Last active
September 17, 2021 08:04
-
-
Save snobu/d9708e699afca721f6b19cd3833a12a8 to your computer and use it in GitHub Desktop.
WordPress on AKS with rook-ceph
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: nginxconf | |
data: | |
nginx.conf: |- | |
user nginx; # match php-fpm user so we can purge cache from Nginx Helper WP plugin | |
worker_processes auto; | |
error_log /var/log/nginx/error.log notice; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log /var/log/nginx/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
keepalive_timeout 65; | |
gzip on; | |
include /etc/nginx/conf.d/*.conf; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: nginxthroughpass | |
data: | |
default.conf: |- | |
fastcgi_cache_path /var/www/html/nginx_cache levels=1:2 keys_zone=wordpress:1024m inactive=60m; | |
fastcgi_cache_key "$scheme$request_method$host$request_uri"; | |
server { | |
listen 80; | |
listen 443 ssl; | |
# force https-redirects | |
#if ($scheme = http) { | |
# return 301 https://$server_name$request_uri; | |
#} | |
ssl_certificate /etc/nginx/ssl/tls.crt; | |
ssl_certificate_key /etc/nginx/ssl/tls.key; | |
root /var/www/html; | |
server_name killerpress.biz; | |
index index.php; | |
client_max_body_size 12M; # Max POST body size | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass 127.0.0.1:9000; | |
fastcgi_index index.php; | |
include fastcgi_params; | |
fastcgi_param PATH_INFO $fastcgi_path_info; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param PHP_VALUE "memory_limit = 2048M"; | |
fastcgi_read_timeout 900; | |
fastcgi_cache wordpress; | |
fastcgi_cache_valid 200 301 302 7d; | |
fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503; | |
fastcgi_cache_min_uses 1; | |
fastcgi_cache_lock on; | |
fastcgi_cache_bypass $skip_cache; | |
fastcgi_no_cache $skip_cache; | |
add_header X-FastCGI-Cache $upstream_cache_status; | |
add_header x-pingback ""; | |
} | |
# Used by Nginx Helper WP plugin to invalidate cache for posts/pages we update | |
# | |
location ~ /purge(/.*) { | |
fastcgi_cache_purge wordpress "$scheme$request_method$host$1"; | |
} | |
set $skip_cache 0; | |
# POST requests and urls with a query string should always go to PHP | |
if ($request_method = POST) { | |
set $skip_cache 1; | |
} | |
if ($query_string != "") { | |
set $skip_cache 1; | |
} | |
# Don't cache uris containing the following segments | |
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-..php|^/feed/|/tag/./feed/|index.php|/.sitemap..(xml|xsl)") { | |
set $skip_cache 1; | |
} | |
# Don't use the cache for logged in users or recent commenters | |
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { | |
set $skip_cache 1; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: wordpress | |
name: wordpress | |
namespace: default | |
spec: | |
ports: | |
- port: 443 | |
name: wordpress-tls | |
protocol: TCP | |
targetPort: 443 | |
- port: 80 | |
name: wordpress | |
protocol: TCP | |
targetPort: 80 | |
selector: | |
app: wordpress | |
tier: frontend | |
sessionAffinity: None | |
type: LoadBalancer | |
status: | |
loadBalancer: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: wordpress | |
labels: | |
app: wordpress | |
spec: | |
selector: | |
matchLabels: | |
app: wordpress | |
tier: frontend | |
strategy: | |
type: Recreate | |
template: | |
metadata: | |
labels: | |
app: wordpress | |
tier: frontend | |
spec: | |
containers: | |
- name: wordpress | |
image: wordpress:5.8.0-php8.0-fpm-alpine | |
env: | |
- name: WORDPRESS_DB_HOST | |
valueFrom: | |
secretKeyRef: | |
name: mysql | |
key: host | |
- name: WORDPRESS_DB_NAME | |
valueFrom: | |
secretKeyRef: | |
name: mysql | |
key: database | |
- name: WORDPRESS_DB_USER | |
valueFrom: | |
secretKeyRef: | |
name: mysql | |
key: username | |
- name: WORDPRESS_DB_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: mysql | |
key: password | |
- name: WORDPRESS_CONFIG_EXTRA | |
value: | | |
define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL); | |
define('WP_AUTO_UPDATE_CORE', false); | |
ports: | |
- containerPort: 80 | |
name: nginx | |
- containerPort: 9000 | |
name: wp-php-fpm | |
volumeMounts: | |
- name: rook-cephfs-wordpress-pvc | |
mountPath: /var/www/html | |
- name: nginx | |
image: emcniece/nginx-cache-purge:1.13-alpine | |
imagePullPolicy : IfNotPresent | |
volumeMounts: | |
- name: tls-certs | |
mountPath: /etc/nginx/ssl | |
readOnly: true | |
- name: rook-cephfs-wordpress-pvc | |
mountPath: /var/www/html | |
- name: nginxdefaultconf | |
mountPath: /etc/nginx/conf.d/default.conf | |
subPath: default.conf | |
readOnly: true | |
- name: nginxconf | |
mountPath: /etc/nginx/nginx.conf | |
subPath: nginx.conf | |
readOnly: true | |
volumes: | |
- name: tls-certs | |
secret: | |
secretName: cloudflare-origin-wordpress | |
- name: rook-cephfs-wordpress-pvc | |
persistentVolumeClaim: | |
claimName: rook-cephfs-wordpress-pvc | |
- configMap: | |
name: nginxconf | |
defaultMode: 256 | |
optional: false | |
name: nginxconf | |
- configMap: | |
name: nginxthroughpass | |
defaultMode: 256 | |
optional: false | |
name: nginxdefaultconf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: PersistentVolumeClaim | |
apiVersion: v1 | |
metadata: | |
name: rook-cephfs-wordpress-pvc | |
spec: | |
storageClassName: rook-cephfs | |
accessModes: | |
- ReadWriteMany | |
resources: | |
requests: | |
storage: 9Gi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment