Thank you for reading this post, don't forget to subscribe!
задача запустить wordpress на location
т.е. domain.com/blog/
запускать будем в k8s в aws так же будем запускать базу внутри кластера. диск будет на EFS
helm/charts/wordpres_mysql/templates/_helpers.tpl
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "mysql.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "mysql.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "mysql.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- printf .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Common labels */}} {{- define "mysql.labels" -}} app.kubernetes.io/name: mysql app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "mysql.chart" . }} {{- end -}} {{/* Selector labels */}} {{- define "mysql.selector" -}} app.kubernetes.io/name: mysql app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{/* Generate chart secret name */}} {{- define "mysql.secretName" -}} {{ default (include "mysql.fullname" .) .Values.existingSecret }} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "mysql.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} {{ default (include "mysql.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} |
helm/charts/wordpres_mysql/templates/configurationFiles-configmap.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 |
{{- if .Values.configurationFiles }} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "mysql.fullname" . }}-configuration labels: {{- include "mysql.labels" . | nindent 4 }} data: {{- range $key, $val := .Values.configurationFiles }} {{ $key }}: |- {{ $val | indent 4}} {{- end }} {{- end -}} |
helm/charts/wordpres_mysql/templates/deployment.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "mysql.fullname" . }} labels: {{- include "mysql.labels" . | nindent 4 }} {{- with .Values.deploymentAnnotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: strategy: {{ toYaml .Values.strategy | indent 4 }} selector: matchLabels: {{- include "mysql.selector" . | nindent 6 }} template: metadata: labels: {{- include "mysql.selector" . | nindent 8 }} {{- with .Values.podLabels }} {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.podAnnotations }} annotations: {{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} serviceAccountName: {{ include "mysql.serviceAccountName" . }} initContainers: - name: "remove-lost-found" image: "{{ .Values.busybox.image}}:{{ .Values.busybox.tag }}" imagePullPolicy: {{ .Values.imagePullPolicy | quote }} resources: {{ toYaml .Values.initContainer.resources | indent 10 }} command: ["rm", "-fr", "/var/lib/mysql/lost+found"] volumeMounts: - name: data mountPath: /var/lib/mysql {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} {{- if .Values.extraInitContainers }} {{ tpl .Values.extraInitContainers . | indent 6 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} containers: - name: {{ include "mysql.fullname" . }} image: "{{ .Values.image }}:{{ .Values.imageTag }}" imagePullPolicy: {{ .Values.imagePullPolicy | quote }} {{- with .Values.args }} args: {{- range . }} - {{ . | quote }} {{- end }} {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} env: {{- if .Values.mysqlAllowEmptyPassword }} - name: MYSQL_ALLOW_EMPTY_PASSWORD value: "true" {{- end }} {{- if not (and .Values.allowEmptyRootPassword (not .Values.mysqlRootPassword)) }} - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: {{ include "mysql.secretName" . }} key: mysql-root-password {{- if .Values.mysqlAllowEmptyPassword }} optional: true {{- end }} {{- end }} {{- if not (and .Values.allowEmptyRootPassword (not .Values.mysqlPassword)) }} - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: {{ include "mysql.secretName" . }} key: mysql-password {{- if or .Values.mysqlAllowEmptyPassword (empty .Values.mysqlUser) }} optional: true {{- end }} {{- end }} - name: MYSQL_USER value: {{ default "" .Values.mysqlUser | quote }} - name: MYSQL_DATABASE value: {{ default "" .Values.mysqlDatabase | quote }} {{- if .Values.timezone }} - name: TZ value: {{ .Values.timezone }} {{- end }} {{- if .Values.extraEnvVars }} {{ tpl .Values.extraEnvVars . | indent 8 }} {{- end }} {{- if .Values.ExternalSecrets }} envFrom: - secretRef: name: {{ include "mysql.fullname" . }} {{- end }} ports: - name: mysql containerPort: 3306 {{- if .Values.mysqlx.port.enabled }} - name: mysqlx port: 33060 {{- end }} livenessProbe: exec: command: {{- if .Values.mysqlAllowEmptyPassword }} - mysqladmin - ping {{- else }} - sh - -c - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}" {{- end }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} readinessProbe: exec: command: {{- if .Values.mysqlAllowEmptyPassword }} - mysqladmin - ping {{- else }} - sh - -c - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}" {{- end }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} volumeMounts: - name: data mountPath: /var/lib/mysql {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} {{- if .Values.configurationFiles }} {{- range $key, $val := .Values.configurationFiles }} - name: configurations mountPath: {{ $.Values.configurationFilesPath }}{{ $key }} subPath: {{ $key }} {{- end -}} {{- end }} {{- if .Values.initializationFiles }} - name: migrations mountPath: /docker-entrypoint-initdb.d {{- end }} {{- if .Values.ssl.enabled }} - name: certificates mountPath: /ssl {{- end }} {{- if .Values.extraVolumeMounts }} {{ tpl .Values.extraVolumeMounts . | indent 8 }} {{- end }} {{- if .Values.metrics.enabled }} - name: metrics image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}" imagePullPolicy: {{ .Values.metrics.imagePullPolicy | quote }} {{- if .Values.mysqlAllowEmptyPassword }} command: - 'sh' - '-c' - 'DATA_SOURCE_NAME="root@(localhost:3306)/" /bin/mysqld_exporter' {{- else }} env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: {{ include "mysql.secretName" . }} key: mysql-root-password command: - 'sh' - '-c' - 'DATA_SOURCE_NAME="root:$MYSQL_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter' {{- end }} {{- range $f := .Values.metrics.flags }} - {{ $f | quote }} {{- end }} ports: - name: metrics containerPort: 9104 livenessProbe: httpGet: path: / port: metrics initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} readinessProbe: httpGet: path: / port: metrics initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} resources: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} volumes: {{- if .Values.configurationFiles }} - name: configurations configMap: name: {{ include "mysql.fullname" . }}-configuration {{- end }} {{- if .Values.initializationFiles }} - name: migrations configMap: name: {{ include "mysql.fullname" . }}-initialization {{- end }} {{- if .Values.ssl.enabled }} - name: certificates secret: secretName: {{ .Values.ssl.secret }} {{- end }} - name: data {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (include "mysql.fullname" .) }} {{- else }} emptyDir: {} {{- end -}} {{- if .Values.extraVolumes }} {{ tpl .Values.extraVolumes . | indent 6 }} {{- end }} |
helm/charts/wordpres_mysql/templates/external-secrets.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
{{- if .Values.ExternalSecrets }} apiVersion: kubernetes-client.io/v1 kind: ExternalSecret metadata: name: {{ include "mysql.fullname" . }} labels: {{- include "mysql.labels" . | nindent 4 }} annotations: "helm.sh/hook": pre-install "helm.sh/hook-weight": "1" spec: backendType: secretsManager dataFrom: - {{ .Values.ExternalSecrets }} {{- end }} |
helm/charts/wordpres_mysql/templates/job.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
apiVersion: batch/v1 kind: Job metadata: name: create-database-mysql annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "5" "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: template: spec: containers: - name: create-database-mysql image: "arey/mysql-client:latest" {{- if .Values.ExternalSecrets }} envFrom: - secretRef: name: mysql-wordpress {{- end }} command: ["/bin/sh"] args: ["-c", "echo \"CREATE DATABASE IF NOT EXISTS $MYSQL_DATABASE; CREATE USER IF NOT EXISTS '$MYSQL_USER'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD'; GRANT ALL PRIVILEGES ON $MYSQL_DATABASE.* TO '$MYSQL_USER'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD'; GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_DATABASE'@'%' IDENTIFIED BY '$MYSQL_PASSWORD'; FLUSH PRIVILEGES;\" >> sql.sql; cat sql.sql | mysql -u root -h $MYSQL_HOST -p$MYSQL_ROOT_PASSWORD;"] restartPolicy: Never |
helm/charts/wordpres_mysql/templates/NOTES.txt
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
MySQL can be accessed via port 3306 on the following DNS name from within your cluster: {{ include "mysql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local {{- if .Values.mysqlx.port.enabled }} Connection to the X protocol of MySQL can be done via 33060 on the following DNS name from within your cluster: {{ include "mysql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local {{- end }} {{- if .Values.existingSecret }} If you have not already created the mysql password secret: kubectl create secret generic {{ .Values.existingSecret }} --namespace {{ .Release.Namespace }} --from-file=./mysql-root-password --from-file=./mysql-password {{ else }} To get your root password run: MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "mysql.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo) {{- end }} To connect to your database: 1. Run an Ubuntu pod that you can use as a client: kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il 2. Install the mysql client: $ apt-get update && apt-get install mysql-client -y 3. Connect using the mysql cli, then provide your password: $ mysql -h {{ include "mysql.fullname" . }} -p To connect to your database directly from outside the K8s cluster: {{- if contains "NodePort" .Values.service.type }} MYSQL_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}') MYSQL_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mysql.fullname" . }} -o jsonpath='{.spec.ports[0].nodePort}') {{- else if contains "ClusterIP" .Values.service.type }} MYSQL_HOST=127.0.0.1 MYSQL_PORT={{ .Values.service.port }} # Execute the following command to route the connection: kubectl port-forward svc/{{ include "mysql.fullname" . }} {{ .Values.service.port }} {{- end }} mysql -h ${MYSQL_HOST} -P${MYSQL_PORT} -u root -p${MYSQL_ROOT_PASSWORD} |
helm/charts/wordpres_mysql/templates/pv.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
{{ if .Values.efs.enabled }} apiVersion: v1 kind: PersistentVolume metadata: name: mysql-{{ .Values.efs.endpoint }} spec: capacity: storage: {{ .Values.efs.storage }} volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: efs csi: driver: efs.csi.aws.com volumeHandle: {{ .Values.efs.endpoint }} {{- end }} |
helm/charts/wordpres_mysql/templates/pvc.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
{{ if .Values.efs.enabled }} apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mysql-efs-claim spec: accessModes: - ReadWriteMany storageClassName: efs volumeName: mysql-{{ .Values.efs.endpoint }} resources: requests: storage: {{ .Values.efs.storage }} {{- end }} |
helm/charts/wordpres_mysql/templates/serviceaccount.yaml
1 2 3 4 5 6 7 8 |
{{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "mysql.serviceAccountName" . }} labels: {{- include "mysql.labels" . | nindent 4 }} {{- end }} |
helm/charts/wordpres_mysql/templates/svc.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
apiVersion: v1 kind: Service metadata: name: {{ include "mysql.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "mysql.labels" . | nindent 4 }} annotations: {{- if .Values.service.annotations }} {{ toYaml .Values.service.annotations | indent 4 }} {{- end }} {{- if and (.Values.metrics.enabled) (.Values.metrics.annotations) }} {{ toYaml .Values.metrics.annotations | indent 4 }} {{- end }} spec: type: {{ .Values.service.type }} {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{- end }} ports: - name: mysql port: {{ .Values.service.port }} targetPort: mysql {{- if .Values.service.nodePort }} nodePort: {{ .Values.service.nodePort }} {{- end }} {{- if .Values.mysqlx.port.enabled }} - name: mysqlx port: 33060 targetPort: mysqlx protocol: TCP {{- end }} {{- if .Values.metrics.enabled }} - name: metrics port: 9104 targetPort: metrics {{- end }} selector: {{- include "mysql.selector" . | nindent 4 }} |
helm/charts/wordpres_mysql/Chart.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
apiVersion: v2 appVersion: 5.7.32 description: Fast, reliable, scalable, and easy to use open-source relational database system. home: https://www.mysql.com/ icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png keywords: - mysql - database - sql name: mysql sources: - https://github.com/kubernetes/charts - https://github.com/docker-library/mysql version: 1.0.0 |
helm/charts/wordpres_mysql/values.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 |
## mysql image version ## ref: https://hub.docker.com/r/library/mysql/tags/ ## image: "mysql" imageTag: "5.7.33" strategy: type: Recreate busybox: image: "busybox" tag: "1.32" testFramework: enabled: true image: "bats/bats" tag: "1.2.1" imagePullPolicy: IfNotPresent securityContext: {} ## Specify password for root user ## ## Default: random 10 character string # mysqlRootPassword: testing ## Create a database user ## # mysqlUser: ## Default: random 10 character string # mysqlPassword: ## Allow unauthenticated access, uncomment to enable ## # mysqlAllowEmptyPassword: true ## Create a database ## # mysqlDatabase: ## Specify an imagePullPolicy (Required) ## It's recommended to change this to 'Always' if the image tag is 'latest' ## ref: http://kubernetes.io/docs/user-guide/images/#updating-images ## imagePullPolicy: IfNotPresent ## Additionnal arguments that are passed to the MySQL container. ## For example use --default-authentication-plugin=mysql_native_password if older clients need to ## connect to a MySQL 8 instance. args: [] extraVolumes: {} # - name: extras # emptyDir: {} extraVolumeMounts: {} # - name: extras # mountPath: /usr/share/extras # readOnly: true extraInitContainers: {} # - name: do-something # image: busybox # command: ['do', 'something'] ## A string to add extra environment variables # extraEnvVars: | # - name: EXTRA_VAR # value: "extra" # Optionally specify an array of imagePullSecrets. # Secrets must be manually created in the namespace. # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod # imagePullSecrets: # - name: myRegistryKeySecretName ## Node selector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## Affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 ## Persist data to a persistent volume persistence: enabled: false ## database data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" accessMode: ReadWriteOnce size: 8Gi annotations: {} ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## # schedulerName: ## Security context securityContext: enabled: false runAsUser: 999 fsGroup: 999 ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 256Mi cpu: 100m # Custom mysql configuration files path configurationFilesPath: /etc/mysql/conf.d/ # Custom mysql configuration files used to override default mysql settings configurationFiles: {} # mysql.cnf: |- # [mysqld] # skip-name-resolve # ssl-ca=/ssl/ca.pem # ssl-cert=/ssl/server-cert.pem # ssl-key=/ssl/server-key.pem # To enaable the mysql X Protocol's port # .. will expose the port 33060 # .. Note the X Plugin needs installation # ref: https://dev.mysql.com/doc/refman/8.0/en/x-plugin-checking-installation.html mysqlx: port: enabled: false metrics: enabled: false image: prom/mysqld-exporter imageTag: v0.10.0 imagePullPolicy: IfNotPresent resources: {} annotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "9104" livenessProbe: initialDelaySeconds: 15 timeoutSeconds: 5 readinessProbe: initialDelaySeconds: 5 timeoutSeconds: 1 flags: [] serviceMonitor: enabled: false additionalLabels: {} ## Configure the service ## ref: http://kubernetes.io/docs/user-guide/services/ service: annotations: {} ## Specify a service type ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types type: ClusterIP port: 3306 # nodePort: 32000 # loadBalancerIP: ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ serviceAccount: ## Specifies whether a ServiceAccount should be created ## create: false ## The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the mariadb.fullname template # name: ssl: enabled: false secret: mysql-ssl-certs certificates: {} # - name: mysql-ssl-certs # ca: |- # -----BEGIN CERTIFICATE----- # … # -----END CERTIFICATE----- # cert: |- # -----BEGIN CERTIFICATE----- # … # -----END CERTIFICATE----- # key: |- # -----BEGIN RSA PRIVATE KEY----- # … # -----END RSA PRIVATE KEY----- ## Populates the 'TZ' system timezone environment variable ## ref: https://dev.mysql.com/doc/refman/5.7/en/time-zone-support.html ## ## Default: nil (mysql will use image's default timezone, normally UTC) ## Example: 'Australia/Sydney' # timezone: # Deployment Annotations deploymentAnnotations: {} # To be added to the database server pod(s) podAnnotations: {} podLabels: {} ## Set pod priorityClassName # priorityClassName: {} ## Init container resources defaults initContainer: resources: requests: memory: 10Mi cpu: 10m |
теперь распишу темплейты самого вордпресса
helm/charts/wordpress/templates/_helpers.tpl
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 |
{{/* vim: set filetype=mustache: */}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "wordpress.mariadb.fullname" -}} {{- include "common.names.dependency.fullname" (dict "chartName" "mariadb" "chartValues" .Values.mariadb "context" $) -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "wordpress.memcached.fullname" -}} {{- include "common.names.dependency.fullname" (dict "chartName" "memcached" "chartValues" .Values.memcached "context" $) -}} {{- end -}} {{/* Return the proper WordPress image name */}} {{- define "wordpress.image" -}} {{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} {{- end -}} {{/* Return the proper image name (for the metrics image) */}} {{- define "wordpress.metrics.image" -}} {{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} {{- end -}} {{/* Return the proper image name (for the init container volume-permissions image) */}} {{- define "wordpress.volumePermissions.image" -}} {{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} {{- end -}} {{/* Return the proper Docker Image Registry Secret Names */}} {{- define "wordpress.imagePullSecrets" -}} {{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "wordpress.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "wordpress.customHTAccessCM" -}} {{- printf "%s" .Values.customHTAccessCM -}} {{- end -}} {{/* Return the WordPress configuration secret */}} {{- define "wordpress.configSecretName" -}} {{- if .Values.existingWordPressConfigurationSecret -}} {{- printf "%s" (tpl .Values.existingWordPressConfigurationSecret $) -}} {{- else -}} {{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{/* Return true if a secret object should be created for WordPress configuration */}} {{- define "wordpress.createConfigSecret" -}} {{- if and .Values.wordpressConfiguration (not .Values.existingWordPressConfigurationSecret) }} {{- true -}} {{- end -}} {{- end -}} {{/* Return the WordPress Apache configuration configmap */}} {{- define "wordpress.apache.configmapName" -}} {{- if .Values.existingApacheConfigurationConfigMap -}} {{- printf "%s" (tpl .Values.existingApacheConfigurationConfigMap $) -}} {{- else -}} {{- printf "%s-apache-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{/* Return true if a secret object should be created for Apache configuration */}} {{- define "wordpress.apache.createConfigmap" -}} {{- if and .Values.apacheConfiguration (not .Values.existingApacheConfigurationConfigMap) }} {{- true -}} {{- end -}} {{- end -}} {{/* Return the MariaDB Hostname */}} {{- define "wordpress.databaseHost" -}} {{- if .Values.mariadb.enabled }} {{- if eq .Values.mariadb.architecture "replication" }} {{- printf "%s-primary" (include "wordpress.mariadb.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} {{- end -}} {{- else -}} {{- printf "%s" .Values.externalDatabase.host -}} {{- end -}} {{- end -}} {{/* Return the MariaDB Port */}} {{- define "wordpress.databasePort" -}} {{- if .Values.mariadb.enabled }} {{- printf "3306" -}} {{- else -}} {{- printf "%d" (.Values.externalDatabase.port | int ) -}} {{- end -}} {{- end -}} {{/* Return the MariaDB Database Name */}} {{- define "wordpress.databaseName" -}} {{- if .Values.mariadb.enabled }} {{- printf "%s" .Values.mariadb.auth.database -}} {{- else -}} {{- printf "%s" .Values.externalDatabase.database -}} {{- end -}} {{- end -}} {{/* Return the MariaDB User */}} {{- define "wordpress.databaseUser" -}} {{- if .Values.mariadb.enabled }} {{- printf "%s" .Values.mariadb.auth.username -}} {{- else -}} {{- printf "%s" .Values.externalDatabase.user -}} {{- end -}} {{- end -}} {{/* Return the MariaDB Secret Name */}} {{- define "wordpress.databaseSecretName" -}} {{- if .Values.mariadb.enabled }} {{- if .Values.mariadb.auth.existingSecret -}} {{- printf "%s" .Values.mariadb.auth.existingSecret -}} {{- else -}} {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} {{- end -}} {{- else if .Values.externalDatabase.existingSecret -}} {{- include "common.tplvalues.render" (dict "value" .Values.externalDatabase.existingSecret "context" $) -}} {{- else -}} {{- printf "%s-externaldb" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} {{/* Return the Memcached Hostname */}} {{- define "wordpress.cacheHost" -}} {{- if .Values.memcached.enabled }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} {{- printf "%s.%s.svc.%s" (include "wordpress.memcached.fullname" .) $releaseNamespace $clusterDomain -}} {{- else -}} {{- printf "%s" .Values.externalCache.host -}} {{- end -}} {{- end -}} {{/* Return the Memcached Port */}} {{- define "wordpress.cachePort" -}} {{- if .Values.memcached.enabled }} {{- printf "11211" -}} {{- else -}} {{- printf "%d" (.Values.externalCache.port | int ) -}} {{- end -}} {{- end -}} {{/* Return the WordPress Secret Name */}} {{- define "wordpress.secretName" -}} {{- if .Values.existingSecret }} {{- printf "%s" .Values.existingSecret -}} {{- else -}} {{- printf "%s" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} {{/* Return the SMTP Secret Name */}} {{- define "wordpress.smtpSecretName" -}} {{- if .Values.smtpExistingSecret }} {{- printf "%s" .Values.smtpExistingSecret -}} {{- else -}} {{- printf "%s" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} {{/* Compile all warnings into a single message. */}} {{- define "wordpress.validateValues" -}} {{- $messages := list -}} {{- $messages := append $messages (include "wordpress.validateValues.configuration" .) -}} {{- $messages := append $messages (include "wordpress.validateValues.htaccess" .) -}} {{- $messages := append $messages (include "wordpress.validateValues.database" .) -}} {{- $messages := append $messages (include "wordpress.validateValues.cache" .) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} {{- if $message -}} {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} {{- end -}} {{- end -}} {{/* Validate values of WordPress - Custom wp-config.php */}} {{- define "wordpress.validateValues.configuration" -}} {{- if and (or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret) (not .Values.wordpressSkipInstall) -}} wordpress: wordpressConfiguration You are trying to use a wp-config.php file. This setup is only supported when skipping wizard installation (--set wordpressSkipInstall=true). {{- end -}} {{- end -}} {{/* Validate values of WordPress - htaccess configuration */}} {{- define "wordpress.validateValues.htaccess" -}} {{- if and .Values.customHTAccessCM .Values.allowOverrideNone -}} wordpress: customHTAccessCM You are trying to use custom htaccess rules but Apache was configured to prohibit overriding directives with htaccess files. To use this feature, allow overriding Apache directives (--set allowOverrideNone=false). {{- end -}} {{- end -}} {{/* Validate values of WordPress - Database */}} {{- define "wordpress.validateValues.database" -}} {{- if and (not .Values.mariadb.enabled) (or (empty .Values.externalDatabase.host) (empty .Values.externalDatabase.port) (empty .Values.externalDatabase.database)) -}} wordpress: database You disable the MariaDB installation but you did not provide the required parameters to use an external database. To use an external database, please ensure you provide (at least) the following values: externalDatabase.host=DB_SERVER_HOST externalDatabase.database=DB_NAME externalDatabase.port=DB_SERVER_PORT {{- end -}} {{- end -}} {{/* Validate values of WordPress - Cache */}} {{- define "wordpress.validateValues.cache" -}} {{- if and .Values.wordpressConfigureCache (not .Values.memcached.enabled) (or (empty .Values.externalCache.host) (empty .Values.externalCache.port)) -}} wordpress: cache You enabled cache via W3 Total Cache without but you did not enable the Memcached installation nor you did provided the required parameters to use an external cache server. Please enable the Memcached installation (--set memcached.enabled=true) or provide the external cache server values: externalCache.host=CACHE_SERVER_HOST externalCache.port=CACHE_SERVER_PORT {{- end -}} {{- end -}} |
helm/charts/wordpress/templates/config-secret.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
{{- if (include "wordpress.createConfigSecret" .) }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: wp-config.php: {{ .Values.wordpressConfiguration | b64enc }} {{- end }} |
helm/charts/wordpress/templates/deployment.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 |
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} {{- if .Values.updateStrategy }} strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} {{- end }} {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} template: metadata: labels: {{- include "common.labels.standard" . | nindent 8 }} {{- if .Values.podLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} {{- end }} {{- if or .Values.podAnnotations .Values.metrics.enabled (include "wordpress.createConfigSecret" .) }} annotations: {{- if .Values.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} {{- end }} {{- if .Values.metrics.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} {{- end }} {{- if (include "wordpress.createConfigSecret" .) }} checksum/config-secret: {{ include (print $.Template.BasePath "/config-secret.yaml") . | sha256sum }} {{- end }} {{- end }} spec: {{- include "wordpress.imagePullSecrets" . | nindent 6 }} {{- if .Values.hostAliases }} # yamllint disable rule:indentation hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} # yamllint enable rule:indentation {{- end }} {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName | quote }} {{- end }} {{- if .Values.podSecurityContext.enabled }} securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} serviceAccountName: {{ include "wordpress.serviceAccountName" .}} {{- if .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} {{- end }} {{- if or (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) (.Values.initContainers) }} initContainers: {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }} - name: volume-permissions image: "{{ include "wordpress.volumePermissions.image" . }}" imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} command: - /bin/bash args: - -ec - | mkdir -p /bitnami/wordpress {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} find /bitnami/wordpress -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R $(id -u):$(id -G | cut -d " " -f2) {{- else }} find /bitnami/wordpress -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{- end }} {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto " }} securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} {{- else }} securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} {{- end }} volumeMounts: - mountPath: /bitnami/wordpress name: wordpress-data subPath: wordpress {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} {{- end }} {{- end }} containers: - name: wordpress image: {{ include "wordpress.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else if .Values.command }} command: {{- include "common.tplvalues.render" ( dict "value" .Values.command "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if .Values.args }} args: {{- include "common.tplvalues.render" ( dict "value" .Values.args "context" $) | nindent 12 }} {{- end }} # command: ["sleep", "500"] {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} env: - name: BITNAMI_DEBUG value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - name: ALLOW_EMPTY_PASSWORD value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - name: MARIADB_HOST value: {{ include "wordpress.databaseHost" . | quote }} - name: MARIADB_PORT_NUMBER value: {{ include "wordpress.databasePort" . | quote }} - name: WORDPRESS_DATABASE_NAME value: {{ include "wordpress.databaseName" . | quote }} - name: WORDPRESS_DATABASE_USER value: {{ include "wordpress.databaseUser" . | quote }} - name: WORDPRESS_DATABASE_PASSWORD valueFrom: secretKeyRef: name: {{ include "wordpress.databaseSecretName" . }} key: mariadb-password - name: WORDPRESS_USERNAME value: {{ .Values.wordpressUsername | quote }} - name: WORDPRESS_PASSWORD valueFrom: secretKeyRef: name: {{ include "wordpress.secretName" . }} key: wordpress-password - name: WORDPRESS_EMAIL value: {{ .Values.wordpressEmail | quote }} - name: WORDPRESS_FIRST_NAME value: {{ .Values.wordpressFirstName | quote }} - name: WORDPRESS_LAST_NAME value: {{ .Values.wordpressLastName | quote }} - name: WORDPRESS_HTACCESS_OVERRIDE_NONE value: {{ ternary "yes" "no" .Values.allowOverrideNone | quote }} - name: WORDPRESS_ENABLE_HTACCESS_PERSISTENCE value: {{ ternary "yes" "no" .Values.htaccessPersistenceEnabled | quote }} - name: WORDPRESS_BLOG_NAME value: {{ .Values.wordpressBlogName | quote }} - name: WORDPRESS_SKIP_BOOTSTRAP value: {{ ternary "yes" "no" .Values.wordpressSkipInstall | quote }} - name: WORDPRESS_TABLE_PREFIX value: {{ .Values.wordpressTablePrefix | quote }} - name: WORDPRESS_SCHEME value: {{ .Values.wordpressScheme | quote }} - name: WORDPRESS_EXTRA_WP_CONFIG_CONTENT value: {{ .Values.wordpressExtraConfigContent | quote }} - name: WORDPRESS_PLUGINS value: {{ join "," .Values.wordpressPlugins | quote }} - name: APACHE_HTTP_PORT_NUMBER value: {{ .Values.containerPorts.http | quote }} - name: APACHE_HTTPS_PORT_NUMBER value: {{ .Values.containerPorts.https | quote }} {{- if .Values.overrideDatabaseSettings }} - name: WORDPRESS_OVERRIDE_DATABASE_SETTINGS value: "yes" {{- end }} {{- if .Values.multisite.enable }} - name: WORDPRESS_ENABLE_MULTISITE value: "yes" - name: WORDPRESS_MULTISITE_HOST value: {{ .Values.multisite.host | quote }} - name: WORDPRESS_MULTISITE_EXTERNAL_HTTP_PORT_NUMBER value: {{ .Values.service.ports.http | quote }} - name: WORDPRESS_MULTISITE_EXTERNAL_HTTPS_PORT_NUMBER value: {{ .Values.service.ports.https | quote }} - name: WORDPRESS_MULTISITE_NETWORK_TYPE value: {{ .Values.multisite.networkType | quote }} - name: WORDPRESS_MULTISITE_ENABLE_NIP_IO_REDIRECTION value: {{ ternary "yes" "no" .Values.multisite.enableNipIoRedirect | quote }} {{- end }} {{- if .Values.smtpHost }} - name: SMTP_HOST value: {{ .Values.smtpHost | quote }} {{- end }} {{- if .Values.smtpPort }} - name: SMTP_PORT value: {{ .Values.smtpPort | quote }} {{- end }} {{- if .Values.smtpUser }} - name: SMTP_USER value: {{ .Values.smtpUser | quote }} {{- end }} {{- if or .Values.smtpPassword .Values.smtpExistingSecret }} - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: {{ include "wordpress.smtpSecretName" . }} key: smtp-password {{- end }} {{- if .Values.smtpProtocol }} - name: SMTP_PROTOCOL value: {{ .Values.smtpProtocol | quote }} {{- end }} {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} envFrom: {{- if .Values.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} {{- end }} ports: - name: http containerPort: {{ .Values.containerPorts.http }} - name: https containerPort: {{ .Values.containerPorts.https }} {{- if .Values.extraContainerPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} {{- end }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} {{- end }} {{- if .Values.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} {{- else if .Values.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} {{- end }} {{- if .Values.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} {{- end }} {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} volumeMounts: - mountPath: /bitnami/wordpress name: wordpress-data subPath: wordpress {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} - name: wordpress-config mountPath: /opt/bitnami/wordpress/wp-config.php subPath: wp-config.php {{- end }} {{- if or .Values.apacheConfiguration .Values.existingApacheConfigurationConfigMap }} - name: apache-config mountPath: /opt/bitnami/apache/conf/httpd.conf subPath: httpd.conf {{- end }} {{- if and (not .Values.allowOverrideNone) .Values.customHTAccessCM }} - mountPath: /opt/bitnami/apache/conf/vhosts/htaccess name: custom-htaccess {{- end }} {{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} - mountPath: /docker-entrypoint-init.d name: custom-postinit {{- end }} {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.metrics.enabled }} - name: metrics image: {{ include "wordpress.metrics.image" . }} imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else }} command: - /bin/apache_exporter - --scrape_uri - http://status.localhost:8080/server-status/?auto {{- end }} ports: - name: metrics containerPort: {{ .Values.metrics.containerPorts.metrics }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.metrics.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.metrics.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /metrics port: metrics {{- end }} {{- if .Values.metrics.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} {{- else if .Values.metrics.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /metrics port: metrics {{- end }} {{- if .Values.metrics.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.metrics.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: metrics {{- end }} {{- end }} {{- if .Values.metrics.resources }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: {{- if or .Values.wordpressConfiguration .Values.existingWordPressConfigurationSecret }} - name: wordpress-config secret: secretName: {{ include "wordpress.configSecretName" . }} defaultMode: 0755 {{- end }} {{- if or .Values.apacheConfiguration .Values.existingApacheConfigurationConfigMap }} - name: apache-config configMap: name: {{ include "wordpress.apache.configmapName" . }} defaultMode: 0644 {{- end }} {{- if and (not .Values.allowOverrideNone) .Values.customHTAccessCM }} - name: custom-htaccess configMap: name: {{ include "wordpress.customHTAccessCM" . }} items: - key: wordpress-htaccess.conf path: wordpress-htaccess.conf {{- end }} {{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} - name: custom-postinit configMap: name: {{ printf "%s-postinit" (include "common.names.fullname" .) }} defaultMode: 0755 {{- end }} - name: wordpress-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .)}}-efs-claim {{- else }} emptyDir: {} {{- end }} {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} |
helm/charts/wordpress/templates/external-secrets.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
{{- if .Values.ExternalSecrets }} apiVersion: kubernetes-client.io/v1 kind: ExternalSecret metadata: name: {{ include "common.names.fullname" . }}-aws labels: {{- include "common.labels.standard" . | nindent 4 }}-aws {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} annotations: "helm.sh/hook": pre-install "helm.sh/hook-weight": "1" spec: backendType: secretsManager dataFrom: - {{ .Values.ExternalSecrets }} {{- end }} |
helm/charts/wordpress/templates/externaldb-secrets.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: Opaque data: mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }} {{- end }} |
helm/charts/wordpress/templates/extra-list.yaml
1 2 3 4 5 |
{{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} {{- end }} |
helm/charts/wordpress/templates/hpa.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
{{- if .Values.autoscaling.enabled }} apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment name: {{ include "common.names.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: {{- if .Values.autoscaling.targetCPU }} - type: Resource resource: name: cpu {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} {{- else }} target: type: Utilization averageUtilization: {{ .Values.autoscaling.targetCPU }} {{- end }} {{- end }} {{- if .Values.autoscaling.targetMemory }} - type: Resource resource: name: memory {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} {{- else }} target: type: Utilization averageUtilization: {{ .Values.autoscaling.targetMemory }} {{- end }} {{- end }} {{- end }} |
helm/charts/wordpress/templates/httpd-configmap.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
{{- if (include "wordpress.apache.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap metadata: name: {{ printf "%s-apache-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: httpd.conf: |- {{- .Values.apacheConfiguration | nindent 4 }} {{- end }} |
helm/charts/wordpress/templates/ingress.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
{{- if .Values.ingress.enabled }} apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} annotations: {{- if .Values.ingress.annotations }} {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} ingressClassName: {{ .Values.ingress.ingressClassName | quote }} {{- end }} rules: {{- if .Values.ingress.hostname }} - host: {{ .Values.ingress.hostname | quote }} http: paths: {{- if .Values.ingress.extraPaths }} {{- toYaml .Values.ingress.extraPaths | nindent 10 }} {{- end }} - path: {{ .Values.ingress.path }} {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ .name | quote }} http: paths: - path: {{ default "/" .path }} {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} {{- end }} {{- if .Values.ingress.extraRules }} {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} {{- end }} {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} tls: {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - hosts: - {{ .Values.ingress.hostname | quote }} secretName: {{ printf "%s-tls" .Values.ingress.hostname }} {{- end }} {{- if .Values.ingress.extraTls }} {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} {{- end }} {{- end }} {{- end }} |
helm/charts/wordpress/templates/metrics-svc.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
{{- if .Values.metrics.enabled }} apiVersion: v1 kind: Service metadata: name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: metrics {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} annotations: {{- if .Values.metrics.service.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} {{- end }} spec: type: ClusterIP ports: - name: metrics port: {{ .Values.metrics.service.ports.metrics }} protocol: TCP targetPort: metrics selector: {{- include "common.labels.matchLabels" . | nindent 4 }} {{- end }} |
helm/charts/wordpress/templates/networkpolicy-backend-ingress.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.ingressRules.backendOnlyAccessibleByFrontend }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ printf "%s-backend" (include "common.names.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: podSelector: matchLabels: {{- if .Values.networkPolicy.ingressRules.customBackendSelector }} {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customBackendSelector "context" $) | nindent 6 }} {{- else }} app.kubernetes.io/name: mariadb app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} ingress: - from: - podSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} {{- end }} |
helm/charts/wordpress/templates/networkpolicy-egress.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ printf "%s-egress" (include "common.names.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Egress egress: {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} - ports: - port: 53 protocol: UDP - port: 53 protocol: TCP - to: - namespaceSelector: {} {{- end }} {{- if .Values.networkPolicy.egressRules.customRules }} {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} {{- end }} {{- end }} |
helm/charts/wordpress/templates/networkpolicy-ingress.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingress.enabled .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled) }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ printf "%s-ingress" (include "common.names.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: podSelector: matchLabels: {{- include "common.labels.standard" . | nindent 6 }} ingress: {{- if and .Values.ingress.enabled .Values.networkPolicy.ingress.enabled (or .Values.networkPolicy.ingress.namespaceSelector .Values.networkPolicy.ingress.podSelector) }} - from: {{- if .Values.networkPolicy.ingress.namespaceSelector }} - namespaceSelector: matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }} {{- end }} {{- if .Values.networkPolicy.ingress.podSelector }} - podSelector: matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingress.podSelector "context" $) | nindent 14 }} {{- end }} {{- end }} {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} - from: {{- if .Values.networkPolicy.metrics.namespaceSelector }} - namespaceSelector: matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} {{- end }} {{- if .Values.networkPolicy.metrics.podSelector }} - podSelector: matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} {{- end }} {{- end }} {{- if and .Values.networkPolicy.ingressRules.accessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector) }} - from: {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector }} - namespaceSelector: matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} {{- end }} {{- if .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector }} - podSelector: matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.accessOnlyFrom.podSelector "context" $) | nindent 14 }} {{- end }} {{- end }} {{- if .Values.networkPolicy.ingressRules.customRules }} {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }} {{- end }} {{- end }} |
helm/charts/wordpress/templates/NOTES.txt
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
CHART NAME: {{ .Chart.Name }} CHART VERSION: {{ .Chart.Version }} APP VERSION: {{ .Chart.AppVersion }} ** Please be patient while the chart is being deployed ** {{- if .Values.diagnosticMode.enabled }} The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} Get the list of pods by executing: kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} Access the pod you want to debug by executing kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash In order to replicate the container startup scripts execute this command: /opt/bitnami/scripts/wordpress/entrypoint.sh /opt/bitnami/scripts/apache/run.sh {{- else }} Your WordPress site can be accessed through the following DNS name from within your cluster: {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.ports.http }}) To access your WordPress site from outside the cluster follow the steps below: {{- if .Values.ingress.enabled }} 1. Get the WordPress URL and associate WordPress hostname to your cluster external IP: export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters echo "WordPress URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts {{- else }} {{- $port := .Values.service.ports.http | toString }} 1. Get the WordPress URL by running these commands: {{- if contains "NodePort" .Values.service.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo "WordPress URL: http://$NODE_IP:$NODE_PORT/" echo "WordPress Admin URL: http://$NODE_IP:$NODE_PORT/admin" {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") echo "WordPress URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}/" echo "WordPress Admin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}/admin" {{- else if contains "ClusterIP" .Values.service.type }} kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.http }}:{{ .Values.service.ports.http }} & echo "WordPress URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}//" echo "WordPress Admin URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.ports.http }}{{ end }}//admin" {{- end }} {{- end }} 2. Open a browser and access WordPress using the obtained URL. 3. Login with the following credentials below to see your blog: echo Username: {{ .Values.wordpressUsername }} echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.wordpress-password}" | base64 -d) {{- if .Values.metrics.enabled }} You can access Apache Prometheus metrics following the steps below: 1. Get the Apache Prometheus metrics URL by running: kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} & echo "Apache Prometheus metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics" 2. Open a browser and access Apache Prometheus metrics using the obtained URL. {{- end }} {{- end }} {{- include "wordpress.validateValues" . }} {{- include "common.warnings.rollingTag" .Values.image }} {{- include "common.warnings.rollingTag" .Values.metrics.image }} {{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} |
helm/charts/wordpress/templates/pdb.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
{{- if .Values.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if .Values.pdb.minAvailable }} minAvailable: {{ .Values.pdb.minAvailable }} {{- end }} {{- if .Values.pdb.maxUnavailable }} maxUnavailable: {{ .Values.pdb.maxUnavailable }} {{- end }} selector: matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} {{- end }} |
helm/charts/wordpress/templates/postinit-configmap.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
{{- if or .Values.customPostInitScripts .Values.wordpressConfigureCache }} apiVersion: v1 kind: ConfigMap metadata: name: {{ printf "%s-postinit" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: {{- if .Values.wordpressConfigureCache }} {{- $memcachedFullname := include "wordpress.cacheHost" . }} {{- $memcachedPort := include "wordpress.cachePort" . | int }} 00-configure-w3-total-cache.sh: |- #!/bin/bash # Add permissions to edit wp-config.php chmod +w /bitnami/wordpress/wp-config.php # Activate W3 Total Cache pairs wp plugin activate w3-total-cache wp total-cache fix_environment # Choose 'Memcached' as database and object cache method wp total-cache option set dbcache.engine memcached --type=string wp total-cache option set objectcache.engine memcached --type=string wp total-cache flush all wp total-cache option set dbcache.memcached.servers {{ $memcachedFullname }}:{{ $memcachedPort }} --type=string wp total-cache option set dbcache.enabled true --type=boolean wp total-cache option set objectcache.memcached.servers {{ $memcachedFullname }}:{{ $memcachedPort }} --type=string wp total-cache option set objectcache.enabled true --type=boolean wp total-cache flush all # Revoke permissions to edit wp-config.php chmod a-w bitnami/wordpress/wp-config.php {{- end }} {{- if .Values.customPostInitScripts }} {{- include "common.tplvalues.render" (dict "value" .Values.customPostInitScripts "context" $) | nindent 2 }} {{- end }} {{- end }} |
helm/charts/wordpress/templates/pv.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
{{ if .Values.persistence.enabled }} apiVersion: v1 kind: PersistentVolume metadata: name: wordpress-{{ .Values.persistence.endpoint }} spec: capacity: storage: {{ .Values.persistence.size }} volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: efs csi: driver: efs.csi.aws.com volumeHandle: {{ .Values.persistence.endpoint }} {{- end }} |
helm/charts/wordpress/templates/pvc.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ include "common.names.fullname" . }}-efs-claim namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if or .Values.persistence.annotations .Values.commonAnnotations }} annotations: {{- if .Values.persistence.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} {{- end }} spec: accessModes: {{- if not (empty .Values.persistence.accessModes) }} {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} {{- else }} - {{ .Values.persistence.accessMode | quote }} {{- end }} storageClassName: efs volumeName: wordpress-{{ .Values.persistence.endpoint }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} {{- if .Values.persistence.dataSource }} dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} {{- end }} {{- end }} |
helm/charts/wordpress/templates/secrets.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: Opaque data: {{- if not .Values.existingSecret }} wordpress-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "wordpress-password" "providedValues" (list "wordpressPassword") "context" $) }} {{- end }} {{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }} {{- if .Values.smtpPassword }} smtp-password: {{ .Values.smtpPassword | b64enc | quote }} {{- end }} {{- end }} {{- end }} |
helm/charts/wordpress/templates/serviceaccount.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "wordpress.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} annotations: {{- if .Values.serviceAccount.annotations }} {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end -}} |
helm/charts/wordpress/templates/servicemonitor.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "common.names.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: metrics {{- if .Values.metrics.serviceMonitor.labels }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if .Values.metrics.serviceMonitor.jobLabel }} jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} {{- end }} endpoints: - port: metrics {{- if .Values.metrics.serviceMonitor.interval }} interval: {{ .Values.metrics.serviceMonitor.interval }} {{- end }} {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} {{- end }} honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} {{- if .Values.metrics.serviceMonitor.relabellings }} metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 8 }} {{- end }} {{- if .Values.metrics.serviceMonitor.relabelings }} relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace | quote }} selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: metrics {{- end }} |
helm/charts/wordpress/templates/svc.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if or .Values.service.annotations .Values.commonAnnotations }} annotations: {{- if .Values.service.annotations }} {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} {{- end }} spec: type: {{ .Values.service.type }} {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} clusterIP: {{ .Values.service.clusterIP }} {{- end }} {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} {{- end }} {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{- end }} {{- if .Values.service.sessionAffinity }} sessionAffinity: {{ .Values.service.sessionAffinity }} {{- end }} {{- if .Values.service.sessionAffinityConfig }} sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} {{- end }} ports: - name: http port: {{ .Values.service.ports.http }} protocol: TCP targetPort: http {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} nodePort: {{ .Values.service.nodePorts.http }} {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} - name: https port: {{ .Values.service.ports.https }} protocol: TCP targetPort: {{ .Values.service.httpsTargetPort }} {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} nodePort: {{ .Values.service.nodePorts.https }} {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} {{- if .Values.service.extraPorts }} {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} {{- end }} selector: {{- include "common.labels.matchLabels" . | nindent 4 }} |
helm/charts/wordpress/templates/tls-secrets.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
{{- if .Values.ingress.enabled }} {{- if .Values.ingress.secrets }} {{- range .Values.ingress.secrets }} apiVersion: v1 kind: Secret metadata: name: {{ .name }} namespace: {{ $.Release.Namespace | quote }} labels: {{- include "common.labels.standard" $ | nindent 4 }} {{- if $.Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if $.Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: tls.crt: {{ .certificate | b64enc }} tls.key: {{ .key | b64enc }} --- {{- end }} {{- end }} {{- if and .Values.ingress.tls .Values.ingress.selfSigned }} {{- $ca := genCA "wordpress-ca" 365 }} {{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-tls" .Values.ingress.hostname }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} type: kubernetes.io/tls data: tls.crt: {{ $cert.Cert | b64enc | quote }} tls.key: {{ $cert.Key | b64enc | quote }} ca.crt: {{ $ca.Cert | b64enc | quote }} {{- end }} {{- end }} |
helm/charts/wordpress/Chart.lock
1 2 3 4 5 6 7 8 9 10 11 12 13 |
dependencies: - name: memcached repository: https://charts.bitnami.com/bitnami version: 6.3.2 - name: mariadb repository: https://charts.bitnami.com/bitnami version: 11.4.2 - name: common repository: https://charts.bitnami.com/bitnami version: 2.2.2 digest: sha256:234aa5932acc542e0c2b1760fa11f6d38488a4610f6dc95bcf2381eb2daa236f generated: "2022-12-15T14:19:59.483549481Z" |
helm/charts/wordpress/Chart.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
annotations: category: CMS apiVersion: v2 appVersion: 6.1.1 dependencies: - condition: memcached.enabled name: memcached repository: https://charts.bitnami.com/bitnami version: 6.x.x - condition: mariadb.enabled name: mariadb repository: https://charts.bitnami.com/bitnami version: 11.x.x - name: common repository: https://charts.bitnami.com/bitnami tags: - bitnami-common version: 2.x.x description: WordPress is the world's most popular blogging and content management platform. Powerful yet simple, everyone from students to global corporations use it to build beautiful, functional websites. engine: gotpl home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png keywords: - application - blog - cms - http - php - web - wordpress maintainers: - name: Bitnami url: https://github.com/bitnami/charts name: wordpress sources: - https://github.com/bitnami/containers/tree/main/bitnami/wordpress - https://wordpress.org/ version: 15.2.21 |
helm/charts/wordpress/values.schema.json
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
{ "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { "wordpressUsername": { "type": "string", "title": "Username", "form": true }, "wordpressPassword": { "type": "string", "title": "Password", "form": true, "description": "Defaults to a random 10-character alphanumeric string if not set" }, "wordpressEmail": { "type": "string", "title": "Admin email", "form": true }, "wordpressBlogName": { "type": "string", "title": "Blog Name", "form": true }, "persistence": { "type": "object", "properties": { "size": { "type": "string", "title": "Persistent Volume Size", "form": true, "render": "slider", "sliderMin": 1, "sliderMax": 100, "sliderUnit": "Gi" } } }, "mariadb": { "type": "object", "title": "MariaDB Details", "form": true, "properties": { "enabled": { "type": "boolean", "title": "Use a new MariaDB database hosted in the cluster", "form": true, "description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database details" }, "primary": { "type": "object", "properties": { "persistence": { "type": "object", "properties": { "size": { "type": "string", "title": "Volume Size", "form": true, "hidden": { "value": false, "path": "mariadb/enabled" }, "render": "slider", "sliderMin": 1, "sliderMax": 100, "sliderUnit": "Gi" } } } } } } }, "externalDatabase": { "type": "object", "title": "External Database Details", "description": "If MariaDB is disabled. Use this section to specify the external database details", "form": true, "properties": { "host": { "type": "string", "form": true, "title": "Database Host", "hidden": "mariadb/enabled" }, "user": { "type": "string", "form": true, "title": "Database Username", "hidden": "mariadb/enabled" }, "password": { "type": "string", "form": true, "title": "Database Password", "hidden": "mariadb/enabled" }, "database": { "type": "string", "form": true, "title": "Database Name", "hidden": "mariadb/enabled" }, "port": { "type": "integer", "form": true, "title": "Database Port", "hidden": "mariadb/enabled" } } }, "ingress": { "type": "object", "form": true, "title": "Ingress Configuration", "properties": { "enabled": { "type": "boolean", "form": true, "title": "Use a custom hostname", "description": "Enable the ingress resource that allows you to access the WordPress installation." }, "hostname": { "type": "string", "form": true, "title": "Hostname", "hidden": { "value": false, "path": "ingress/enabled" } }, "tls": { "type": "boolean", "form": true, "title": "Create a TLS secret", "hidden": { "value": false, "path": "ingress/enabled" } } } }, "service": { "type": "object", "form": true, "title": "Service Configuration", "properties": { "type": { "type": "string", "form": true, "title": "Service Type", "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" } } }, "resources": { "type": "object", "title": "Required Resources", "description": "Configure resource requests", "form": true, "properties": { "requests": { "type": "object", "properties": { "memory": { "type": "string", "form": true, "render": "slider", "title": "Memory Request", "sliderMin": 10, "sliderMax": 2048, "sliderUnit": "Mi" }, "cpu": { "type": "string", "form": true, "render": "slider", "title": "CPU Request", "sliderMin": 10, "sliderMax": 2000, "sliderUnit": "m" } } } } }, "volumePermissions": { "type": "object", "properties": { "enabled": { "type": "boolean", "form": true, "title": "Enable Init Containers", "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" } } }, "metrics": { "type": "object", "properties": { "enabled": { "type": "boolean", "title": "Enable Metrics", "description": "Prometheus Exporter / Metrics", "form": true } } } } } |
helm/charts/wordpress/values.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 |
## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## @section Common parameters ## ## @param kubeVersion Override Kubernetes version ## kubeVersion: "" ## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname template ## fullnameOverride: "" ## @param commonLabels Labels to add to all deployed resources ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed resources ## commonAnnotations: {} ## @param clusterDomain Kubernetes Cluster Domain ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] ## Enable diagnostic mode in the deployment ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the deployment ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the deployment ## args: - infinity ## @section WordPress Image parameters ## ## Bitnami WordPress image ## ref: https://hub.docker.com/r/bitnami/wordpress/tags/ ## @param image.registry WordPress image registry ## @param image.repository WordPress image repository ## @param image.tag WordPress image tag (immutable tags are recommended) ## @param image.digest WordPress image digest in the way sha256:aa.… Please note this parameter, if set, will override the tag ## @param image.pullPolicy WordPress image pull policy ## @param image.pullSecrets WordPress image pull secrets ## @param image.debug Specify if debug values should be set ## image: registry: docker.io repository: bitnami/wordpress tag: 6.1.1-debian-11-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @section WordPress Configuration parameters ## WordPress settings based on environment variables ## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#environment-variables ## ## @param wordpressUsername WordPress username ## wordpressUsername: user ## @param wordpressPassword WordPress user password ## Defaults to a random 10-character alphanumeric string if not set ## wordpressPassword: "" ## @param existingSecret Name of existing secret containing WordPress credentials ## NOTE: Must contain key `wordpress-password` ## NOTE: When it's set, the `wordpressPassword` parameter is ignored ## existingSecret: "" ## @param wordpressEmail WordPress user email ## wordpressEmail: user@example.com ## @param wordpressFirstName WordPress user first name ## wordpressFirstName: FirstName ## @param wordpressLastName WordPress user last name ## wordpressLastName: LastName ## @param wordpressBlogName Blog name ## wordpressBlogName: User's Blog! ## @param wordpressTablePrefix Prefix to use for WordPress database tables ## wordpressTablePrefix: wp_ ## @param wordpressScheme Scheme to use to generate WordPress URLs ## wordpressScheme: http ## @param wordpressSkipInstall Skip wizard installation ## NOTE: useful if you use an external database that already contains WordPress data ## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#connect-wordpress-docker-container-to-an-existing-database ## wordpressSkipInstall: false ## @param wordpressExtraConfigContent Add extra content to the default wp-config.php file ## e.g: ## wordpressExtraConfigContent: | ## @ini_set( 'post_max_size', '128M'); ## @ini_set( 'memory_limit', '256M' ); ## wordpressExtraConfigContent: "" ## @param wordpressConfiguration The content for your custom wp-config.php file (advanced feature) ## NOTE: This will override configuring WordPress based on environment variables (including those set by the chart) ## NOTE: Currently only supported when `wordpressSkipInstall=true` ## wordpressConfiguration: "" ## @param existingWordPressConfigurationSecret The name of an existing secret with your custom wp-config.php file (advanced feature) ## NOTE: When it's set the `wordpressConfiguration` parameter is ignored ## existingWordPressConfigurationSecret: "" ## @param wordpressConfigureCache Enable W3 Total Cache plugin and configure cache settings ## NOTE: useful if you deploy Memcached for caching database queries or you use an external cache server ## wordpressConfigureCache: false ## @param wordpressPlugins Array of plugins to install and activate. Can be specified as `all` or `none`. ## NOTE: If set to all, only plugins that are already installed will be activated, and if set to none, no plugins will be activated ## wordpressPlugins: none ## @param apacheConfiguration The content for your custom httpd.conf file (advanced feature) ## apacheConfiguration: "" ## @param existingApacheConfigurationConfigMap The name of an existing secret with your custom httpd.conf file (advanced feature) ## NOTE: When it's set the `apacheConfiguration` parameter is ignored ## existingApacheConfigurationConfigMap: "" ## @param customPostInitScripts Custom post-init.d user scripts ## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress ## NOTE: supported formats are `.sh`, `.sql` or `.php` ## NOTE: scripts are exclusively executed during the 1st boot of the container ## e.g: ## customPostInitScripts: ## enable-multisite.sh: | ## #!/bin/bash ## chmod +w /bitnami/wordpress/wp-config.php ## wp core multisite-install --url=example.com --title="Welcome to the WordPress Multisite" --admin_user="doesntmatternotreallyused" --admin_password="doesntmatternotreallyused" --admin_email="user@example.com" ## cat /docker-entrypoint-init.d/.htaccess > /bitnami/wordpress/.htaccess ## chmod -w bitnami/wordpress/wp-config.php ## .htaccess: | ## RewriteEngine On ## RewriteBase / ## … ## customPostInitScripts: {} ## SMTP mail delivery configuration ## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress/#smtp-configuration ## @param smtpHost SMTP server host ## @param smtpPort SMTP server port ## @param smtpUser SMTP username ## @param smtpPassword SMTP user password ## @param smtpProtocol SMTP protocol ## smtpHost: "" smtpPort: "" smtpUser: "" smtpPassword: "" smtpProtocol: "" ## @param smtpExistingSecret The name of an existing secret with SMTP credentials ## NOTE: Must contain key `smtp-password` ## NOTE: When it's set, the `smtpPassword` parameter is ignored ## smtpExistingSecret: "" ## @param allowEmptyPassword Allow the container to be started with blank passwords ## allowEmptyPassword: true ## @param allowOverrideNone Configure Apache to prohibit overriding directives with htaccess files ## allowOverrideNone: false ## @param overrideDatabaseSettings Allow overriding the database settings persisted in wp-config.php ## overrideDatabaseSettings: false ## @param htaccessPersistenceEnabled Persist custom changes on htaccess files ## If `allowOverrideNone` is `false`, it will persist `/opt/bitnami/wordpress/wordpress-htaccess.conf` ## If `allowOverrideNone` is `true`, it will persist `/opt/bitnami/wordpress/.htaccess` ## htaccessPersistenceEnabled: false ## @param customHTAccessCM The name of an existing ConfigMap with custom htaccess rules ## NOTE: Must contain key `wordpress-htaccess.conf` with the file content ## NOTE: Requires setting `allowOverrideNone=false` ## customHTAccessCM: "" ## @param command Override default container command (useful when using custom images) ## command: [] ## @param args Override default container args (useful when using custom images) ## args: [] ## @param extraEnvVars Array with extra environment variables to add to the WordPress container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars ## extraEnvVarsSecret: "" ## @section WordPress Multisite Configuration parameters ## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#multisite-configuration ## ## @param multisite.enable Whether to enable WordPress Multisite configuration. ## @param multisite.host WordPress Multisite hostname/address. This value is mandatory when enabling Multisite mode. ## @param multisite.networkType WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. ## @param multisite.enableNipIoRedirect Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. ## multisite: enable: false host: "" networkType: subdomain enableNipIoRedirect: false ## @section WordPress deployment parameters ## ## @param replicaCount Number of WordPress replicas to deploy ## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 ## replicaCount: 1 ## @param updateStrategy.type WordPress deployment strategy type ## @param updateStrategy.rollingUpdate WordPress deployment rolling update configuration parameters ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods ## e.g: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate rollingUpdate: {} ## @param schedulerName Alternate scheduler ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param priorityClassName Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param hostAliases [array] WordPress pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: ## Required for Apache exporter to work ## - ip: "127.0.0.1" hostnames: - "status.localhost" ## @param extraVolumes Optionally specify extra list of additional volumes for WordPress pods ## extraVolumes: [] ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for WordPress container(s) ## extraVolumeMounts: [] ## @param sidecars Add additional sidecar containers to the WordPress pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param initContainers Add additional init containers to the WordPress pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'copy themes and plugins from git and push to /bitnami/wordpress/wp-content. Should work with extraVolumeMounts and extraVolumes'] ## initContainers: [] ## @param podLabels Extra labels for WordPress pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param podAnnotations Annotations for WordPress pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set ## key: "" ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## WordPress containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param resources.limits The resources limits for the WordPress containers ## @param resources.requests.memory The requested memory for the WordPress containers ## @param resources.requests.cpu The requested cpu for the WordPress containers ## resources: limits: {} requests: memory: 512Mi cpu: 300m ## Container ports ## @param containerPorts.http WordPress HTTP container port ## @param containerPorts.https WordPress HTTPS container port ## containerPorts: http: 8080 https: 8443 ## @param extraContainerPorts Optionally specify extra list of additional ports for WordPress container(s) ## e.g: ## extraContainerPorts: ## - name: myservice ## containerPort: 9090 ## extraContainerPorts: [] ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled WordPress pods' Security Context ## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup ## @param podSecurityContext.seccompProfile.type Set WordPress container's Security Context seccomp profile ## podSecurityContext: enabled: true fsGroup: 1001 seccompProfile: type: "RuntimeDefault" ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled WordPress containers' Security Context ## @param containerSecurityContext.runAsUser Set WordPress container's Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set WordPress container's Security Context runAsNonRoot ## @param containerSecurityContext.allowPrivilegeEscalation Set WordPress container's privilege escalation ## @param containerSecurityContext.capabilities.drop Set WordPress container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: ["ALL"] ## Configure extra options for WordPress containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param livenessProbe.enabled Enable livenessProbe on WordPress containers ## @skip livenessProbe.httpGet ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param livenessProbe.periodSeconds Period seconds for livenessProbe ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true httpGet: path: /wp-admin/install.php port: '{{ .Values.wordpressScheme }}' scheme: '{{ .Values.wordpressScheme | upper }}' ## If using an HTTPS-terminating load-balancer, the probes may need to behave ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes ## docs, 302 should be considered "successful", but this issue on GitHub ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. ## E.g. ## httpHeaders: ## - name: X-Forwarded-Proto ## value: https ## httpHeaders: [] initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param readinessProbe.enabled Enable readinessProbe on WordPress containers ## @skip readinessProbe.httpGet ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param readinessProbe.periodSeconds Period seconds for readinessProbe ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true httpGet: path: /wp-login.php port: '{{ .Values.wordpressScheme }}' scheme: '{{ .Values.wordpressScheme | upper }}' ## If using an HTTPS-terminating load-balancer, the probes may need to behave ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes ## docs, 302 should be considered "successful", but this issue on GitHub ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. ## E.g. ## httpHeaders: ## - name: X-Forwarded-Proto ## value: https ## httpHeaders: [] initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param startupProbe.enabled Enable startupProbe on WordPress containers ## @skip startupProbe.httpGet ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param startupProbe.periodSeconds Period seconds for startupProbe ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param startupProbe.failureThreshold Failure threshold for startupProbe ## @param startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false httpGet: path: /wp-login.php port: '{{ .Values.wordpressScheme }}' scheme: '{{ .Values.wordpressScheme | upper }}' ## If using an HTTPS-terminating load-balancer, the probes may need to behave ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes ## docs, 302 should be considered "successful", but this issue on GitHub ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. ## E.g. ## httpHeaders: ## - name: X-Forwarded-Proto ## value: https ## httpHeaders: [] initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param lifecycleHooks for the WordPress container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @section Traffic Exposure Parameters ## ## WordPress service parameters ## service: ## @param service.type WordPress service type ## type: LoadBalancer ## @param service.ports.http WordPress service HTTP port ## @param service.ports.https WordPress service HTTPS port ## ports: http: 80 https: 443 ## @param service.httpsTargetPort Target port for HTTPS ## httpsTargetPort: https ## Node ports to expose ## @param service.nodePorts.http Node port for HTTP ## @param service.nodePorts.https Node port for HTTPS ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" https: "" ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## @param service.clusterIP WordPress service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param service.loadBalancerIP WordPress service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param service.loadBalancerSourceRanges WordPress service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param service.externalTrafficPolicy WordPress service external traffic policy ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## @param service.annotations Additional custom annotations for WordPress service ## annotations: {} ## @param service.extraPorts Extra port to expose on WordPress service ## extraPorts: [] ## Configure the ingress resource that allows you to access the WordPress installation ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Enable ingress record generation for WordPress ## enabled: false ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param ingress.hostname Default host for the ingress record ## hostname: wordpress.local ## @param ingress.path Default path for the ingress record ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers ## path: / ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` ## You can: ## - Use the `ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` ## tls: false ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: wordpress.local ## path: / ## extraHosts: [] ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host ## e.g: ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## e.g: ## extraTls: ## - hosts: ## - wordpress.local ## secretName: wordpress.local-tls ## extraTls: [] ## @param ingress.secrets Custom TLS certificates as secrets ## NOTE: 'key' and 'certificate' are expected in PEM format ## NOTE: 'name' should line up with a 'secretName' set further up ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## secrets: ## - name: wordpress.local-tls ## key: |- ## -----BEGIN RSA PRIVATE KEY----- ## … ## -----END RSA PRIVATE KEY----- ## certificate: |- ## -----BEGIN CERTIFICATE----- ## … ## -----END CERTIFICATE----- ## secrets: [] ## @param ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: wordpress.local ## http: ## path: / ## backend: ## service: ## name: wordpress-svc ## port: ## name: http ## extraRules: [] ## @section Persistence Parameters ## ## Persistence Parameters ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims ## enabled: true ## @param persistence.storageClass Persistent Volume storage class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner ## storageClass: "" ## @param persistence.accessModes [array] Persistent Volume access modes ## accessModes: - ReadWriteOnce ## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) ## accessMode: ReadWriteOnce ## @param persistence.size Persistent Volume size ## size: 10Gi ## @param persistence.dataSource Custom PVC data source ## dataSource: {} ## @param persistence.existingClaim The name of an existing PVC to use for persistence ## existingClaim: "" ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC ## If set, the PVC can't have a PV dynamically provisioned for it ## E.g. ## selector: ## matchLabels: ## app: my-app ## selector: {} ## @param persistence.annotations Persistent Volume Claim annotations ## annotations: {} ## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node ## volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false ## Bitnami Shell image ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ ## @param volumePermissions.image.registry Bitnami Shell image registry ## @param volumePermissions.image.repository Bitnami Shell image repository ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) ## @param volumePermissions.image.digest Bitnami Shell image digest in the way sha256:aa.… Please note this parameter, if set, will override the tag ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets ## image: registry: docker.io repository: bitnami/bitnami-shell tag: 11-debian-11-r61 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param volumePermissions.resources.limits The resources limits for the init container ## @param volumePermissions.resources.requests The requested resources for the init container ## resources: limits: {} requests: {} ## Init container' Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## containerSecurityContext: runAsUser: 0 ## @section Other Parameters ## ## WordPress Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: ## @param serviceAccount.create Enable creation of ServiceAccount for WordPress pod ## create: false ## @param serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created ## Can be set to false if pods using this serviceAccount do not need to use K8s API ## automountServiceAccountToken: true ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} ## WordPress Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ ## @param pdb.create Enable a Pod Disruption Budget creation ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## WordPress Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param autoscaling.enabled Enable Horizontal POD autoscaling for WordPress ## @param autoscaling.minReplicas Minimum number of WordPress replicas ## @param autoscaling.maxReplicas Maximum number of WordPress replicas ## @param autoscaling.targetCPU Target CPU utilization percentage ## @param autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: 1 maxReplicas: 11 targetCPU: 50 targetMemory: 50 ## @section Metrics Parameters ## ## Prometheus Exporter / Metrics configuration ## metrics: ## @param metrics.enabled Start a sidecar prometheus exporter to expose metrics ## enabled: false ## Bitnami Apache exporter image ## ref: https://hub.docker.com/r/bitnami/apache-exporter/tags/ ## @param metrics.image.registry Apache exporter image registry ## @param metrics.image.repository Apache exporter image repository ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) ## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.… Please note this parameter, if set, will override the tag ## @param metrics.image.pullPolicy Apache exporter image pull policy ## @param metrics.image.pullSecrets Apache exporter image pull secrets ## image: registry: docker.io repository: bitnami/apache-exporter tag: 0.11.0-debian-11-r71 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param metrics.containerPorts.metrics Prometheus exporter container port ## containerPorts: metrics: 9117 ## Configure extra options for Prometheus exporter containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param metrics.livenessProbe.enabled Enable livenessProbe on Prometheus exporter containers ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 15 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 ## @param metrics.readinessProbe.enabled Enable readinessProbe on Prometheus exporter containers ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 successThreshold: 1 ## @param metrics.startupProbe.enabled Enable startupProbe on Prometheus exporter containers ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Prometheus exporter container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param metrics.resources.limits The resources limits for the Prometheus exporter container ## @param metrics.resources.requests The requested resources for the Prometheus exporter container ## resources: limits: {} requests: {} ## Prometheus exporter service parameters ## service: ## @param metrics.service.ports.metrics Prometheus metrics service port ## ports: metrics: 9150 ## @param metrics.service.annotations [object] Additional custom annotations for Metrics service ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.containerPorts.metrics }}" ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) ## namespace: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## scrapeTimeout: "" ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus ## labels: {} ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: {} ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping ## relabelings: [] ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion ## metricRelabelings: [] ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint ## honorLabels: false ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: "" ## @section NetworkPolicy parameters ## ## Add networkpolicies ## networkPolicy: ## @param networkPolicy.enabled Enable network policies ## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication ## enabled: false ## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus) ## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. ## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. ## metrics: enabled: false ## e.g: ## podSelector: ## label: monitoring ## podSelector: {} ## e.g: ## namespaceSelector: ## label: monitoring ## namespaceSelector: {} ## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies ## @param networkPolicy.ingress.namespaceSelector [object] Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. ## @param networkPolicy.ingress.podSelector [object] Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. ## ingress: enabled: false ## e.g: ## podSelector: ## label: ingress ## podSelector: {} ## e.g: ## namespaceSelector: ## label: ingress ## namespaceSelector: {} ## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb) only accessible by testlink's pods. ## @param networkPolicy.ingressRules.customBackendSelector [object] Backend selector labels. These labels will be used to identify the backend pods. ## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes testlink only accessible from a particular origin ## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access testlink. This label will be used to identified the allowed namespace(s). ## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector [object] Pods selector label that is allowed to access testlink. This label will be used to identified the allowed pod(s). ## @param networkPolicy.ingressRules.customRules [object] Custom network policy ingress rule ## ingressRules: ## mariadb backend only can be accessed from testlink ## backendOnlyAccessibleByFrontend: false ## Additional custom backend selector ## e.g: ## customBackendSelector: ## - to: ## - namespaceSelector: ## matchLabels: ## label: example ## customBackendSelector: {} ## Allow only from the indicated: ## accessOnlyFrom: enabled: false ## e.g: ## podSelector: ## label: access ## podSelector: {} ## e.g: ## namespaceSelector: ## label: access ## namespaceSelector: {} ## custom ingress rules ## e.g: ## customRules: ## - from: ## - namespaceSelector: ## matchLabels: ## label: example ## customRules: {} ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule ## egressRules: # Deny connections to external. This is not compatible with an external database. denyConnectionsToExternal: false ## Additional custom egress rules ## e.g: ## customRules: ## - to: ## - namespaceSelector: ## matchLabels: ## label: example ## customRules: {} ## @section Database Parameters ## ## MariaDB chart configuration ## ref: https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml ## mariadb: ## @param mariadb.enabled Deploy a MariaDB server to satisfy the applications database requirements ## To use an external database set this to false and configure the `externalDatabase.*` parameters ## enabled: true ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` ## architecture: standalone ## MariaDB Authentication parameters ## @param mariadb.auth.rootPassword MariaDB root password ## @param mariadb.auth.database MariaDB custom database ## @param mariadb.auth.username MariaDB custom user name ## @param mariadb.auth.password MariaDB custom user password ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run ## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run ## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run ## auth: rootPassword: "" database: bitnami_wordpress username: bn_wordpress password: "" ## MariaDB Primary configuration ## primary: ## MariaDB Primary Persistence parameters ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## @param mariadb.primary.persistence.enabled Enable persistence on MariaDB using PVC(s) ## @param mariadb.primary.persistence.storageClass Persistent Volume storage class ## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes ## @param mariadb.primary.persistence.size Persistent Volume size ## persistence: enabled: true storageClass: "" accessModes: - ReadWriteOnce size: 8Gi ## External Database Configuration ## All of these values are only used if `mariadb.enabled=false` ## externalDatabase: ## @param externalDatabase.host External Database server host ## host: localhost ## @param externalDatabase.port External Database server port ## port: 3306 ## @param externalDatabase.user External Database username ## user: bn_wordpress ## @param externalDatabase.password External Database user password ## password: "" ## @param externalDatabase.database External Database database name ## database: bitnami_wordpress ## @param externalDatabase.existingSecret The name of an existing secret with database credentials. Evaluated as a template ## NOTE: Must contain key `mariadb-password` ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored ## existingSecret: "" ## Memcached chart configuration ## ref: https://github.com/bitnami/charts/blob/main/bitnami/memcached/values.yaml ## memcached: ## @param memcached.enabled Deploy a Memcached server for caching database queries ## enabled: false ## Authentication parameters ## ref: https://github.com/bitnami/containers/tree/main/bitnami/memcached#creating-the-memcached-admin-user ## auth: ## @param memcached.auth.enabled Enable Memcached authentication ## enabled: false ## @param memcached.auth.username Memcached admin user ## username: "" ## @param memcached.auth.password Memcached admin password ## password: "" ## Service parameters ## service: ## @param memcached.service.port Memcached service port ## port: 11211 ## External Memcached Configuration ## All of these values are only used if `memcached.enabled=false` ## externalCache: ## @param externalCache.host External cache server host ## host: localhost ## @param externalCache.port External cache server port ## port: 11211 |
запускаем всё это с помощью helmfile:
helm/helmfile.d/values/prod/mysql.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
ExternalSecrets: "/prod/external-secret-wordpress-prod" persistence: enabled: true existingClaim: "mysql-efs-claim" efs: enabled: true endpoint: fs-07292eb6e4aa783b5 storage: 2Gi resources: limits: cpu: 200m memory: 512Mi requests: cpu: 200m memory: 512Mi nodeSelector: node.kubernetes.io/lifecycle: spot |
helm/helmfile.d/values/prod/wordpress.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
image: registry: docker.io repository: bitnami/wordpress tag: 6.1.1-debian-11-r13 pullPolicy: IfNotPresent pullSecrets: [] ## Enable debug mode debug: false resources: limits: memory: 1024Mi cpu: 500m requests: memory: 1024Mi cpu: 500m ingress: enabled: true annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: 100m nginx.ingress.kubernetes.io/server-snippet: | location = /blog { return 301 https://$host/blog/; } pathType: ImplementationSpecific # apiVersion: "" # ingressClassName: "" ## @param ingress.hostname Default host for the ingress record ## hostname: dimain.com ## @param ingress.path Default path for the ingress record ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers ## path: /blog/ wordpressScheme: https customPostInitScripts: wp-home-blog.sh: | #!/bin/bash chmod 755 /bitnami/wordpress/wp-config.php sed -i "/^define( 'WP_HOME'/d" /bitnami/wordpress/wp-config.php sed -i "/^define( 'WP_SITEURL'/d" /bitnami/wordpress/wp-config.php wp cli cache clear chmod 644 bitnami/wordpress/wp-config.php ln -s /opt/bitnami/wordpress /opt/bitnami/wordpress/blog lifecycleHooks: postStart: exec: command: ["ln", "-s", "/opt/bitnami/wordpress", "/opt/bitnami/wordpress/blog"] livenessProbe: enabled: true httpGet: path: /blog/wp-admin/install.php port: '{{ .Values.wordpressScheme }}' scheme: '{{ .Values.wordpressScheme | upper }}' ## If using an HTTPS-terminating load-balancer, the probes may need to behave ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes ## docs, 302 should be considered "successful", but this issue on GitHub ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. ## E.g. ## httpHeaders: ## - name: X-Forwarded-Proto ## value: https ## httpHeaders: [] initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true httpGet: path: /blog/wp-login.php port: '{{ .Values.wordpressScheme }}' scheme: '{{ .Values.wordpressScheme | upper }}' httpHeaders: [] initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 service: type: ClusterIP volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: true persistence: enabled: true accessModes: - ReadWriteMany size: 2Gi endpoint: fs-018ea0324760e448a ## @param persistence.existingClaim The name of an existing PVC to use for persistence ## existingClaim: "" mariadb: enabled: false externalDatabase: host: "mysql-wordpress" port: 3306 user: wordpress database: wordpress # ## @param externalDatabase.existingSecret The name of an existing secret with database credentials. Evaluated as a template # ## NOTE: Must contain key `mariadb-password` # ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored # ## existingSecret: "wordpress-aws" existingSecret: "wordpress-aws" wordpressSkipInstall: true ExternalSecrets: "/prod/external-secret-wordpress-prod" nodeSelector: node.kubernetes.io/lifecycle: spot |
helm/helmfile.d/helmfile.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
helmDefaults: historyMax: 5 createNamespace: false wait: true repositories: - name: "bitnami" url: "https://charts.bitnami.com/bitnami" releases: - name: "main-site" namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} labels: chart: "main-site" component: "main-site" namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} chart: "../charts/main-site" values: - values/main-site.yaml.gotmpl - values/{{ requiredEnv "ENVIRONMENT_NAME" }}/main-site.yaml # # we do not need it, if necessary install uncomment it # # - name: "mysql-wordpress" # namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} # labels: # chart: "mysql-wordpress" # component: "mysql-wordpress" # namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} # chart: "../charts/wordpres_mysql" # wait: true # values: # - values/{{ requiredEnv "ENVIRONMENT_NAME" }}/mysql.yaml # - name: "wordpress" # namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} # labels: # chart: "bitnami/wordpress" # component: "wordpress" # namespace: {{ requiredEnv "ENVIRONMENT_NAME" }} # chart: "../charts/wordpress" # wait: true # values: # - values/{{ requiredEnv "ENVIRONMENT_NAME" }}/wordpress.yaml |
а вот переменные из externalsecret у secret manager это и для базы данных и для wordpress
/prod/external-secret-wordpress-prod
1 2 3 4 5 6 7 8 9 |
mysql-root-password 123456789 mysql-password 123456789 MYSQL_USER wordpress MYSQL_DATABASE wordpress MYSQL_ROOT_PASSWORD 123456789 MYSQL_HOST mysql-wordpress MYSQL_PASSWORD 123456789 mariadb-password 123456789 wordpress-password admin123456789 |