diff --git a/virtualinsanity/virtualinsanity-wordpress-deployment.yaml b/virtualinsanity/virtualinsanity-wordpress-deployment.yaml new file mode 100644 index 0000000..b5e12f2 --- /dev/null +++ b/virtualinsanity/virtualinsanity-wordpress-deployment.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: virtualinsanity-wordpress + namespace: wordpress + labels: + app: wordpress + site: virtualinsanity +spec: + replicas: 1 + selector: + matchLabels: + app: wordpress + site: virtualinsanity + template: + metadata: + labels: + app: wordpress + site: virtualinsanity + spec: + initContainers: + - name: volume-permissions + image: alpine:latest + command: ["sh", "-c", "chown -R 33:33 /var/www/html/wp-content"] + securityContext: + runAsNonRoot: false # Allow initContainer to run as root for chown + runAsUser: 0 + runAsGroup: 0 + allowPrivilegeEscalation: true + readOnlyRootFilesystem: false + volumeMounts: + - name: wp-content + mountPath: /var/www/html/wp-content + containers: + - name: wordpress + image: wordpress:php8.2-fpm-alpine + ports: + - containerPort: 9000 + securityContext: + runAsNonRoot: true + runAsUser: 33 + runAsGroup: 33 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + volumeMounts: + - name: wp-content + mountPath: /var/www/html/wp-content + - name: tmp-dir + mountPath: /tmp + - name: run-dir + mountPath: /var/run + - name: php-session-save-path + mountPath: /var/lib/php/sessions + - name: nginx-cache + mountPath: /var/cache/nginx + env: + - name: WORDPRESS_DB_HOST + value: "wordpress-db-rw.wordpress.svc.cluster.local" + - name: WORDPRESS_DB_NAME + valueFrom: + secretKeyRef: + name: virtualinsanity-db-secret + key: dbname + - name: WORDPRESS_DB_USER + valueFrom: + secretKeyRef: + name: virtualinsanity-db-secret + key: username + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: virtualinsanity-db-secret + key: password + - name: WP_HOME + value: "https://virtualinsanity.giaco.net" + - name: WP_SITEURL + value: "https://virtualinsanity.giaco.net" + + - name: nginx + image: nginx:alpine + ports: + - containerPort: 80 + securityContext: + runAsNonRoot: true + runAsUser: 101 # Specify a non-root user ID + runAsGroup: 101 # Specify a non-root group ID + allowPrivilegeEscalation: false # Prevent privilege escalation + readOnlyRootFilesystem: false # Allow filesystem modifications for Nginx container + volumeMounts: + - name: wp-content + mountPath: /var/www/html/wp-content + - name: tmp-dir + mountPath: /tmp + - name: run-dir + mountPath: /var/run + - name: nginx-cache + mountPath: /var/cache/nginx + - name: nginx-conf + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + + volumes: + - name: wp-content + persistentVolumeClaim: + claimName: virtualinsanity-wp-content + - name: tmp-dir + emptyDir: {} + - name: run-dir + emptyDir: {} + - name: php-session-save-path + emptyDir: {} + - name: nginx-cache + emptyDir: {} + - name: nginx-conf + configMap: + name: virtualinsanity-nginx-conf \ No newline at end of file