-
Notifications
You must be signed in to change notification settings - Fork 218
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Emily Cai
committed
Nov 21, 2019
1 parent
f7b250b
commit 4ae009e
Showing
108 changed files
with
806 additions
and
115 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
# WordPress | ||
|
||
The WordPress application demonstrates how you can configure a WordPress site powered by GCP MySQL database and using Workload Identity for authentication. | ||
|
||
## Prerequisites | ||
|
||
1. Create or identify a GCP project. | ||
1. Create or identify a GKE cluster where Config Connector has not yet been installed. | ||
1. [Enable Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#enable_workload_identity_on_a_new_cluster) on the cluster where you will install Config Connector. | ||
1. Follow the steps [here](https://cloud.google.com/config-connector/docs/how-to/install-upgrade-uninstall) to install Config Connector | ||
|
||
## Steps with Helm | ||
|
||
All steps are run from this directory. | ||
|
||
1. [Install Helm](https://helm.sh/docs/using_helm/) | ||
1. Review and update the values in `./charts/wordpress-gcp/values.yaml` . | ||
1. Validate and install the sample with Helm | ||
|
||
```bash | ||
# validate your chart | ||
helm lint ./charts/wordpress-gcp/ --set google.projectId=[PROJECT_ID] | ||
|
||
# check the output of your chart | ||
helm template ./charts/wordpress-gcp/ --set google.projectId=[PROJECT_ID] | ||
|
||
# install your chart | ||
helm install ./charts/wordpress-gcp/ --set google.projectId=[PROJECT_ID] | ||
``` | ||
|
||
1. Check the status of your database by running `kubectl describe sqlinstance wp-db`. Once the database is created, obtain the external IP address of your WordPress application by checking `kubectl get svc wordpress-external`. Navigate to this address and validate that you see WordPress installation page. | ||
|
||
1. Clean up the installation: | ||
|
||
```bash | ||
# list Helm releases | ||
helm list | ||
# delete release | ||
helm delete [release_name] | ||
## Steps with kustomize | ||
1. [Install kustomize](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/INSTALL.md) | ||
1. Review and update the values in `overlays/production/`. Note how patches are used to update the values. | ||
1. Install the sample with kustomize | ||
```bash | ||
kustomize build ./kustomize/overlays/production | kubectl apply -f - | ||
``` | ||
|
||
1. Check the status of your database by running `kubectl describe sqlinstance wp-db`. Once the database is created, obtain the external IP address of your wordpress application by checking `kubectl get svc wordpress-external`. Navigate to this address and validate that you see WordPress installation page. | ||
1. Uninstall the sample: | ||
|
||
```bash | ||
kustomize build ./kustomize/overlays/production | kubectl delete -f - | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj | ||
.vscode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
apiVersion: v1 | ||
appVersion: "1.0" | ||
description: A Helm chart to deploy WordPress powered by Google Cloud SQL MySQL database and Config Connector to Kubernetes | ||
name: wordpress-gcp | ||
version: 0.1.0 |
8 changes: 8 additions & 0 deletions
8
apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-db.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 | ||
kind: SQLDatabase | ||
metadata: | ||
name: {{ required "dbName is required!" .Values.database.dbName }} | ||
spec: | ||
charset: utf8 | ||
instanceRef: | ||
name: {{ required "instanceName is required!" .Values.database.instanceName }} |
9 changes: 9 additions & 0 deletions
9
apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-instance.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 | ||
kind: SQLInstance | ||
metadata: | ||
name: {{ required "instanceName is required!" .Values.database.instanceName }} | ||
spec: | ||
databaseVersion: {{ required "version is required!" .Values.database.version }} | ||
region: {{ required "region is required!" .Values.google.region }} | ||
settings: | ||
tier: {{ required "tier is required!" .Values.database.tier }} |
10 changes: 10 additions & 0 deletions
10
apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-policy-member.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMPolicyMember | ||
metadata: | ||
name: sql-wp-sa-project-policymember | ||
spec: | ||
member: serviceAccount:sql-wp-sa@{{ required "projectId is required!" .Values.google.projectId }}.iam.gserviceaccount.com | ||
role: roles/cloudsql.client | ||
resourceRef: | ||
kind: Project | ||
name: {{ required "projectId is required!" .Values.google.projectId }} |
6 changes: 6 additions & 0 deletions
6
apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-service-account.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMServiceAccount | ||
metadata: | ||
name: sql-wp-sa | ||
spec: | ||
displayName: Service Account for WordPress Config Connector Sample |
9 changes: 9 additions & 0 deletions
9
apps/wordpress/charts/wordpress-gcp/templates/gcp-sql-user.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 | ||
kind: SQLUser | ||
metadata: | ||
name: {{ required "user is required!" .Values.database.user }} | ||
spec: | ||
instanceRef: | ||
name: {{ required "instanceName is required!" .Values.database.instanceName }} | ||
host: "%" | ||
password: {{ required "password is required!" .Values.database.password }} |
13 changes: 13 additions & 0 deletions
13
apps/wordpress/charts/wordpress-gcp/templates/gcp-wi-policy.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMPolicy | ||
metadata: | ||
name: sql-wp-sa-wi-policy | ||
spec: | ||
resourceRef: | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMServiceAccount | ||
name: sql-wp-sa | ||
bindings: | ||
- role: roles/iam.workloadIdentityUser | ||
members: | ||
- serviceAccount:{{ required "projectId is required!" .Values.google.projectId }}.svc.id.goog[{{ required "Namespace is requried!" .Release.Namespace }}/sql-wp-ksa-wi] |
16 changes: 16 additions & 0 deletions
16
apps/wordpress/charts/wordpress-gcp/templates/k8s-external-load-balancer.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
namespace: default | ||
name: wordpress-external | ||
labels: | ||
app: wordpress | ||
spec: | ||
type: LoadBalancer | ||
ports: | ||
- port: 80 | ||
name: web | ||
targetPort: 80 | ||
protocol: TCP | ||
selector: | ||
app: wordpress |
6 changes: 6 additions & 0 deletions
6
apps/wordpress/charts/wordpress-gcp/templates/k8s-service-account.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: sql-wp-ksa-wi | ||
annotations: | ||
iam.gke.io/gcp-service-account: sql-wp-sa@{{ required "projectId is required!" .Values.google.projectId }}.iam.gserviceaccount.com |
9 changes: 9 additions & 0 deletions
9
apps/wordpress/charts/wordpress-gcp/templates/k8s-sql-db-credentials.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: wordpress-cloudsql-db-credentials | ||
stringData: | ||
projectId: {{ required "projectId is required!" .Values.google.projectId }} | ||
username: {{ required "user is required!" .Values.database.user }} | ||
password: {{ required "password is required!" .Values.database.password }} | ||
connectionName: {{ required "region is required!" .Values.google.region }}:{{ required "instanceName is required!" .Values.database.instanceName }} |
87 changes: 87 additions & 0 deletions
87
apps/wordpress/charts/wordpress-gcp/templates/k8s-stateful-set.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
apiVersion: apps/v1 | ||
kind: StatefulSet | ||
metadata: | ||
namespace: default | ||
name: wordpress | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: wordpress | ||
serviceName: "wordpress" | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
app: wordpress | ||
spec: | ||
terminationGracePeriodSeconds: 30 | ||
serviceAccountName: sql-wp-ksa-wi | ||
containers: | ||
- name: wordpress | ||
resources: | ||
{{ toYaml .Values.wordpress.resources | indent 10 }} | ||
image: {{ required "image is required!" .Values.wordpress.image}} | ||
imagePullPolicy: IfNotPresent | ||
env: | ||
- name: WORDPRESS_DB_HOST | ||
value: 127.0.0.1:3306 | ||
- name: WORDPRESS_DB_USER | ||
valueFrom: | ||
secretKeyRef: | ||
name: wordpress-cloudsql-db-credentials | ||
key: username | ||
- name: WORDPRESS_DB_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: wordpress-cloudsql-db-credentials | ||
key: password | ||
ports: | ||
- containerPort: 80 | ||
volumeMounts: | ||
- name: wordpress-volume | ||
mountPath: /var/www/html | ||
readinessProbe: | ||
httpGet: | ||
path: / | ||
port: 80 | ||
initialDelaySeconds: 180 | ||
periodSeconds: 10 | ||
timeoutSeconds: 10 | ||
failureThreshold: 10 | ||
successThreshold: 1 | ||
livenessProbe: | ||
httpGet: | ||
path: / | ||
port: 80 | ||
initialDelaySeconds: 30 | ||
periodSeconds: 10 | ||
timeoutSeconds: 10 | ||
failureThreshold: 20 | ||
successThreshold: 1 | ||
- name: cloudsql-proxy | ||
resources: | ||
limits: | ||
cpu: "200m" | ||
memory: "100Mi" | ||
image: gcr.io/cloudsql-docker/gce-proxy:1.11 | ||
env: | ||
- name: CONNECTION_NAME | ||
valueFrom: | ||
secretKeyRef: | ||
name: wordpress-cloudsql-db-credentials | ||
key: connectionName | ||
- name: PROJECT_ID | ||
valueFrom: | ||
secretKeyRef: | ||
name: wordpress-cloudsql-db-credentials | ||
key: projectId | ||
command: ["/cloud_sql_proxy", | ||
"-instances=$(PROJECT_ID):$(CONNECTION_NAME)=tcp:3306"] | ||
volumeClaimTemplates: | ||
- metadata: | ||
name: wordpress-volume | ||
spec: | ||
accessModes: [ "ReadWriteOnce" ] | ||
resources: | ||
requests: | ||
storage: {{ required "storage is required!" .Values.wordpress.storage}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Default values for opsman. | ||
# This is a YAML-formatted file. | ||
# Declare variables to be passed into your templates. | ||
|
||
google: | ||
projectId: | ||
region: us-central1 | ||
|
||
database: | ||
instanceName: wp-db | ||
dbName: wordpress | ||
version: MYSQL_5_7 | ||
tier: db-f1-micro | ||
user: wordpress | ||
password: change-me | ||
|
||
wordpress: | ||
image: wordpress:5.2.2-apache | ||
storage: 10Gi | ||
resources: | ||
limits: | ||
cpu: "200m" | ||
memory: "100Mi" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 | ||
kind: SQLDatabase | ||
metadata: | ||
name: wordpress | ||
spec: | ||
charset: utf8 | ||
instanceRef: | ||
name: wp2-db |
4 changes: 2 additions & 2 deletions
4
...th-sql-user/sql_v1alpha3_sqlinstance.yaml → ...ress/kustomize/base/gcp-sql-instance.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 | ||
kind: SQLInstance | ||
metadata: | ||
name: mysql-instance-sample-with-sql-user | ||
name: wp2-db | ||
spec: | ||
databaseVersion: MYSQL_5_7 | ||
region: us-central1 | ||
settings: | ||
tier: db-f1-micro | ||
tier: db-f1-micro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMPolicyMember | ||
metadata: | ||
name: sql-wp-sa-project-policymember | ||
spec: | ||
member: serviceAccount:[email protected] | ||
role: roles/cloudsql.client | ||
resourceRef: | ||
kind: Project | ||
name: project-id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMServiceAccount | ||
metadata: | ||
name: sql-wp-sa | ||
spec: | ||
displayName: Service Account for WordPress Config Connector Sample |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: sql.cnrm.cloud.google.com/v1alpha3 | ||
kind: SQLUser | ||
metadata: | ||
name: wordpress | ||
spec: | ||
instanceRef: | ||
name: wp2-db | ||
host: "%" | ||
password: change-me |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMPolicy | ||
metadata: | ||
name: sql-wp-sa-wi-policy | ||
spec: | ||
resourceRef: | ||
apiVersion: iam.cnrm.cloud.google.com/v1alpha1 | ||
kind: IAMServiceAccount | ||
name: sql-wp-sa | ||
bindings: | ||
- role: roles/iam.workloadIdentityUser | ||
members: | ||
- serviceAccount:project-id.svc.id.goog[default/sql-wp-ksa-wi] |
16 changes: 16 additions & 0 deletions
16
apps/wordpress/kustomize/base/k8s-external-load-balancer.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
namespace: default | ||
name: wordpress-external | ||
labels: | ||
app: wordpress | ||
spec: | ||
type: LoadBalancer | ||
ports: | ||
- port: 80 | ||
name: web | ||
targetPort: 80 | ||
protocol: TCP | ||
selector: | ||
app: wordpress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: sql-wp-ksa-wi | ||
annotations: | ||
iam.gke.io/gcp-service-account: [email protected] |
Oops, something went wrong.