resource "kubectl_manifest" "Deployment_wordpress" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.instance}-${var.component}" labels: ${jsonencode(local.wp_all_labels)} namespace: ${var.namespace} annotations: configmap.reloader.stakater.com/reload: "${kubectl_manifest.wordpress_cfg.name},${kubectl_manifest.wordpress_files.name}" secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name}" spec: replicas: 1 selector: matchLabels: ${jsonencode(local.wp_labels)} template: metadata: labels: ${jsonencode(local.wp_labels)} spec: serviceAccountName: default securityContext: fsGroup: 12000 runAsGroup: 12000 runAsNonRoot: true runAsUser: 12000 initContainers: - name: copy-wordpress-app image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag} imagePullPolicy: ${var.images.wordpress.pull_policy} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false command: [sh, -cx] args: - >- echo Copying Wordpress source ...; ls -l /usr/src/wordpress/; cp -r /usr/src/wordpress/. /wordpress-app/; if [ -z "$(ls -A /wordpress-data/wp-content/)" ]; then echo "Copying initial files to wp-content ..."; cp -r /usr/src/wordpress/wp-content/* /wordpress-data/wp-content/; fi; volumeMounts: - mountPath: /wordpress-app/ name: wordpress-app - mountPath: /wordpress-data/wp-content/ name: wordpress-data subPath: wp-content - name: wordpress-config image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag} imagePullPolicy: ${var.images.wordpress.pull_policy} command: [/usr/local/bin/vynil-configurator] securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false envFrom: - configMapRef: name: "${kubectl_manifest.wordpress_cfg.name}" - secretRef: name: "${kubectl_manifest.secret.name}" volumeMounts: - mountPath: /var/www/html/ name: wordpress-app - name: wordpress-data mountPath: /var/www/html/wp-content/ subPath: wp-content - name: wordpress-scripts mountPath: /usr/local/bin/wp subPath: wp-cli - name: wordpress-scripts mountPath: /usr/local/bin/vynil-configurator subPath: "vynil-configurator.sh" containers: - name: wordpress image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag} imagePullPolicy: ${var.images.wordpress.pull_policy} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false envFrom: - configMapRef: name: "${kubectl_manifest.wordpress_cfg.name}" - secretRef: name: "${kubectl_manifest.secret.name}" resources: {} ports: - name: php-fpm containerPort: 9000 protocol: TCP livenessProbe: initialDelaySeconds: 10 periodSeconds: 20 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 tcpSocket: port: php-fpm readinessProbe: initialDelaySeconds: 10 periodSeconds: 20 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 tcpSocket: port: php-fpm lifecycle: postStart: exec: command: ["/bin/sh", "-c", "test -f /var/www/html/wp-config.php && chmod 444 /var/www/html/wp-config.php"] volumeMounts: - mountPath: /var/www/html/ name: wordpress-app - name: wordpress-data mountPath: /var/www/html/wp-content/ subPath: wp-content - name: wordpress-config mountPath: /usr/local/etc/php-fpm.d/zz-docker.conf subPath: php-fpm-zz-docker.conf - name: wordpress-config mountPath: /usr/local/etc/php/conf.d/uploads.ini subPath: php-uploads.ini - name: wordpress-config mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini subPath: php-opcache-recommended.ini # - name: wordpress-config # mountPath: /usr/local/etc/php/conf.d/docker-php-ext-redis.ini # subPath: docker-php-ext-redis.ini - name: wordpress-scripts mountPath: /usr/local/bin/wp subPath: wp-cli - name: nginx image: ${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag} imagePullPolicy: ${var.images.nginx.pull_policy} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false ports: - name: http containerPort: 8080 livenessProbe: initialDelaySeconds: 10 periodSeconds: 20 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 httpGet: path: /wp-admin/install.php port: http scheme: HTTP httpHeaders: - name: X-Forwarded-Proto value: https readinessProbe: initialDelaySeconds: 10 periodSeconds: 20 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 tcpSocket: port: http volumeMounts: - mountPath: /var/www/html/ name: wordpress-app - mountPath: /var/www/html/wp-content/ name: wordpress-data subPath: wp-content - mountPath: /etc/nginx/nginx.conf name: wordpress-config subPath: nginx.conf - mountPath: /tmp/ name: nginx-tmp volumes: - name: wordpress-app emptyDir: {} - name: wordpress-scripts configMap: defaultMode: 0755 name: ${kubectl_manifest.wordpress_files.name} items: - key: "vynil-configurator.sh" path: "vynil-configurator.sh" - key: "wp-cli" path: "wp-cli" - name: wordpress-config configMap: name: ${kubectl_manifest.wordpress_files.name} - name: wordpress-data persistentVolumeClaim: claimName: "${var.instance}-${var.component}" - name: nginx-tmp emptyDir: medium: Memory EOF }