheduler" diff --git a/deploy/k8s/config-svc.yml b/deploy/k8s/config-svc.yml index c3bedc4..c0f1ae0 100644 --- a/deploy/k8s/config-svc.yml +++ b/deploy/k8s/config-svc.yml @@ -49,7 +49,7 @@ spec: # ] containers: - name: config-svc - image: git.ego.freeddns.org/egommerce/config-svc:dev + image: localhost:32000/egommerce/config-svc:dev imagePullPolicy: Always env: - name: APP_NAME @@ -104,7 +104,7 @@ spec: # - --web.listen-address=:9090 # - --web.telemetry-path=/metrics # - name: config-scheduler # Scheduler Container - # image: git.ego.freeddns.org/egommerce/config-svc:dev + # image: localhost:32000/egommerce/config-svc:dev # imagePullPolicy: Always # command: [ # "/usr/local/bin/scheduler" diff --git a/deploy/k8s/db-postgres.yml b/deploy/k8s/db-postgres.yml index 8c8fdba..ee25fda 100644 --- a/deploy/k8s/db-postgres.yml +++ b/deploy/k8s/db-postgres.yml @@ -80,7 +80,7 @@ spec: # remember to change perms and owner of ~/.egommerce/postgres directory containers: - name: db-postgres - image: git.ego.freeddns.org/egommerce/db-postgres:dev + image: localhost:32000/egommerce/db-postgres:dev imagePullPolicy: Always env: - name: APP_NAME diff --git a/deploy/k8s/identity-svc.yml b/deploy/k8s/identity-svc.yml index 703306c..ae23f7e 100644 --- a/deploy/k8s/identity-svc.yml +++ b/deploy/k8s/identity-svc.yml @@ -51,7 +51,7 @@ spec: # ] containers: - name: identity-svc - image: git.ego.freeddns.org/egommerce/identity-svc:dev + image: localhost:32000/egommerce/identity-svc:dev imagePullPolicy: Always env: - name: APP_NAME @@ -106,7 +106,7 @@ spec: # - --web.listen-address=:9090 # - --web.telemetry-path=/metrics - name: identity-scheduler # Scheduler Container - image: git.ego.freeddns.org/egommerce/identity-svc:dev + image: localhost:32000/egommerce/identity-svc:dev imagePullPolicy: Always command: [ "/usr/local/bin/scheduler" diff --git a/deploy/scripts/init-k8s.sh b/deploy/scripts/init-k8s.sh index 35edaab..81b1cc3 100644 --- a/deploy/scripts/init-k8s.sh +++ b/deploy/scripts/init-k8s.sh @@ -4,18 +4,14 @@ alias kubectl="microk8s kubectl" # MicroK8S fix # Install plugins microk8s enable dns -# microk8s enable ingress -# microk8s enable storage -# microk8s enable helm3 -# microk8s enable metallb:10.64.0.100-10.64.0.200 -# API Gateway CRDs -# kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml -# kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml +# Create ca root tls secret HAProxy +# kubectl create secret tls ca-root --cert=deploy/certs/ca-root/ca-root.crt --key=deploy/certs/ca-root/ca-root.key -n egommerce -# Create ca root tls secret -kubectl create secret tls ca-root --cert=deploy/certs/ca-root/ca-root.crt --key=deploy/certs/ca-root/ca-root.key -n egommerce -# kubectl annotate secret ca-root haproxy.org/server-ca="egommerce/ca-root" -n egommerce +# Create api-gateway tls secret HAProxy +# kubectl create secret tls api-gateway-cert --cert=deploy/certs/api-gateway/api-gateway.crt --key=deploy/certs/api-gateway/api-gateway.key -n egommerce -# Create api-gateway tls secret -kubectl create secret tls api-gateway-cert --cert=deploy/certs/api-gateway/api-gateway.crt --key=deploy/certs/api-gateway/api-gateway.key -n egommerce + +# kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml + +helm install apisix apisix/apisix -n egommerce