Deploying WordPress on GKE Cluster with Persistent Disk and Cloud SQL
GKE container connecting to Cloud SQL

Deploying WordPress on GKE Cluster with Persistent Disk and Cloud SQL

Srinivasan (Srini) Viswanathan Srinivasan (Srini) Viswanathan

Srinivasan (Srini) Viswanathan

Service Delivery Leader | DevOps Engineer| Kubernetes | Terraform | CI/CD | Containers| AWS | GCP | Observability | GKE | EKS

发布日期: 2024年1月16日
+ 关注

In this tutorial, we will walk through the process of deploying a WordPress web application on Google Kubernetes Engine (GKE) using a Persistent Volume for storing web data and Google Cloud SQL for database management. Assuming that the GKE cluster is provisioned and in a ready state, we'll break down the deployment into four parts, leveraging various managed cloud resources.

Part 1: Cloud SQL

Setting up Cloud SQL involves three simple steps:

a) Create a SQL instance using the following example command, with parameters adjusted to your specifications: 

gcloud sql instances create mysql-wp --database-version=MYSQL_5_7 --tier=db-f1-micro --region=us-central1/

b) Create a database for the WordPress web application: 

gcloud sql databases create wordpress --instance mysql-wp

c) Create a non-root user and password for the web application to access the database: 

gcloud sql users create <provide_as_a_user_name_wordpress> --host=% --instance mysql-wp --password <your_password>

Part 2: Configure ServiceAccount and Create Secrets

Provision a service account for the WordPress application to connect with Cloud SQL: 

gcloud iam service-accounts create cloudsql-proxy --display-name cloudsql-proxy

Assign the cloudsql.client role to the service account:

领英推荐

gcloud iam service-accounts list --filter=displayName:cloudsql-proxy 

gcloud projects add-iam-policy-binding <project_ID> --role roles/cloudsql.client --member serviceAccount:<mention_SA_email>

gcloud iam service-accounts keys create <key.json> --iam-acocunt <mention_SA_email>

Create Kubernetes secrets to store credential information: 

kubectl create secret generic cloudsql-db-credentials --from-literal username=wordpress --from-literal password=password        
kubectl create secret generic cloudsql-instance-credentials --from-file=sakey.json

Part 3: Setup Persistent Volume Claim (PVC)

Create a Persistent Volume Claim for the WordPress container to attach: 

#wp-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: wordpress-volumeclaim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 200Gi

# Create the PVC:
kubectl create -f wp-pvc.yaml
kubectl get pvc

Part 4: Deploy WordPress Web Application

Finally, deploy the WordPress container, integrating both the Persistent Volume and Cloud SQL. Here is the YAML file for reference: 

# this is a working file. 
# wordpress container connecting to PVC/PV , Cloud SQL
# creates a side car container to run cloudsql-proxy for wordpress container to run
# Obviously, after cloudsql-proxy established connection, wordpress Container can connect to db using 127.0.0.1:3306 as db host
# Google cloud proxy is listening locally on this pod

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress
  labels:
    app: wordpress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wordpress
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
        - image: docker.io/wordpress
          name: wordpress
          env:
          - name: WORDPRESS_DB_HOST
            value: 127.0.0.1:3306
          - name: WORDPRESS_DEBUG
            value: "true"
          # These secrets are required to start the pod.
          - name: WORDPRESS_DB_USER
            valueFrom:
              secretKeyRef:
                name: cloudsql-db-credentials
                key: username
          - name: WORDPRESS_DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: cloudsql-db-credentials
                key: password
          ports:
            - containerPort: 80
              name: wordpress
          volumeMounts:
            - name: wordpress-persistent-storage
              mountPath: /var/www/html
        - name: cloudsql-proxy
          image: gcr.io/cloudsql-docker/gce-proxy:1.33.2
          command: ["/cloud_sql_proxy", "-instances=<project_id>:<region>:<instance_name>=tcp:3306", "-log_debug_stdout", "-credential_file=/secrets/cloudsql/<key>.json"]
          securityContext:
            runAsUser: 2  # non-root user
            allowPrivilegeEscalation: false
          volumeMounts:
            - name: cloudsql-instance-credentials
              mountPath: /secrets/cloudsql
              readOnly: true
      volumes:
        - name: wordpress-persistent-storage
          persistentVolumeClaim:
            claimName: wordpress-volumeclaim
        - name: cloudsql-instance-credentials
          secret:
            secretName: cloudsql-instance-credentials

Clean Up

To avoid incurring charges, delete the project containing the resources, or delete individual resources while keeping the project.

要查看或添加评论,请登录

Srinivasan (Srini) Viswanathan的更多文章

社区洞察

其他会员也浏览了