alpeb/Injected Traefik ingress TLS request

## Injected Traefik ingress TLS request
#!/bin/bash

set -euxo pipefail

# Set the linkerd binary to use.
LINKERD_CLI=linkerd

# create the local k8s cluster. Either k3d or kind can be used.
k3d cluster create --k3s-server-arg "--disable=traefik"
# kind create cluster

# install linkerd and wait for it to report ready
$LINKERD_CLI install | kubectl apply -f -
$LINKERD_CLI check

# install traefik
helm install traefik traefik \
        --create-namespace \
        --namespace=traefik-system \
        --repo=https://helm.traefik.io/traefik \
        --wait \
        --set=deployment.podAnnotations."linkerd\.io/inject=enabled" \
  --set=service.type=NodePort \
  --set ports.websecure.tls.enabled=true

# install emojivoto
curl -sL https://run.linkerd.io/emojivoto.yml | $LINKERD_CLI inject - | kubectl apply -f -

# create an ingress for the web-svc with tls enabled through traefik
kubectl --namespace emojivoto apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web
  namespace: emojivoto
  annotations:
    traefik.ingress.kubernetes.io/router.tls: "true"
    ingress.kubernetes.io/custom-request-headers: l5d-dst-override:web-svc.emojivoto.svc.cluster.local:80
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-svc
            port:
              number: 80
EOF

# wait for all pods to report ready. Timeout is for 10 minutes for slower connections
kubectl wait --for=condition=Ready --all pods --all-namespaces --timeout 10m

# fetch both the first node's ip address and the node port on which TLS is being served
NODE_ADDRESS=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
HTTPS_PORT=$(kubectl --namespace traefik-system get svc traefik -o jsonpath='{.spec.ports[?(@.name == "websecure")].nodePort}')

# sleep a bit to give k8s and traefik a chance to process the ingress
sleep 2

# use the address and port to test if it get's routed to web-svc. This will time out after 15 seconds.
curl -vk --max-time 15 --resolve example.com:${HTTPS_PORT}:${NODE_ADDRESS} https://example.com:${HTTPS_PORT}
	#!/bin/bash

	set -euxo pipefail

	# Set the linkerd binary to use.
	LINKERD_CLI=linkerd

	# create the local k8s cluster. Either k3d or kind can be used.
	k3d cluster create --k3s-server-arg "--disable=traefik"
	# kind create cluster

	# install linkerd and wait for it to report ready
	$LINKERD_CLI install \| kubectl apply -f -
	$LINKERD_CLI check

	# install traefik
	helm install traefik traefik \
	--create-namespace \
	--namespace=traefik-system \
	--repo=https://helm.traefik.io/traefik \
	--wait \
	--set=deployment.podAnnotations."linkerd\.io/inject=enabled" \
	--set=service.type=NodePort \
	--set ports.websecure.tls.enabled=true

	# install emojivoto
	curl -sL https://run.linkerd.io/emojivoto.yml \| $LINKERD_CLI inject - \| kubectl apply -f -

	# create an ingress for the web-svc with tls enabled through traefik
	kubectl --namespace emojivoto apply -f - <<EOF
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: web
	namespace: emojivoto
	annotations:
	traefik.ingress.kubernetes.io/router.tls: "true"
	ingress.kubernetes.io/custom-request-headers: l5d-dst-override:web-svc.emojivoto.svc.cluster.local:80
	spec:
	rules:
	- http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	service:
	name: web-svc
	port:
	number: 80
	EOF

	# wait for all pods to report ready. Timeout is for 10 minutes for slower connections
	kubectl wait --for=condition=Ready --all pods --all-namespaces --timeout 10m

	# fetch both the first node's ip address and the node port on which TLS is being served
	NODE_ADDRESS=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
	HTTPS_PORT=$(kubectl --namespace traefik-system get svc traefik -o jsonpath='{.spec.ports[?(@.name == "websecure")].nodePort}')

	# sleep a bit to give k8s and traefik a chance to process the ingress
	sleep 2

	# use the address and port to test if it get's routed to web-svc. This will time out after 15 seconds.
	curl -vk --max-time 15 --resolve example.com:${HTTPS_PORT}:${NODE_ADDRESS} https://example.com:${HTTPS_PORT}