5.0 KiB
WordPress with Kubernetes
This page shows you how to deploy a sample WordPress site using GKE Sandbox.
Before you begin
Take the following steps to enable the Kubernetes Engine API:
- Visit the Kubernetes Engine page in the Google Cloud Platform Console.
- Create or select a project.
Creating a node pool with gVisor enabled
Create a node pool inside your cluster with option --sandbox type=gvisor
added
to the command, like below:
gcloud beta container node-pools create sandbox-pool --cluster=${CLUSTER_NAME} --image-type=cos_containerd --sandbox type=gvisor
If you prefer to use the console, select your cluster and select the ADD NODE POOL button:
Then select the Image type with Containerd and select Enable sandbox with gVisor option. Select other options as you like:
Check that gVisor is enabled
The gvisor RuntimeClass is instantiated during node creation. You can check for the existence of the gvisor RuntimeClass using the following command:
kubectl get runtimeclasses
Wordpress deployment
Now, let's deploy a WordPress site using GKE Sandbox. WordPress site requires two pods: web server in the frontend, MySQL database in the backend. Both applications use PersistentVolumes to store the site data data. In addition, they use secret store to share MySQL password between them.
First, let's download the deployment configuration files to add the runtime class annotation to them:
curl -LO https://k8s.io/examples/application/wordpress/wordpress-deployment.yaml
curl -LO https://k8s.io/examples/application/wordpress/mysql-deployment.yaml
Add a spec.template.spec.runtimeClassName set to gvisor to both files, as shown below:
wordpress-deployment.yaml: ```yaml apiVersion: v1 kind: Service metadata: name: wordpress labels: app: wordpress spec: ports: - port: 80 selector: app: wordpress tier: frontend
type: LoadBalancer
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: wp-pv-claim labels: app: wordpress spec: accessModes: - ReadWriteOnce resources: requests:
storage: 20Gi
apiVersion: apps/v1 kind: Deployment metadata: name: wordpress labels: app: wordpress spec: selector: matchLabels: app: wordpress tier: frontend strategy: type: Recreate template: metadata: labels: app: wordpress tier: frontend spec: runtimeClassName: gvisor # ADD THIS LINE containers: - image: wordpress:4.8-apache name: wordpress env: - name: WORDPRESS_DB_HOST value: wordpress-mysql - name: WORDPRESS_DB_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 80 name: wordpress volumeMounts: - name: wordpress-persistent-storage mountPath: /var/www/html volumes: - name: wordpress-persistent-storage persistentVolumeClaim: claimName: wp-pv-claim ```
mysql-deployment.yaml: ```yaml apiVersion: v1 kind: Service metadata: name: wordpress-mysql labels: app: wordpress spec: ports: - port: 3306 selector: app: wordpress tier: mysql
clusterIP: None
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mysql-pv-claim labels: app: wordpress spec: accessModes: - ReadWriteOnce resources: requests:
storage: 20Gi
apiVersion: apps/v1 kind: Deployment metadata: name: wordpress-mysql labels: app: wordpress spec: selector: matchLabels: app: wordpress tier: mysql strategy: type: Recreate template: metadata: labels: app: wordpress tier: mysql spec: runtimeClassName: gvisor # ADD THIS LINE containers: - image: mysql:5.6 name: mysql env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-pass key: password ports: - containerPort: 3306 name: mysql volumeMounts: - name: mysql-persistent-storage mountPath: /var/lib/mysql volumes: - name: mysql-persistent-storage persistentVolumeClaim: claimName: mysql-pv-claim ```
Note that apart from runtimeClassName: gvisor
, nothing else about the
Deployment has is changed.
You are now ready to deploy the entire application. Just create a secret to store MySQL's password and apply both deployments:
kubectl create secret generic mysql-pass --from-literal=password=${YOUR_SECRET_PASSWORD_HERE?}
kubectl apply -f mysql-deployment.yaml
kubectl apply -f wordpress-deployment.yaml
Wait for the deployments to be ready and an external IP to be assigned to the Wordpress service:
watch kubectl get service wordpress
Now, copy the service EXTERNAL-IP
from above to your favorite browser to view
and configure your new WordPress site.
Congratulations! You have just deployed a WordPress site using GKE Sandbox.
What's next
To learn more about GKE Sandbox and how to run your deployment securely, take a look at the documentation.