이번 장에서는 helm을 이용하여 wordpress를 배포 해 봅니다
wordpress는 기본적으로 mariadb와 apache+php 이미지에서 동작 됩니다
직접 수동으로 배포하려면 mariadb를 deploy하고 db관련된 설정을 진행하고 apache+php 이미지에 여러가지 작업과 wordpress를 설치하고 db를 연동하는등의 수많은 작업이 필요합니다
이러한 복잡한 배포를 손쉽게 해주는 helm을 이용하여 배포를 실습 해 봅니다
https://github.com/bitnami/charts/tree/main/bitnami/wordpress
helm repo add stable https://charts.helm.sh/stable
먼저 stable repo에 wordpress chart를 확인 합니다
helm search repo wordpress
NAME CHART VERSION APP VERSION DESCRIPTION
stable/wordpress 9.0.3 5.3.2 DEPRECATED Web publishing platform for building...
해당 차트의 내용을 확인 합니다
helm show all stable/wordpress
생략
...
방대한 내용이긴 하나 제대로 배포 하려면 내용을 잘 살피는것이 중요 합니다
아래의 명령어로 필수 values값만 출력 할 수도 있습니다
helm show values stable/wordpress
생략...
사용하는 parameter 정보 입니다 helm install시 set옵션을 통해 parameter를 정의 할 수 있습니다
### Global parameters
| Parameter | Description | Default |
|---------------------------|-------------------------------------------------|---------------------------------------------------------|
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
### Common parameters
| Parameter | Description | Default |
|---------------------------|-------------------------------------------------|---------------------------------------------------------|
| `nameOverride` | String to partially override wordpress.fullname | `nil` |
| `fullnameOverride` | String to fully override wordpress.fullname | `nil` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
### WordPress parameters
| Parameter | Description | Default |
|--------------------------------------|-------------------------------------------------------------------------------|---------------------------------------------------------|
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image name | `bitnami/wordpress` |
| `image.tag` | WordPress image tag | `{TAG_NAME}` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `wordpressSkipInstall` | Skip wizard installation | `false` |
| `wordpressUsername` | User of the application | `user` |
| `wordpressPassword` | Application password | _random 10 character long alphanumeric string_ |
| `wordpressEmail` | Admin email | `user@example.com` |
| `wordpressFirstName` | First name | `FirstName` |
| `wordpressLastName` | Last name | `LastName` |
| `wordpressBlogName` | Blog name | `User's Blog!` |
| `wordpressTablePrefix` | Table prefix | `wp_` |
| `wordpressScheme` | Scheme to generate application URLs [`http`, `https`] | `http` |
| `allowEmptyPassword` | Allow DB blank passwords | `true` |
| `allowOverrideNone` | Set Apache AllowOverride directive to None | `false` |
| `customHTAccessCM` | Configmap with custom wordpress-htaccess.conf directives | `nil` |
| `smtpHost` | SMTP host | `nil` |
| `smtpPort` | SMTP port | `nil` |
| `smtpUser` | SMTP user | `nil` |
| `smtpPassword` | SMTP password | `nil` |
| `smtpUsername` | User name for SMTP emails | `nil` |
| `smtpProtocol` | SMTP protocol [`tls`, `ssl`, `none`] | `nil` |
| `extraEnv` | Additional container environment variables | `[]` |
| `extraVolumeMounts` | Additional volume mounts | `[]` |
| `extraVolumes` | Additional volumes | `[]` |
| `sidecars` | Attach additional sidecar containers to the pod | `nil` |
| `replicaCount` | Number of WordPress Pods to run | `1` |
| `updateStrategy` | Set up update strategy | `RollingUpdate` |
| `schedulerName` | Name of the alternate scheduler | `nil` |
| `securityContext.enabled` | Enable security context for WordPress pods | `true` |
| `securityContext.fsGroup` | Group ID for the WordPress filesystem | `1001` |
| `securityContext.runAsUser` | User ID for the WordPress container | `1001` |
| `resources.limits` | The resources limits for the WordPress container | `{}` |
| `resources.requests` | The requested resources for the WordPress container | `{"memory": "512Mi", "cpu": "300m"}` |
| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) |
| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) |
| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) |
| `podAnnotations` | Pod annotations | `{}` (evaluated as a template) |
| `healthcheckHttps` | Use https for liveliness and readiness | `false` |
| `livenessProbe.enabled` | Enable/disable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` |
| `livenessProbe.periodSeconds` | How often to perform the probe | `10` |
| `livenessProbe.timeoutSeconds` | When the probe times out | `5` |
| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` |
| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
| `livenessProbeHeaders` | Headers to use for livenessProbe | `{}` |
| `readinessProbe.enabled` | Enable/disable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` |
| `readinessProbe.periodSeconds` | How often to perform the probe | `10` |
| `readinessProbe.timeoutSeconds` | When the probe times out | `5` |
| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` |
| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
| `readinessProbeHeaders` | Headers to use for readinessProbe | `{}` |
| `service.annotations` | Service annotations | `{}` (evaluated as a template) |
| `service.type` | Kubernetes Service type | `LoadBalancer` |
| `service.port` | Service HTTP port | `80` |
| `service.httpsPort` | Service HTTPS port | `443` |
| `service.httpsTargetPort` | Service Target HTTPS port | `https` |
| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` |
| `service.metricsPort` | Service Metrics port | `9117` |
| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` |
| `service.nodePorts.http` | Kubernetes http node port | `""` |
| `service.nodePorts.https` | Kubernetes https node port | `""` |
| `service.nodePorts.metrics` | Kubernetes metrics node port | `""` |
| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `nil` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.existingClaim` | Enable persistence using an existing PVC | `nil` |
| `persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) |
| `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` |
| `persistence.size` | PVC Storage Request | `10Gi` |
### Ingress parameters
| Parameter | Description | Default |
|-----------------------------------|----------------------------------------------------------|--------------------------------|
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.certManager` | Add annotations for cert-manager | `false` |
| `ingress.hostname` | Default host for the ingress resource | `wordpress.local` |
| `ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) |
| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` |
| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` |
| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` |
| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
### Database parameters
| Parameter | Description | Default |
|------------------------------------------|-----------------------------------------|------------------------------------------------|
| `mariadb.enabled` | Deploy MariaDB container(s) | `true` |
| `mariadb.rootUser.password` | MariaDB admin password | `nil` |
| `mariadb.db.name` | Database name to create | `bitnami_wordpress` |
| `mariadb.db.user` | Database user to create | `bn_wordpress` |
| `mariadb.db.password` | Password for the database | _random 10 character long alphanumeric string_ |
| `mariadb.replication.enabled` | MariaDB replication enabled | `false` |
| `mariadb.master.persistence.enabled` | Enable database persistence using PVC | `true` |
| `mariadb.master.persistence.accessModes` | Database Persistent Volume Access Modes | `[ReadWriteOnce]` |
| `mariadb.master.persistence.size` | Database Persistent Volume Size | `8Gi` |
| `externalDatabase.host` | Host of the external database | `localhost` |
| `externalDatabase.user` | Existing username in the external db | `bn_wordpress` |
| `externalDatabase.password` | Password for the above username | `nil` |
| `externalDatabase.database` | Name of the existing database | `bitnami_wordpress` |
| `externalDatabase.port` | Database port number | `3306` |
### Metrics parameters
| Parameter | Description | Default |
|-------------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------|
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` |
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` |
| `metrics.resources.limits` | The resources limits for the metrics exporter container | `{}` |
| `metrics.resources.requests` | The requested resources for the metrics exporter container | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace where servicemonitor resource should be created | `nil` |
| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` |
| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` |
| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}`
디비와 웹 이미지가 pv를 사용하도록 설정하고 서비스는 LB타입으로, db id/passwd는 root/root로 설정 하겠습니다
위 조건에 알맞는 parameter를 찾아 설정 해 보겠습니다
persistence.storageClass=
mariadb.master.persistence.storageClass=
mariadb.rootUser.password=root
wordpressPassword=password
서비스 타입은 기본값이 LB로 되어 있어 별도로 넣지 않습니다
설정된 parameter를 이용하여 배포 해 봅니다
[root@m-k8s vagrant]# helm install wordpress stable/wordpress --set global.storageClass=nfs-client,persistence.storageClass=nfs-client,mariadb.primary.persistence.storageClass=nfs-client,mariadb.rootUser.password=root,wordpressPassword=password
WARNING: This chart is deprecated
NAME: wordpress
LAST DEPLOYED: Thu Sep 14 18:34:24 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
This Helm chart is deprecated
Given the `stable` deprecation timeline (https://github.com/helm/charts#deprecation-timeline), the Bitnami maintained Helm chart is now located at bitnami/charts (https://github.com/bitnami/charts/).
The Bitnami repository is already included in the Hubs and we will continue providing the same cadence of updates, support, etc that we've been keeping here these years. Installation instructions are very similar, just adding the _bitnami_ repo and using it during the installation (`bitnami/<chart>` instead of `stable/<chart>`)
```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install my-release bitnami/<chart> # Helm 3
$ helm install --name my-release bitnami/<chart> # Helm 2
```
To update an exisiting _stable_ deployment with a chart hosted in the bitnami repository you can execute
```bash
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm upgrade my-release bitnami/<chart>
```
Issues and PRs related to the chart itself will be redirected to `bitnami/charts` GitHub repository. In the same way, we'll be happy to answer questions related to this migration process in this issue (https://github.com/helm/charts/issues/20969) created as a common place for discussion.
** Please be patient while the chart is being deployed **
To access your WordPress site from outside the cluster follow the steps below:
1. Get the WordPress URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace default -w wordpress'
export SERVICE_IP=$(kubectl get svc --namespace default wordpress --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
echo "WordPress URL: http://$SERVICE_IP/"
echo "WordPress Admin URL: http://$SERVICE_IP/admin"
2. Open a browser and access WordPress using the obtained URL.
3. Login with the following credentials below to see your blog:
echo Username: user
echo Password: $(kubectl get secret --namespace default wordpress -o jsonpath="{.data.wordpress-password}" | base64 --decode)
[root@m-k8s vagrant]# k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gitea-service LoadBalancer 10.107.208.80 192.168.1.150 3000:32012/TCP 6h36m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 36h
wordpress LoadBalancer 10.103.245.156 192.168.1.152 80:30571/TCP,443:32613/TCP,9117:32011/TCP 8m2s
wordpress-mariadb ClusterIP 10.103.252.186 <none> 3306/TCP 8m2s
설정한 값들이 잘 적용되었는지 pod와 pvc를 확인하고 웹페이지에 접속하여 로그인 하여 확인 합니다
이처럼 helm을 잘 이용하면 복잡한 APP을 손쉽게 배포 할 수 있습니다
구성후 아래와 같이 제거합니다.
helm uninstall wordpress
