This repository contains example code for Deploy - Wordpress + MySQL + EFK(ElasticSearch + Fluentd + Kibana):
Example(for tests in ssllabs): https://site-wordpress.tk/
- Wordpress
- MySQL
- ElasticSearch (Using Elastic Cloud on Kubernetes - ECK)
- Fluentd + Fluentbit (Using Helm chart Banzaicloud logging-operator-logging)
- Logging Flow (Using Helm Chart Banzaicloud logging-operator)
kubectl create ns site-wordpress
kubectl create ns cert-manager
kubectl create ns ingress-nginx
kubectl create ns elastic-system
kubectl create ns observability
Banzaicloud logging-operator and logging-operator-logging
helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com
helm repo update
helm install logging-operator banzaicloud-stable/logging-operator -n observability \
--set createCustomResource=false \
--set rbac.enable=true
Cert-Manager for TLS Certificates
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager -n cert-manager \
--namespace cert-manager \
--version v0.16.1 \
--set installCRDs=true
Ingress Nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx
Wordpress and MySQL secrets
For testing purposes a password will be stored in Kubernetes Secrets, but for production grade deploy, consider to use some secret-manager solution.
cat <<'EOF' >> secrets.txt
wordpress_database_root_password=teste
wordpress_database_password=teste
wordpress_password=teste
EOF
kubectl create secret generic site-wordpress-secrets -n site-wordpress --from-env-file=secrets.txt
Elasticsearch secrets
Actually with ECK isn't possible to set the password by CRDs. But, thre is a [workarround](https://github.com/elastic/cloud-on-k8s/issues/967#issuecomment-497636249) creating the {clusterName}-es-elastic-user Secret before creating the Elasticsearch resource. For testing purposes a password will be configured in this way, but for production grade deploy, consider to use some secret-manager solution.
kubectl create secret generic logging-es-elastic-user --from-literal=elastic=teste -n observability
kubectl apply -f https://download.elastic.co/downloads/eck/1.2.1/all-in-one.yaml
kubectl apply -f manifests/mysql/mysql-pvc.yaml -n site-wordpress
kubectl apply -f manifests/mysql/mysql-svc.yaml -n site-wordpress
kubectl apply -f manifests/mysql/mysql-sts.yaml -n site-wordpress
For testing purposes Certificate and DNS provider secrets will be stored in this Kubernetes Secret, but for production grade deploy, consider to use some secret-manager solution.
kubectl apply -f manifests/cert-manager/issuer.yaml -n site-wordpress
kubectl apply -f manifests/cert-manager/certificate.yaml -n site-wordpress
kubectl apply -f manifests/wordpress/wordpress-pvc.yaml -n site-wordpress
kubectl apply -f manifests/wordpress/wordpress-svc.yaml -n site-wordpress
kubectl apply -f manifests/wordpress/wordpress-sts.yaml -n site-wordpress
kubectl apply -f manifests/wordpress/wordpress-ingress.yaml -n site-wordpress
kubectl apply -f manifests/efk/es-cluster.yaml -n observability
kubectl apply -f manifests/efk/kibana-eck.yaml -n observability
kubectl apply -f manifests/efk/logging-operator-logging.yaml -n observability
kubectl apply -f manifests/efk/logging-operator-cluster-output.yaml -n observability
kubectl apply -f manifests/efk/logging-operator-flow.yaml -n site-wordpress
PS: For testing purposes a script for create cluster in GKE has been added in manifests/cluster-example
.