Staging

k8s-config/ingress/nginx-elb.yaml

@@ -38,6 +38,9 @@ metadata:
   namespace: ingress-nginx
 data:
   allow-snippet-annotations: 'true'
+  ssl-redirect: 'false'
+  server-snippet: |
+      listen 8000;
 ---
 # Source: ingress-nginx/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -266,6 +269,9 @@ metadata:
     service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
     service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
     service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '443'
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:187286695231:certificate/ddd727c2-f2c3-4e44-b0c3-fe0651ea5f7b
+    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
   labels:
     helm.sh/chart: ingress-nginx-4.0.15
     app.kubernetes.io/name: ingress-nginx
@@ -290,8 +296,7 @@ spec:
     - name: https
       port: 443
       protocol: TCP
-      targetPort: https
-      appProtocol: https
+      targetPort: special
   selector:
     app.kubernetes.io/name: ingress-nginx
     app.kubernetes.io/instance: ingress-nginx
@@ -390,6 +395,9 @@ spec:
             - name: https
               containerPort: 443
               protocol: TCP
+            - name: special
+              containerPort: 8000
+              protocol: TCP
             - name: webhook
               containerPort: 8443
               protocol: TCP

k8s-config/ingress/vue-service-ingress.yaml

@@ -6,10 +6,14 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/rewrite-target: /
-
+    nginx.ingress.kubernetes.io/server-snippet: |
+      if ( $server_port = 80 ) {
+         return 308 https://$host$request_uri;
+      }
 spec:
   rules:
-    - http:
+    - host: dev.stephencahill.net
+      http:
         paths:
           - path: /
             pathType: Prefix

vuenotes.md

@@ -27,6 +27,7 @@
   * ~writing kube yaml deployment~
   * ~update how services are accessed within k8s cluster - is it necessary to expose as `NodePort`?~ NO
   * ~working AWS K8s config~
+  * https encryption - (in progress)
   * assess aws networking/sgs/etc
   * unified service tagging
   * go live
@@ -165,4 +166,29 @@ look for this in style sheet
 curl -d "secret=<SECRET>&response=<RESPONSE_TOKEN>" -X POST https://www.google.com/recaptcha/api/siteverify
 
 
-docker compose -f docker-compose-fromfile.yml up --build 
+
+docker compose -f docker-compose-fromfile.yml up --build 
+
+
+#mongo 
+rs.initiate({ _id: "MainRepSet", version: 1, 
+members: [ 
+ { _id: 0, host: "mongod-0.mongodb-service.default.svc.cluster.local:27017" } ]});
+
+ rs.status();
+
+ mongo localhost:27017/test populate_db.sh
+
+ mongoimport --type csv -d sitecontent -c cards --headerline /docker-entrypoint-initdb.d/homepage.csv 
+
+ mongoimport --type csv -d sitecontent -c users --headerline /docker-entrypoint-initdb.d/users.csv
+
+
+### MongoDB Operato
+
+kubectl create namespace mongodb
+
+kubectl create secret generic my-mongodb-user-password -n mongodb --from-literal="password=TXs3ZsuIqT-pQFvwxOec"
+
+docker compose -f docker-compose-fromfile.yml up --build 
+