From af1f552bd6ed0389a4ea988b4dd89bcdd9f520e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Fri, 17 May 2024 10:34:06 +0200 Subject: [PATCH] fix --- apps/wordpress/wordpress_ConfigMap.tf | 18 +-- apps/wordpress/wordpress_workload.tf | 203 ++++++++++++++++++++++++++ 2 files changed, 206 insertions(+), 15 deletions(-) create mode 100644 apps/wordpress/wordpress_workload.tf diff --git a/apps/wordpress/wordpress_ConfigMap.tf b/apps/wordpress/wordpress_ConfigMap.tf index c75b215..08bc78f 100644 --- a/apps/wordpress/wordpress_ConfigMap.tf +++ b/apps/wordpress/wordpress_ConfigMap.tf @@ -45,22 +45,10 @@ resource "kubectl_manifest" "wordpress_files" { #!/usr/bin/env bash set -ex if [ ! -f "$(pwd)/wp-config.php" ];then - echo "$${WORDPRESS_CONFIG_EXTRA}" | wp config create \ - --dbname="$${WORDPRESS_DB_NAME}" \ - --dbuser="$${WORDPRESS_DB_USER}" \ - --dbpass="$${WORDPRESS_DB_PASSWORD}" \ - --dbhost="$${WORDPRESS_DB_HOST}" \ - --extra-php + echo "$${WORDPRESS_CONFIG_EXTRA}" | wp config create --dbname="$${WORDPRESS_DB_NAME}" --dbuser="$${WORDPRESS_DB_USER}" --dbpass="$${WORDPRESS_DB_PASSWORD}" --dbhost="$${WORDPRESS_DB_HOST}" --extra-php fi - if [ -z $(wp core is-installed) ]; then - wp core install \ - --url="https://$${WORDPRESS_HOST}" \ - --title="$${WORDPRESS_TITLE}" \ - --admin_user="$${WORDPRESS_ADMIN_NAME}" \ - --admin_password="$${WORDPRESS_ADMIN_PASSWORD}" \ - --admin_email="$${WORDPRESS_ADMIN_MAIL}" \ - --locale="${var.config.locale}" \ - --skip-email + if [ -z "$(wp core is-installed)" ]; then + wp core install --url="https://$${WORDPRESS_HOST}" --title="$${WORDPRESS_TITLE}" --admin_user="$${WORDPRESS_ADMIN_NAME}" --admin_password="$${WORDPRESS_ADMIN_PASSWORD}" --admin_email="$${WORDPRESS_ADMIN_MAIL}" --locale="${var.config.locale}" --skip-email fi wp-cli: |- #!/bin/sh diff --git a/apps/wordpress/wordpress_workload.tf b/apps/wordpress/wordpress_workload.tf new file mode 100644 index 0000000..671bc56 --- /dev/null +++ b/apps/wordpress/wordpress_workload.tf @@ -0,0 +1,203 @@ +resource "kubectl_manifest" "Deployment_wordpress" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: "${var.instance}-${var.component}" + labels: ${jsonencode(local.wp_all_labels)} + namespace: ${var.namespace} + annotations: + configmap.reloader.stakater.com/reload: "${kubectl_manifest.wordpress_cfg.name},${kubectl_manifest.wordpress_files.name}" + secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name}" + spec: + replicas: 1 + selector: + matchLabels: ${jsonencode(local.wp_labels)} + template: + metadata: + labels: ${jsonencode(local.wp_labels)} + spec: + serviceAccountName: default + securityContext: + fsGroup: 12000 + runAsGroup: 12000 + runAsNonRoot: true + runAsUser: 12000 + initContainers: + - name: copy-wordpress-app + image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag} + imagePullPolicy: ${var.images.wordpress.pull_policy} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + command: [sh, -cx] + args: + - >- + echo Copying Wordpress source ...; + ls -l /usr/src/wordpress/; + cp -r /usr/src/wordpress/. /wordpress-app/; + if [ -z "$(ls -A /wordpress-data/wp-content/)" ]; then echo "Copying initial files to wp-content ..."; cp -r /usr/src/wordpress/wp-content/* /wordpress-data/wp-content/; fi; + volumeMounts: + - mountPath: /wordpress-app/ + name: wordpress-app + - mountPath: /wordpress-data/wp-content/ + name: wordpress-data + subPath: wp-content + - name: wordpress-config + image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag} + imagePullPolicy: ${var.images.wordpress.pull_policy} + command: [/usr/local/bin/vynil-configurator] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + envFrom: + - configMapRef: + name: "${kubectl_manifest.wordpress_cfg.name}" + - secretRef: + name: "${kubectl_manifest.secret.name}" + volumeMounts: + - mountPath: /var/www/html/ + name: wordpress-app + - name: wordpress-data + mountPath: /var/www/html/wp-content/ + subPath: wp-content + - name: wordpress-scripts + mountPath: /usr/local/bin/wp + subPath: wp-cli + - name: wordpress-scripts + mountPath: /usr/local/bin/vynil-configurator + subPath: "vynil-configurator.sh" + containers: + - name: wordpress + image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag} + imagePullPolicy: ${var.images.wordpress.pull_policy} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + envFrom: + - configMapRef: + name: "${kubectl_manifest.wordpress_cfg.name}" + - secretRef: + name: "${kubectl_manifest.secret.name}" + resources: {} + ports: + - name: php-fpm + containerPort: 9000 + protocol: TCP + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + tcpSocket: + port: php-fpm + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + tcpSocket: + port: php-fpm + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "test -f /var/www/html/wp-config.php && chmod 444 /var/www/html/wp-config.php"] + volumeMounts: + - mountPath: /var/www/html/ + name: wordpress-app + - name: wordpress-data + mountPath: /var/www/html/wp-content/ + subPath: wp-content + - name: wordpress-config + mountPath: /usr/local/etc/php-fpm.d/zz-docker.conf + subPath: php-fpm-zz-docker.conf + - name: wordpress-config + mountPath: /usr/local/etc/php/conf.d/uploads.ini + subPath: php-uploads.ini + - name: wordpress-config + mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini + subPath: php-opcache-recommended.ini + # - name: wordpress-config + # mountPath: /usr/local/etc/php/conf.d/docker-php-ext-redis.ini + # subPath: docker-php-ext-redis.ini + - name: wordpress-scripts + mountPath: /usr/local/bin/wp + subPath: wp-cli + - name: nginx + image: ${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag} + imagePullPolicy: ${var.images.nginx.pull_policy} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + ports: + - name: http + containerPort: 8080 + livenessProbe: + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + httpGet: + path: /wp-admin/install.php + port: http + scheme: HTTP + httpHeaders: + - name: X-Forwarded-Proto + value: https + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 20 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + tcpSocket: + port: http + volumeMounts: + - mountPath: /var/www/html/ + name: wordpress-app + - mountPath: /var/www/html/wp-content/ + name: wordpress-data + subPath: wp-content + - mountPath: /etc/nginx/nginx.conf + name: wordpress-config + subPath: nginx.conf + - mountPath: /tmp/ + name: nginx-tmp + volumes: + - name: wordpress-app + emptyDir: {} + - name: wordpress-scripts + configMap: + defaultMode: 0755 + name: ${kubectl_manifest.wordpress_files.name} + items: + - key: "vynil-configurator.sh" + path: "vynil-configurator.sh" + - key: "wp-cli" + path: "wp-cli" + - name: wordpress-config + configMap: + name: ${kubectl_manifest.wordpress_files.name} + - name: wordpress-data + persistentVolumeClaim: + claimName: "${var.instance}-${var.component}" + - name: nginx-tmp + emptyDir: + medium: Memory +EOF +}