Deploying WordPress on GKE Cluster with Persistent Disk and Cloud SQL

In this tutorial, we will walk through the process of deploying a WordPress web application on Google Kubernetes Engine (GKE) using a Persistent Volume for storing web data and Google Cloud SQL for database management. Assuming that the GKE cluster is provisioned and in a ready state, we'll break down the deployment into four parts, leveraging various managed cloud resources.

Part 1: Cloud SQL

Setting up Cloud SQL involves three simple steps:

a) Create a SQL instance using the following example command, with parameters adjusted to your specifications:

gcloud sql instances create mysql-wp --database-version=MYSQL_5_7 --tier=db-f1-micro --region=us-central1

b) Create a database for the WordPress web application:

gcloud sql databases create wordpress --instance mysql-wp

c) Create a non-root user and password for the web application to access the database:

gcloud sql users create <provide_as_a_user_name_wordpress> --host=% --instance mysql-wp --password <your_password>

Part 2: Configure ServiceAccount and Create Secrets

Provision a service account for the WordPress application to connect with Cloud SQL:

gcloud iam service-accounts create cloudsql-proxy --display-name cloudsql-proxy

Assign the cloudsql.client role to the service account:

gcloud iam service-accounts list --filter=displayName:cloudsql-proxy

gcloud projects add-iam-policy-binding <project_ID> --role roles/cloudsql.client --member serviceAccount:<mention_SA_email>

gcloud iam service-accounts keys create <key.json> --iam-acocunt <mention_SA_email>

Create Kubernetes secrets to store credential information:

kubectl create secret generic cloudsql-db-credentials --from-literal username=wordpress --from-literal password=password

kubectl create secret generic cloudsql-instance-credentials --from-file=sakey.json

Part 3: Setup Persistent Volume Claim (PVC)

Create a Persistent Volume Claim for the WordPress container to attach:

#wp-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: wordpress-volumeclaim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 200Gi

# Create the PVC:
kubectl create -f wp-pvc.yaml
kubectl get pvc

Part 4: Deploy WordPress Web Application

Finally, deploy the WordPress container, integrating both the Persistent Volume and Cloud SQL. Here is the YAML file for reference:

# this is a working file. 
# wordpress container connecting to PVC/PV , Cloud SQL
# creates a side car container to run cloudsql-proxy for wordpress container to run
# Obviously, after cloudsql-proxy established connection, wordpress Container can connect to db using 127.0.0.1:3306 as db host
# Google cloud proxy is listening locally on this pod

apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress
  labels:
    app: wordpress
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wordpress
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
        - image: docker.io/wordpress
          name: wordpress
          env:
          - name: WORDPRESS_DB_HOST
            value: 127.0.0.1:3306
          - name: WORDPRESS_DEBUG
            value: "true"
          # These secrets are required to start the pod.
          - name: WORDPRESS_DB_USER
            valueFrom:
              secretKeyRef:
                name: cloudsql-db-credentials
                key: username
          - name: WORDPRESS_DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: cloudsql-db-credentials
                key: password
          ports:
            - containerPort: 80
              name: wordpress
          volumeMounts:
            - name: wordpress-persistent-storage
              mountPath: /var/www/html
        - name: cloudsql-proxy
          image: gcr.io/cloudsql-docker/gce-proxy:1.33.2
          command: ["/cloud_sql_proxy", "-instances=<project_id>:<region>:<instance_name>=tcp:3306", "-log_debug_stdout", "-credential_file=/secrets/cloudsql/<key>.json"]
          securityContext:
            runAsUser: 2  # non-root user
            allowPrivilegeEscalation: false
          volumeMounts:
            - name: cloudsql-instance-credentials
              mountPath: /secrets/cloudsql
              readOnly: true
      volumes:
        - name: wordpress-persistent-storage
          persistentVolumeClaim:
            claimName: wordpress-volumeclaim
        - name: cloudsql-instance-credentials
          secret:
            secretName: cloudsql-instance-credentials

Clean Up

To avoid incurring charges, delete the project containing the resources, or delete individual resources while keeping the project.