Realm of Chaos - kubernetesWelcome to my notebook! I’m a Site Reliability Engineer who is curious, loves to learn and discover the nature of things.Zola2020-12-02T00:00:00+00:00https://realmofchaos.xyz/tags/kubernetes/atom.xmlWordPress Charm for k8s2020-12-02T00:00:00+00:002020-12-02T00:00:00+00:00
Thomas Cuthbert
https://realmofchaos.xyz/tech/wordpress-k8s-charm/<p>Canonical uses the WordPress blogging system for all our company blogs. Earlier this year I was tasked with updating our WordPress charm from a Services Framework Juju Charm on OpenStack to a Kubernetes based Operator Framework Charm.</p>
<p>The WordPress Operator Charm is simple by design, the goal of the charm is to just provide the various configuration options for our WordPress Kubernetes image, which does all the heavy lifting. See the <a rel="external" href="https://git.launchpad.net/charm-k8s-wordpress/tree/config.yaml">config.yaml</a> file for details on what is supported, one option that can be useful during testing is <code>container_config</code>, which gives you the ability to pass through custom Kubernetes spec environment variables. For example, to enable debug level logging and ensuring you always have the latest image, you would set:</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>microk8s.juju config wordpress container_config='WORDPRESS_DEBUG: "1" imagePullPolicy: "always"'</span></span></code></pre>
<p>The image build process downloads the latest WordPress codebase and installs it behind an Apache web server, it then downloads the plugins all of our blogs depend on, such as, akismet anti-spam support, SSO with the openid teams plugin, and a variety of Canonical Open Source themes. By default the charm will use the current stable build here, however if you wish to customise the image you can fork the code and update the <code>image</code> charm config option to point to the location of your custom image.</p>
<p>To get started with the Operator Framework WordPress charm you will need a MySQL database running locally. As I write this post there is no Kubernetes MySQL charm, so deploy one to an IaaS model with <code>juju deploy cs:mysql</code>. Initialise the database as follows:</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>CREATE DATABASE wordpress CHARACTER SET utf8 COLLATE utf8_unicode_ci;</span></span>
<span class="giallo-l"><span>CREATE USER 'wordpress'@'%' IDENTIFIED BY 'wordpress';</span></span>
<span class="giallo-l"><span>GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'%';</span></span>
<span class="giallo-l"><span>FLUSH PRIVILEGES;</span></span></code></pre>
<p>Once the database is prepared we are now able to deploy the WordPress charm. The easiest way to get started with a local Kubernetes cluster is to have MicroK8s installed, reference the <a rel="external" href="https://git.launchpad.net/charm-k8s-wordpress/tree/README.md">README</a> of the charm for details on how to get one setup. Deploy the charm as follows.</p>
<p>Deploy the charm into your Kubernetes Juju model.</p>
<p><code>microk8s.juju deploy cs:~wordpress-charmers/wordpress</code></p>
<p>The charm requires Kubernetes TLS secrets to be pre-configured to ensure logins are kept secure. Create a self-signed certificate and upload it as a Kubernetes secret.</p>
<p><code>openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt</code> <code>microk8s.kubectl create secret tls -n wordpress tls-wordpress --cert=server.crt --key=server.key</code></p>
<p>Tell the charm where the database is and provide some initial setup.</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span>DB_HOST=$IP_OF_YOUR_MYSQL_DATABASE</span></span>
<span class="giallo-l"><span>microk8s.juju config wordpress db_host=$DB_HOST db_user=wordpress db_password=wordpress tls_secret_name=tls-wordpress \</span></span>
<span class="giallo-l"><span> initial_settings="user_name: admin</span></span>
<span class="giallo-l"><span> admin_email: devnull@example.com</span></span>
<span class="giallo-l"><span> weblog_title: Test Blog</span></span>
<span class="giallo-l"><span> blog_public: False"</span></span></code></pre>
<p>From there you can test the site by updating your <code>/etc/hosts</code> file and creating a static entry for the IP address of the Kubernetes ingress gateway.</p>
<pre class="giallo" style="color: #F8F8F2; background-color: #272822;"><code data-lang="plain"><span class="giallo-l"><span> App Version Status Scale Charm Store Rev OS Address </span></span>
<span class="giallo-l"><span> Messagewordpress wordpress:bionic-stable waiting 1 wordpress local 0 kubernetes 10.152.183.140 </span></span></code></pre>
<p><code>echo '10.152.183.140 myblog.example.com' | sudo tee -a /etc/hosts</code></p>
<p>It will take about 5 to 10 minutes for Juju hooks to discover the site is live and perform the initial setup for you. Look for this line in the output of <code>juju debug-log</code> to confirm.</p>
<p><code>unit.wordpress/0.juju-log Wordpress configured and initialised</code></p>
<p>This is due to <a rel="external" href="https://github.com/canonical/operator/issues/166">issue #166</a> and will be fixed once Juju supports a Kubernetes pod ready hook.</p>
<p>To retrieve the random admin password, run the following.</p>
<p><code>microk8s kubectl exec -ti -n wordpress wordpress-operator-0 -- cat /root/initial.passwd</code></p>
<p>You should now be able to browse to <a rel="external" href="https://myblog.example.com/wp-admin">https://myblog.example.com/wp-admin</a>.</p>
<p>We’ve been using this charm in production for five months now, but recently updated it to bring it up to date with a current version of the Operator Framework. We’d be interested in any feedback on the charm itself, either here or via bugs against the <a rel="external" href="https://bugs.launchpad.net/charm-k8s-wordpress">charm project on Launchpad</a>.</p>