Deploying WordPress on GKE Cluster with Persistent Disk and Cloud SQL
In this tutorial, we will walk through the process of deploying a WordPress web application on Google Kubernetes Engine (GKE) using a Persistent Volume for storing web data and Google Cloud SQL for database management. Assuming that the GKE cluster is provisioned and in a ready state, we'll break down the deployment into four parts, leveraging various managed cloud resources.
Part 1: Cloud SQL
Setting up Cloud SQL involves three simple steps:
a) Create a SQL instance using the following example command, with parameters adjusted to your specifications:
gcloud sql instances create mysql-wp --database-version=MYSQL_5_7 --tier=db-f1-micro --region=us-central1
b) Create a database for the WordPress web application:
gcloud sql databases create wordpress --instance mysql-wp
c) Create a non-root user and password for the web application to access the database:
gcloud sql users create <provide_as_a_user_name_wordpress> --host=% --instance mysql-wp --password <your_password>
Part 2: Configure ServiceAccount and Create Secrets
Provision a service account for the WordPress application to connect with Cloud SQL:
gcloud iam service-accounts create cloudsql-proxy --display-name cloudsql-proxy
Assign the cloudsql.client role to the service account:
gcloud iam service-accounts list --filter=displayName:cloudsql-proxy
gcloud projects add-iam-policy-binding <project_ID> --role roles/cloudsql.client --member serviceAccount:<mention_SA_email>
gcloud iam service-accounts keys create <key.json> --iam-acocunt <mention_SA_email>
Create Kubernetes secrets to store credential information:
kubectl create secret generic cloudsql-db-credentials --from-literal username=wordpress --from-literal password=password
kubectl create secret generic cloudsql-instance-credentials --from-file=sakey.json
Part 3: Setup Persistent Volume Claim (PVC)
Create a Persistent Volume Claim for the WordPress container to attach:
#wp-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: wordpress-volumeclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
# Create the PVC:
kubectl create -f wp-pvc.yaml
kubectl get pvc
Part 4: Deploy WordPress Web Application
Finally, deploy the WordPress container, integrating both the Persistent Volume and Cloud SQL. Here is the YAML file for reference:
# this is a working file.
# wordpress container connecting to PVC/PV , Cloud SQL
# creates a side car container to run cloudsql-proxy for wordpress container to run
# Obviously, after cloudsql-proxy established connection, wordpress Container can connect to db using 127.0.0.1:3306 as db host
# Google cloud proxy is listening locally on this pod
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
app: wordpress
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- image: docker.io/wordpress
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: 127.0.0.1:3306
- name: WORDPRESS_DEBUG
value: "true"
# These secrets are required to start the pod.
- name: WORDPRESS_DB_USER
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: username
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: cloudsql-db-credentials
key: password
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
- name: cloudsql-proxy
image: gcr.io/cloudsql-docker/gce-proxy:1.33.2
command: ["/cloud_sql_proxy", "-instances=<project_id>:<region>:<instance_name>=tcp:3306", "-log_debug_stdout", "-credential_file=/secrets/cloudsql/<key>.json"]
securityContext:
runAsUser: 2 # non-root user
allowPrivilegeEscalation: false
volumeMounts:
- name: cloudsql-instance-credentials
mountPath: /secrets/cloudsql
readOnly: true
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wordpress-volumeclaim
- name: cloudsql-instance-credentials
secret:
secretName: cloudsql-instance-credentials
Clean Up
To avoid incurring charges, delete the project containing the resources, or delete individual resources while keeping the project.