feat: add WordPress deployment manifest for virtualinsanity
This commit is contained in:
Your Name
committed by
Your Name (aider)
Your Name (aider)
parent
084ee9131e
commit
973dddce86
116
virtualinsanity/virtualinsanity-wordpress-deployment.yaml
Normal file
116
virtualinsanity/virtualinsanity-wordpress-deployment.yaml
Normal file
@@ -0,0 +1,116 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: virtualinsanity-wordpress
|
||||
namespace: wordpress
|
||||
labels:
|
||||
app: wordpress
|
||||
site: virtualinsanity
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: wordpress
|
||||
site: virtualinsanity
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: wordpress
|
||||
site: virtualinsanity
|
||||
spec:
|
||||
initContainers:
|
||||
- name: volume-permissions
|
||||
image: alpine:latest
|
||||
command: ["sh", "-c", "chown -R 33:33 /var/www/html/wp-content"]
|
||||
securityContext:
|
||||
runAsNonRoot: false # Allow initContainer to run as root for chown
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
allowPrivilegeEscalation: true
|
||||
readOnlyRootFilesystem: false
|
||||
volumeMounts:
|
||||
- name: wp-content
|
||||
mountPath: /var/www/html/wp-content
|
||||
containers:
|
||||
- name: wordpress
|
||||
image: wordpress:php8.2-fpm-alpine
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 33
|
||||
runAsGroup: 33
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: false
|
||||
volumeMounts:
|
||||
- name: wp-content
|
||||
mountPath: /var/www/html/wp-content
|
||||
- name: tmp-dir
|
||||
mountPath: /tmp
|
||||
- name: run-dir
|
||||
mountPath: /var/run
|
||||
- name: php-session-save-path
|
||||
mountPath: /var/lib/php/sessions
|
||||
- name: nginx-cache
|
||||
mountPath: /var/cache/nginx
|
||||
env:
|
||||
- name: WORDPRESS_DB_HOST
|
||||
value: "wordpress-db-rw.wordpress.svc.cluster.local"
|
||||
- name: WORDPRESS_DB_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: virtualinsanity-db-secret
|
||||
key: dbname
|
||||
- name: WORDPRESS_DB_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: virtualinsanity-db-secret
|
||||
key: username
|
||||
- name: WORDPRESS_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: virtualinsanity-db-secret
|
||||
key: password
|
||||
- name: WP_HOME
|
||||
value: "https://virtualinsanity.giaco.net"
|
||||
- name: WP_SITEURL
|
||||
value: "https://virtualinsanity.giaco.net"
|
||||
|
||||
- name: nginx
|
||||
image: nginx:alpine
|
||||
ports:
|
||||
- containerPort: 80
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101 # Specify a non-root user ID
|
||||
runAsGroup: 101 # Specify a non-root group ID
|
||||
allowPrivilegeEscalation: false # Prevent privilege escalation
|
||||
readOnlyRootFilesystem: false # Allow filesystem modifications for Nginx container
|
||||
volumeMounts:
|
||||
- name: wp-content
|
||||
mountPath: /var/www/html/wp-content
|
||||
- name: tmp-dir
|
||||
mountPath: /tmp
|
||||
- name: run-dir
|
||||
mountPath: /var/run
|
||||
- name: nginx-cache
|
||||
mountPath: /var/cache/nginx
|
||||
- name: nginx-conf
|
||||
mountPath: /etc/nginx/conf.d/default.conf
|
||||
subPath: default.conf
|
||||
|
||||
volumes:
|
||||
- name: wp-content
|
||||
persistentVolumeClaim:
|
||||
claimName: virtualinsanity-wp-content
|
||||
- name: tmp-dir
|
||||
emptyDir: {}
|
||||
- name: run-dir
|
||||
emptyDir: {}
|
||||
- name: php-session-save-path
|
||||
emptyDir: {}
|
||||
- name: nginx-cache
|
||||
emptyDir: {}
|
||||
- name: nginx-conf
|
||||
configMap:
|
||||
name: virtualinsanity-nginx-conf
|
||||
Reference in New Issue
Block a user