helmchart/wordpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ba161fb5b90baae4a39aebc14db8677a8587c1c
wordpress/templates/deployment.yaml

341 lines
14 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "wordpress-nginx.fullname" . }}
labels:
{{- include "wordpress-nginx.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "wordpress-nginx.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "wordpress-nginx.selectorLabels" . | nindent 8 }}
spec:
securityContext:
fsGroup: 82
fsGroupChangePolicy: "OnRootMismatch"
initContainers:
- name: wordpress-init
image: "{{ .Values.image.wordpress.registry }}/{{ .Values.image.wordpress.repository }}:{{ .Values.image.wordpress.tag }}"
imagePullPolicy: {{ .Values.image.wordpress.pullPolicy }}
command: ["/bin/sh"]
args:
- -c
- |
#!/bin/sh
set -e
echo "=== WordPress Initialization Started ==="
# WordPress本体ファイルをemptyDirにコピー使い捨て
echo "Copying WordPress core files to ephemeral storage..."
cp -rp /usr/src/wordpress/* /var/www/html/
# wp-content ディレクトリをPVCに配置永続化
if [ ! -d /var/www/html-persistent/wp-content ]; then
echo "Initializing wp-content directory..."
mkdir -p /var/www/html-persistent/wp-content
cp -rp /usr/src/wordpress/wp-content/* /var/www/html-persistent/wp-content/
else
echo "wp-content already exists, preserving user data"
fi
# wp-content をシンボリックリンクで接続
rm -rf /var/www/html/wp-content
ln -sf /var/www/html-persistent/wp-content /var/www/html/wp-content
# wp-config.php を Secretから生成毎回再作成
echo "Generating wp-config.php from Secret..."
cat > /var/www/html/wp-config.php <<'WPCONFIG'
<?php
/**
* WordPress Configuration File
* Generated by Helm Chart
*/
// ** Database settings ** //
define('DB_NAME', getenv('WORDPRESS_DB_NAME'));
define('DB_USER', getenv('WORDPRESS_DB_USER'));
define('DB_PASSWORD', getenv('WORDPRESS_DB_PASSWORD'));
define('DB_HOST', getenv('WORDPRESS_DB_HOST'));
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
// ** Table prefix ** //
$table_prefix = getenv('WORDPRESS_TABLE_PREFIX') ?: 'wp_';
// ** Authentication Unique Keys and Salts ** //
define('AUTH_KEY', getenv('WP_AUTH_KEY'));
define('SECURE_AUTH_KEY', getenv('WP_SECURE_AUTH_KEY'));
define('LOGGED_IN_KEY', getenv('WP_LOGGED_IN_KEY'));
define('NONCE_KEY', getenv('WP_NONCE_KEY'));
define('AUTH_SALT', getenv('WP_AUTH_SALT'));
define('SECURE_AUTH_SALT', getenv('WP_SECURE_AUTH_SALT'));
define('LOGGED_IN_SALT', getenv('WP_LOGGED_IN_SALT'));
define('NONCE_SALT', getenv('WP_NONCE_SALT'));
// ** WordPress Site URLs - Dynamic based on HTTP_HOST ** //
if ( defined( 'WP_CLI' ) ) {
$_SERVER['HTTP_HOST'] = '127.0.0.1';
}
// Determine protocol (HTTP or HTTPS)
$protocol = 'http';
if ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
$protocol = 'https';
} elseif ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ) {
$protocol = 'https';
}
define( 'WP_HOME', $protocol . '://' . $_SERVER['HTTP_HOST'] . '/' );
define( 'WP_SITEURL', $protocol . '://' . $_SERVER['HTTP_HOST'] . '/' );
// ** WordPress Core Updates ** //
define( 'WP_AUTO_UPDATE_CORE', false );
// ** WordPress Debug Mode ** //
define('WP_DEBUG', false);
define('WP_DEBUG_LOG', false);
define('WP_DEBUG_DISPLAY', false);
// ** File System Method ** //
define('FS_METHOD', 'direct');
// ** Memory Limits ** //
define('WP_MEMORY_LIMIT', '256M');
define('WP_MAX_MEMORY_LIMIT', '512M');
/* That's all, stop editing! Happy publishing. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
require_once ABSPATH . 'wp-settings.php';
WPCONFIG
echo "wp-config.php generated"
echo "wp-config.php generated"
# WordPress CLI のセットアップ
echo "Setting up WP-CLI..."
curl -o /tmp/wp-cli.phar https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar 2>/dev/null || true
chmod +x /tmp/wp-cli.phar
# データベース接続待機
echo "Waiting for database connection..."
max_attempts=30
attempt=0
while [ $attempt -lt $max_attempts ]; do
if /tmp/wp-cli.phar --path=/var/www/html db check 2>/dev/null; then
echo "Database connection successful"
break
fi
attempt=$((attempt + 1))
echo "Waiting for database... ($attempt/$max_attempts)"
sleep 2
done
# データベーステーブルの確認
echo "Checking if WordPress is already installed..."
TABLES=$(/tmp/wp-cli.phar --path=/var/www/html db query "SHOW TABLES LIKE '${WORDPRESS_TABLE_PREFIX}options';" 2>/dev/null || echo "")
if [ -z "$TABLES" ]; then
echo "=== Starting WordPress Installation ==="
# 管理者パスワードの処理
if [ -z "$WP_ADMIN_PASSWORD" ]; then
WP_ADMIN_PASSWORD=$(tr -dc 'A-Za-z0-9!@#$%^&*' < /dev/urandom | head -c 16)
echo "Generated admin password: $WP_ADMIN_PASSWORD"
echo "$WP_ADMIN_PASSWORD" > /var/www/html-persistent/.initial-admin-password
fi
# 初回インストール用の一時的なURL後で動的に変更される
INSTALL_URL="http://127.0.0.1"
# WordPressのインストール
echo "Installing WordPress..."
/tmp/wp-cli.phar --path=/var/www/html core install \
--url="$INSTALL_URL" \
--title="$WP_SITE_TITLE" \
--admin_user="$WP_ADMIN_USER" \
--admin_password="$WP_ADMIN_PASSWORD" \
--admin_email="$WP_ADMIN_EMAIL" \
--skip-email
echo "=== WordPress Installation Completed ==="
echo "Admin User: $WP_ADMIN_USER"
if [ -f /var/www/html-persistent/.initial-admin-password ]; then
echo "Admin Password: $(cat /var/www/html-persistent/.initial-admin-password)"
fi
echo "Note: Site URL is dynamic and will be set based on HTTP_HOST"
else
echo "WordPress is already installed, skipping installation"
# コアアップデートの確認
if /tmp/wp-cli.phar --path=/var/www/html core version 2>/dev/null; then
CURRENT_VERSION=$(cat /usr/src/wordpress/wp-includes/version.php | grep "wp_version = " | cut -d "'" -f 2)
echo "Checking for WordPress updates... Target version: $CURRENT_VERSION"
/tmp/wp-cli.phar --path=/var/www/html core update --version=$CURRENT_VERSION 2>/dev/null || true
/tmp/wp-cli.phar --path=/var/www/html core update-db 2>/dev/null || true
fi
fi
{{- if .Values.wordpress.adsTxt.enabled }}
echo "Deploying ads.txt..."
cat > /var/www/html/ads.txt <<'ADSTXT'
{{ .Values.wordpress.adsTxt.content }}
ADSTXT
echo "ads.txt deployed"
{{- end }}
echo "=== WordPress Initialization Completed ==="
volumeMounts:
- name: wordpress-core
mountPath: /var/www/html
- name: wordpress-persistent
mountPath: /var/www/html-persistent
env:
- name: WORDPRESS_DB_HOST
value: {{ .Values.wordpress.dbHost | quote }}
- name: WORDPRESS_DB_NAME
value: {{ .Values.wordpress.dbName | quote }}
- name: WORDPRESS_DB_USER
value: {{ .Values.wordpress.dbUser | quote }}
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: db-password
- name: WORDPRESS_TABLE_PREFIX
value: {{ .Values.wordpress.tablePrefix | quote }}
- name: WP_SITE_TITLE
value: {{ .Values.wordpress.siteTitle | quote }}
- name: WP_ADMIN_USER
value: {{ .Values.wordpress.adminUser | quote }}
- name: WP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: admin-password
- name: WP_ADMIN_EMAIL
value: {{ .Values.wordpress.adminEmail | quote }}
- name: WP_AUTH_KEY
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: auth-key
- name: WP_SECURE_AUTH_KEY
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: secure-auth-key
- name: WP_LOGGED_IN_KEY
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: logged-in-key
- name: WP_NONCE_KEY
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: nonce-key
- name: WP_AUTH_SALT
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: auth-salt
- name: WP_SECURE_AUTH_SALT
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: secure-auth-salt
- name: WP_LOGGED_IN_SALT
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: logged-in-salt
- name: WP_NONCE_SALT
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: nonce-salt
securityContext:
runAsUser: 82
runAsGroup: 82
containers:
- name: nginx
image: "{{ .Values.image.nginx.registry }}/{{ .Values.image.nginx.repository }}:{{ .Values.image.nginx.tag }}"
imagePullPolicy: {{ .Values.image.nginx.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
volumeMounts:
- name: wordpress-core
mountPath: /var/www/html
- name: nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
{{- if .Values.healthCheck.enabled }}
livenessProbe:
{{- toYaml .Values.healthCheck.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.healthCheck.readinessProbe | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources.nginx | nindent 12 }}
- name: wordpress
image: "{{ .Values.image.wordpress.registry }}/{{ .Values.image.wordpress.repository }}:{{ .Values.image.wordpress.tag }}"
imagePullPolicy: {{ .Values.image.wordpress.pullPolicy }}
securityContext:
runAsUser: 82
runAsGroup: 82
env:
- name: WORDPRESS_DB_HOST
value: {{ .Values.wordpress.dbHost | quote }}
- name: WORDPRESS_DB_NAME
value: {{ .Values.wordpress.dbName | quote }}
- name: WORDPRESS_DB_USER
value: {{ .Values.wordpress.dbUser | quote }}
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "wordpress-nginx.fullname" . }}-secret
key: db-password
- name: WORDPRESS_TABLE_PREFIX
value: {{ .Values.wordpress.tablePrefix | quote }}
volumeMounts:
- name: wordpress-core
mountPath: /var/www/html
resources:
{{- toYaml .Values.resources.wordpress | nindent 12 }}
volumes:
- name: wordpress-core
emptyDir: {}
- name: wordpress-persistent
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "wordpress-nginx.fullname" . }}-pvc
{{- else }}
emptyDir: {}
{{- end }}
- name: nginx-config
configMap:
name: {{ include "wordpress-nginx.fullname" . }}-nginx-config
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink