{"id":14955027,"url":"https://github.com/odennav/wordpress-mariadb-helm","last_synced_at":"2025-06-20T01:05:42.560Z","repository":{"id":230299336,"uuid":"779041878","full_name":"odennav/wordpress-mariadb-helm","owner":"odennav","description":"Use Terraform to provision infrastructure in AWS and deploy WordPress with MariaDB in Kubernetes Cluster using Helm Chart","archived":false,"fork":false,"pushed_at":"2024-06-30T22:04:19.000Z","size":211,"stargazers_count":2,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-04T06:50:02.075Z","etag":null,"topics":["ansible","aws","aws-ec2","cert-manager","cloudflare","helm-chart","letsencrypt","mariadb-database","nfs-server","nginx-ingress-controller","persistent-storage","prometheus","prometheus-metrics","pv","pvc","terraform","tls-certificate","wordpress-site"],"latest_commit_sha":null,"homepage":"https://github.com/bitnami/charts/tree/main/bitnami/wordpress","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/odennav.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-28T23:17:12.000Z","updated_at":"2024-06-30T22:04:22.000Z","dependencies_parsed_at":"2024-09-21T22:01:14.077Z","dependency_job_id":null,"html_url":"https://github.com/odennav/wordpress-mariadb-helm","commit_stats":{"total_commits":59,"total_committers":3,"mean_commits":"19.666666666666668","dds":0.5423728813559322,"last_synced_commit":"e5e561daef6f04419675ab75ac6e0753a94d29be"},"previous_names":["odennav/k8s-nfs-wp-mdb","odennav/wordpress-mariadb-helm"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/odennav/wordpress-mariadb-helm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/odennav%2Fwordpress-mariadb-helm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/odennav%2Fwordpress-mariadb-helm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/odennav%2Fwordpress-mariadb-helm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/odennav%2Fwordpress-mariadb-helm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/odennav","download_url":"https://codeload.github.com/odennav/wordpress-mariadb-helm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/odennav%2Fwordpress-mariadb-helm/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260857364,"owners_count":23073435,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","aws","aws-ec2","cert-manager","cloudflare","helm-chart","letsencrypt","mariadb-database","nfs-server","nginx-ingress-controller","persistent-storage","prometheus","prometheus-metrics","pv","pvc","terraform","tls-certificate","wordpress-site"],"created_at":"2024-09-24T13:10:24.770Z","updated_at":"2025-06-20T01:05:37.544Z","avatar_url":"https://github.com/odennav.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Deploy WordPress with MariaDB in Kubernetes Cluster.\n\nProvision infrastructure in AWS and deploy WordPress with MariaDB in Kubernetes Cluster using Helm charts.\n\n----\n\n## Getting Started\n\nThere are six sections to follow and implement as shown below:\n- Provision AWS Infrastructure\n\n- Set up Kubernetes cluster and NFS srver\n\n- Create Dynamic Persistent Volume Provisioner\n\n- Install Wordpress and MariaDB with Helm charts\n\n- Connect to Wordpress and MariaDB\n\n- Testing Data Persistence\n\n- Securing Traffic with Let's Encrypt Certificates\n\n- Enable WordPress monitoring metrics\n\n-----\n\n## Provision AWS Infrastructure\n\nClone this repo to local machine\n\n```bash\ncd /\ngit clone git@github.com:odennav/wordpress-mariadb-helm.git\ncd terraform-kubernetes-aws-ec2/terraform-manifest\n```\n\n**Provision AWS resources**\n\nExecute these terraform commands sequentially on your `local` machine to create the AWS infrastructure.\n\n```bash\ncd terraform-manifest\n```\n\nInitialize the terraform working directory\n\n```bash\nterraform init\n```\n\nValidate the syntax of the terraform configuration files\n\n```bash\nterraform validate\n```\n\nCreate an execution plan that describes the changes terraform will make to the infrastructure.\n\n```bash\nterraform plan\n```\n\nApply the changes described in execution plan\n```bash\nterraform apply -auto-approve\n```\nCheck AWS console for instances created and running\n\n\n**SSH Access**\n\nUse .pem key from AWS to SSH into the public EC2 instance.\n\nIPv4 address of public EC2 instance will be shown in terraform outputs.\n\n\n```bash\nssh -i private-key/terraform-key.pem ec2-user@\u003cipaddress\u003e\n```\nIts possible to use public `EC2` instance as a jumpbox to securely SSH into private EC2 instances within the VPC.\n\nChange password of root user for public EC2instance `control-dev`\n\n```bash\nsudo passwd\n   ```\nSwitch to root user\n\nUpdate `apt` package manager\n```bash\ncd /\napt update -y\napt upgrade -y\n```\n\nConfirm Git was installed \n```bash\ngit --version\n```\n\nConfirm `terraform-key` was transferred to public `EC2` instance by null provisioner\n\nPlease note if `.pem` key not found, copy it manually.\n\nAlso key can be copied to another folder because it will be deleted if node is restarted or shutdown\n```bash\nls -la /tmp/terraform-key.pem\ncp /tmp/terraform-key.pem /\n```\n\nChange permissions of `terraform-key.pem` file\n\n```bash\nchmod 400 /tmp/terraform-key.pem\n```\n\n\nClone this repo to `/` directory in `dev-Control` node\n   ```bash\n   cd /\n   git clone git@github.com:odennav/terraform-kubernetes-aws-ec2.git\n   ```\n\n\n-----\n\n## Set up Kubernetes Cluster and NFS Server\n\nInstall Ansible in `dev-Control` node\n\n```bash\nsudo apt install software-properties-common\nsudo add-apt-repository --yes --update ppa:ansible/ansible\nsudo apt install ansible\n```\n\n**Bootstrap EC2 Private Instances**\n   \nAll the nodes need to be bootstrapped.\n\nOnce the bootstrap is complete, you will only be able to log in as `odennav-admin`.\n\nConfirm SSH access to `k8snode-1`   \n```bash\nssh -i /tmp/terraform-key.pem  odennav-admin@\u003ck8snode-1 ipv4 address\u003e\n```  \nTo return to `dev-Control`, type `exit` and press `Enter` or use `Ctrl+D`.\n   \nConfirm SSH access to `k8snode-2`\n```bash\nssh -i /tmp/terraform-key.pem  odennav-admin@\u003ck8snode-2 ipv4 address\u003e\n```  \n  \nConfirm SSH access to `k8snode-3`\n```bash\nssh -i /tmp/terraform-key.pem odennav-admin@\u003ck8snode-3 ipv4 address\u003e\n```\n\nNow you can now bootstrap them\n```bash\ncd ../bootstrap\nansible-playbook bootstrap.yml --limit k8s_master,k8s_node\n```\n\n**Set up Kubernetes Cluster**\n\nYour kube nodes are now ready to have a Kubernetes cluster installed on them.\n\nExecute playbooks in this particular order:\n\n```bash\ncd ../k8s\nansible-playbook k8s.yml  --limit k8s_master\nansible-playbook k8s.yml  --limit k8s_node\n```\n\nCheck status of your nodes and confirm they're ready\n```bash\nkubectl get nodes\n```\n\n\n**Bootstrap the NFS Server**\n   \nBootstrap this server.\n\nOnce the bootstrap is complete you will only be able to log in as `odennav-admin`\n\n```bash\ncd ../ansible/bootstrap\nansible-playbook bootstrap.yml --limit nfs_server\n```\n\nCreate NFS share\n\n```bash\ncd ../nfs\nansible-playbook nfs.yml\n```\n\n`/pv-share/` directory is created and made available to all nodes, but its not mounted yet by the nodes\n   \n   \nLogin to 1st node in cluster\n\n```bash\nssh -i /tmp/terraform-key.pem odennav-admin@\u003ck8snode-1 ipv4 address\u003e\n```\n\nConfirm nfs client is installed \n```bash\ndpkg -l | grep nfs-common\n```\n\nIf not available:\n```bash\nsudo apt install nfs-common\n```\n\nCreate shared directory and mount nfs share\n\nThis directory will be mounted to `/pv-share/` created in NFS server.\n\n```bash\ncd /\nsudo mkdir /shared\nsudo chmod 2770 /shared\nsudo mount -t nfs \u003cdb-1 ipv4 address\u003e:/pv-share /shared\n```\n\nConfirm NFS share is implemented\n\nMake a test file in `/shared/` dir on the cluster node. It should be present in `/pv-share/` dir on nfsserver.\n\n```bash\nsudo touch test-k8smaster\n```\n\nRepeat process for the other kubernetes cluster nodes.\n\n-----\n\n## Create Dynamic Persistent Volume Provisioner\n\nPersistent storage is required to store very important data and avoiding total loss of data.\n\nKubernetes deals with pods that have short life span, they could be stopped at any time and restarted on a different node, causing the container's filesystem to be lost with the pod.\n\nThis is not reliable, hence the need for filesystem that is available and accessibleirrespective of pod actions.\n\nPV is configured to use different types of storage technology such as:\n\n- CephFS\n- iSCSI\n- NFS\n- Azure File\n\nWe will use Network File System (NFS) which is a way of sharing a centralised filesystem across multiple nodes. \n\nAlthough persistent storage is managed by kubernetes in the cluster, the actual storage is on nfs server which is not part of the kubernetes cluster and it is on different subnet.\n\n![](https://github.com/odennav/wordpress-mariadb-helm/blob/main/docs/1.png)\n\n### Persistent Volume\n\nCreating a PV within your cluster, tells Kubernetes that pods should have access to persistent storage that will outlive the pod and possibly the cluster itself.\n\n\n### Persistent Volume Claims\n\nWe want pods to access the PV created. To do this, a Persistent Volume Claim or PVC is required. \n\nWhen PVC is created within a namespace, only pods in that namespace can mount it. However, it can be bound to any PV as these are not namespaced.\n\nIt is possible that Kubernetes cannot bind the PVC to a valid PV and that the PVC remains unbound until a PV becomes available.\n\nThis will lead to instances of pods in `Pending` state instead of `Running` state and PVC having `Unbound` status.\n\n### Mounting PVC\n\nHere access to PVC in the pod is done by mounting the storage as a volume within the container.\n\nOnce PVC is mounted by the pod, the application within the Pod’s container(s) now have access to the persistent storage.\n\nUpon reschedule of pod(s), it will be reconnected to the same PV and will have access to the data it was using before it died, even if this is on another node.\n\n\nLogin to `k8smaster` and Confirm `Helm` is installed\n\nHelm is an effective package manager for kubernetes\n\n```bash\nhelm version\n```\n\nIf not installed\n```bash\nsudo snap install helm --classic\n```\n\n\nConfirm persistent volume provisioner installed\n   \n```bash\nkubectl get all -n nfs-provisioner\nkubectl get sc -n nfs-provisioner\n```\nThis should show dynamic provisioner setup and ready.\n\nIf `PV provisioner` not installed, do it manually:\n\n```bash\nhelm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner\nhelm install -n nfs-provsioner --create-namespace nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner --set nfs.server=\u003cdb-1 ipv4 address\u003e --set nfs.path=/pv-share\n```\n\n\n**Setup PVC for Wordpress**\n   \nOur PV provisioner installed will dynamically provision PVs when PVCs are created.\n\nWe'll use kubens to switch between kubernetes namespaces.\n\n```bash\nsudo snap install kubectx --classic\nkubens --version\n```\n\nCreate wordpress namespace\n\nAssuming you've `kubectl` installed along with kubernetes cluster.\n\n```bash\nkubectl create namespace wordpress\nkubens wordpress\n```\n\nCreate PVC request on k8smaster\n\n```bash\nkubectl create -f wp-pvc.yaml\n```\n\n\n\n**Configure Wordpress Parameters**\n   \nMatch this parameters and replace the values, so we have an account to access Wordpress\n\n- *wordpressUsername*\n   \n- *wordpressPassword*\n   \n- *wordpressEmail*\n   \n- *wordpressFirstName*\n   \n- *wordpressLastName*\n   \n- *wordpressBlogName*\n\n- *wordpressScheme*\n\n\n```bash\nsed -i '/wordpressUsername: user/wordpressUsername: odennav/' values.yaml\nsed -i '/wordpressPassword: \"\"/wordpressPassword: odennav/' values.yaml\nsed -i '/wordpressEmail: user@example.com/wordpressEmail: contact@odennav.com/' values.yaml\nsed -i '/wordpressFirstName: FirstName/wordpressFirstName: odennav/' values.yaml\nsed -i '/wordpressLastName: LastName/wordpressLastName: odennav/' values.yaml\nsed -i '/wordpressBlogName: User's Blog!/wordpressBlogName: The Odennav Blog!/' values.yaml\nsed -i '/wordpressScheme: http/wordpressScheme: https/' values.yaml\n```\n\n\n**Configure Persistence and Database Parameters**\n\nEnable persistence using persistence volume claims and peristence volume access modes.\n\nMatch and replace values for persistence and database parameters below:\n\n- *persistence.storageClass*\n   \n- *persistence.existingClaim*\n   \n- *mariadb.primary.persistence.storageClass*\n   \n- *mariadb.auth.username*\n   \n- *mariadb.auth.password*\n\n```bash\nsed -i '/persistence:/,/volumePermissions:/ {/storageClass: \"\"/s/\"\"/nfs-client}' values.yaml\nsed -i '/persistence:/,/volumePermissions:/ {/existingClaim: \"\"/s/\"\"/pvc-wordpress}' values.yaml   \nsed -i '/mariadb:/,/externalDatabase:/ {/storageClass: \"\"/s/\"\"/nfs-client}' values.yaml\nsed -i '/mariadb:/,/externalDatabase:/ {/username: bn_wordpress/s/bn_wordpress/odennav_wordpress}' values.yaml\nsed -i '/mariadb:/,/externalDatabase:/ {/password: \"\"/s/\"\"/odennav}' values.yaml\n```\n\n**Configure PVC Access Modes**\n   \nTo access the `/admin` portal and enable WordPress scalability, a `ReadWriteMany` Persistent Volume Claim (PVC) is required.\n\n      \n- *persistence.accessModes*\n      \n- *persistence.accessMode*\n\n```bash\nsed -i 's/ReadWriteOnce/ReadWriteMany/g' values.yaml\n```\n\n**Configure Replica Count**\n\nNumber of Wordpress replicas to deploy\n   \n- *replicaCount*\n\n```bash\nsed -i '/replicaCount: 1/replicaCount: 3/' values.yaml\n```\n\n**Configure Auto Scaling**\n   \nEnable horizontal scalability of pod resources for Wordpress when traffic load is increased\n\n- *autoscaling.enabled*\n\n```bash\nsed -i '/autoscaling:/,/metrics:/ {/enabled: false/s/\"false\"/true}' values.yaml\n```\n\n**Configure htaccess**\n   \nFor performance and security reasons, configure Apache with AllowOverride None and prohibit overriding directives with htaccess files\n   \n\n- *allowOverrideNone*\n\n```bash\nsed -i '/allowOverrideNone: false/allowOverrideNone: true/' values.yaml\n```\n\n-----\n\n## Install Wordpress and MariaDB with Helm chart\n\n**Install Wordpress and MariaDB**\n\n   Use Helm charts to bootstrap wordpress and mariadb deployment on kubernetes cluster.\n\n```bash\nhelm repo update\n```\n\nInstall the chart with release-name,`my-wordpress`\n\n```bash\nhelm install -f values.yml my-wordpress oci://registry-1.docker.io/bitnamicharts/wordpress\n```\n\nAfter installation, instructions will be printed to stdout.\n\n\n**Add Wordpress Secrets**\n   \nWe'll add wordpress credentials as a kubernetes secret.\n\nFrom stdout above, Export the wordpress password to environment variable, `WORDPRESS_PASSWORD`\n\n```bash\nexport WORDPRESS_PASSWORD=$(kubectl get secret --namespace wordpress my-wordpress -o jsonpath=\"{.data.wordpress-password}\" | base64 -d)\n```\n\nThen create secret:\n\n```bash\nkubectl create secret generic db-user-pass \\\n   --from-literal=username=wordpress \\\n   --from-literal=password=$WORDPRESS_PASSWORD\n```\n\nDelete environment variable, to prevent non-admin users viewing it's value.\n\n```bash\nunset WORDPRESS_PASSWORD\n```\n\n-----\n\n## Connect to Wordpress and MariaDB\n\n**Confirm PVCs are bound**\n\nThis confirms the applications installed will have access to persistent storage\n\n```bash\nkubectl get pvc -n wordpress\n```\n\n\nCheck service created\n\n```bash\nkubectl get svc -n wordpress\n```\n\n\nHTTP access to Wordpress pods \n\nExport IPv4 address and port\n\n```bash\nexport NODE_PORT=$(kubectl get --namespace wordpress -o jsonpath=\"{.spec.ports[0].nodePort}\" services my-wordpress)\nexport NODE_IP=$(kubectl get nodes --namespace wordpress -o jsonpath=\"{.items[0].status.addresses[0].address}\")\necho \"WordPress URL: http://$NODE_IP:$NODE_PORT/\"\necho \"WordPress Admin URL: http://$NODE_IP:$NODE_PORT/admin\"\n```\n\nHTTP request to Wordpress site\n```bash\ncurl http://$NODE_IP:$NODE_PORT/\n```\n\n\nSet up a port forward from the Service to the host on the master node.\n\n```bash\nkubectl port-forward — namespace wordpress\n```\n\nSet up a port forward from the host machine to the development machine.\n\n```bash\nssh -L 54321:localhost:5432 k8snode-1@\u003ck8snode-1 ipv4-address\u003e -i /tmp/terraform-key.pem\n```\n\n----\n\n## Test Data Persistence\n\nCheck pods running\n   \nConfirm mariadb pods are in 'Ready' state\n\n```bash\nkubectl get pods -n wordpress\n```\n\nDelete pods\n\n```bash\nkubectl delete pod \u003cpod name\u003e -n wordpress\n```\n\nRestart port forwards\n```bash\nkubectl port-forward — namespace wordpress\nssh -L 54321:localhost:5432 k8snode-1@\u003ck8snode-1 ipv4-address\u003e -i ~/.ssh/id_rsa\n```\n\nUpon deletion of pod, another instance is automatically scheduled.\n\nYou'll still be able to access your database with data still intact.\n\n\n-----\n\n## Secure Traffic with Let's Encrypt Certificates\n\nThe Bitnami WordPress Helm chart includes native support for Ingress routes and certificate management via cert-manager. This simplifies TLS configuration by enabling the use of certificates from various providers, such as Let's Encrypt.\n\n### Install the Nginx Ingress Controller with Helm\n\nCreate namespace for ingress controller\nThen switch to ingress-nginx namespace\n\n```bash\nkubectl create namespace ingress-nginx\nkubens ingress-nginx\n```\n\nPull the chart sources:\n\n```bash\nhelm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 1.2.0\n```\n\nChange working directory to nginx-ingress:\n\n```bash\ncd nginx-ingress\n```\n\nUpgrade the CRDs:\n\n```bash\nkubectl apply -f crds/\n```\n\nInstall the chart with the release name, ingress-nginx\n\n```bash\nhelm install ingress-nginx .\n```\n\nNext, check if the Helm installation was successful by running command below:\n\n```bash\nhelm ls -n ingress-nginx\n```\n\n\n### Configure DNS for Nginx Ingress Controller\n\nConfigure `DNS` with a `domain` that you own and create the domain `A` record for the wordpress site.\n\nNext, you will add the required `A` record for the wordpress application.\n\nPlease note, you need to identify the load balancer `external IP` created by the `nginx` deployment:\n\n\n```bash\nkubectl get svc -n ingress-nginx\n```\n\n### Install Cert-Manager\n\nFirst, add the `jetstack` Helm repo, and list the available charts:\n\n```bash\nhelm repo add jetstack https://charts.jetstack.io\n\nhelm repo update jetstack\n```\n\nNext, install Cert-Manager using Helm:\n\n```bash\nhelm install cert-manager jetstack/cert-manager --version 1.8.0 \\\n  --namespace cert-manager \\\n  --create-namespace \\\n  --set installCRDs=true\n```\n\nFinally, check if Cert-Manager installation was successful by running below command:\n\n```bash\nhelm ls -n cert-manager\n```\n\nThe output looks similar to `STATUS` column should print `deployed`:\n\n```text\nNAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION\ncert-manager    cert-manager    1               2024-04-08 18:02:08.124264 +0300 EEST   deployed        cert-manager-v1.15.0     v1.15.0\n```\n\n\n### Configure Production Ready TLS Certificates for WordPress\n\nA cluster issuer is required first, in order to obtain the final TLS certificate. Open and inspect the `cluster-manifest/letsencrypt-issuer-values.yaml` file provided in this repository:\n\n```text\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n  name: letsencrypt-prod\n  namespace: wordpress\nspec:\n  acme:\n    # You must replace this email address with your own.\n    # Let's Encrypt will use this to contact you about expiring\n    # certificates, and issues related to your account.\n    email:  odennav@gmail.com\n    server: https://acme-v02.api.letsencrypt.org/directory\n    privateKeySecretRef:\n      # Secret resource used to store the account's private key.\n      name: prod-issuer-account-key\n    # Add a single challenge solver for Cloudflare\n    solvers:\n      - dns01:\n          cloudflare:\n            email: odennav@gmail.com\n            apiTokenSecretRef:\n              name: cloudflare-token-secret\n              key: cloudflare-token\n        selector:\n          dnsZones:\n            - \u003cYOUR DOMAIN\u003e  # odennav.com\n```\n\nApply via kubectl:\n\n```bash\ncd wordpress-mariadb-helm/\nkubectl apply -f cluster-manifest/letsencrypt-issuer-values.yaml\n```\n\nCreate a certificate for the `wordpress` namespace\n```bash\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n  name: local-odennav-com\n  namespace: wordpress\nspec:\n  secretName: local-odennav-com-tls\n  issuerRef:\n    name: prod-issuer-acount-key\n    kind: ClusterIssuer\n  commonName: \"*.odennav.com\"\n  dnsNames:\n  - \"\u003cYOUR DOMAIN\u003e\"      # odennav.com\n  - \"*.\u003cYOUR DOMAIN\u003e\"    # *.odennav.com\n```\n\nTo secure WordPress traffic, open the helm `values.yaml` file in the `cluster-manifest` directory and add the following:\n\n```text\n# Enable ingress record generation for WordPress\ningress:\n  enabled: true\n  certManager: true\n  tls:\n    secretName: local-odennav-com-tls\n  hostname: \u003cYOUR_WORDPRESS_DOMAIN_HERE\u003e\n  annotations:\n    kubernetes.io/ingress.class: \"nginx\"\n    cert-manager.io/cluster-issuer: \"letsencrypt-prod\"\n  extraTls:\n  - hosts:\n      - \u003cYOUR_WORDPRESS_DOMAIN_HERE\u003e\n```\n\nUpgrade via `helm`:\n\n```bash\nhelm upgrade my-wordpress bitnami/wordpress \\\n    --namespace wordpress \\\n    --version 22.0.0 \\\n    --timeout 10m0s \\\n    --values /wordpress-mariadb-helm/cluster-manifest/values.yaml\n```\n\nThis automatically creates a certificate through cert-manager. You can then verify that you've successfully obtained the certificate by running the following command:\n\n```bash\nkubectl get certificate -n wordpress\n```\n\nIf successful, the output's READY column reads True:\n\n```text\nNAME                    READY   SECRET                  AGE\nlocal-odennav-com-tls   True    local-odennav-com-tls   24h\n```\n\nNow, you can access WordPress using the domain configured earlier. You will be guided through the `installation` process.\n\n## Enable WordPress Monitoring Metrics\n\nIn this section, you will learn how to enable metrics for monitoring your WordPress instance.\n\nFirst, open the `wordpress-values.yaml` created earlier in this tutorial, and set `metrics.enabled` field to `true`.\n\n```bash\n# Prometheus Exporter / Metrics configuration\nmetrics:\n  enabled: true\n```\n\nApply changes using Helm:\n\n```bash\nhelm upgrade my-wordpress bitnami/wordpress \\\n    --create-namespace \\\n    --namespace wordpress \\\n    --version 22.0.0 \\\n    --timeout 10m0s \\\n    --values /wordpress-mariadb-helm/cluster-manifest/values.yaml\n```\n\nNext, port-forward the wordpress service to inspect the available metrics:\n\n```bash\nkubectl port-forward --namespace wordpress svc/wordpress-metrics 9150:9150\n```\n\nBrowse to `localhost:9150/metrics` to see all WordPress metrics.\n\nFinally, you need to configure Grafana and Prometheus to visualise metrics exposed by your new WordPress instance.\n\n\n### Configuring WordPress Plugins\n\nPlugins serve as the foundational components of your WordPress site, enabling crucial functionalities ranging from contact forms and SEO enhancements to site speed optimization, online store creation, and email opt-ins. Whatever your website requirements may be, plugins provide the necessary tools to fulfill them.\n\nHere is a curated list of recommended plugins:\n\n- [LiteSpeed Cache](https://wordpress.org/plugins/litespeed-cache/):  is a comprehensive site acceleration tool, offering an exclusive server-level cache and a suite of optimization features to enhance website performance.\n\n- [Contact Form by WPForms](https://wordpress.org/plugins/wpforms-lite/): enables you to design visually appealing contact forms, feedback forms, subscription forms, payment forms, and various other types of forms for your website.\n\n- [MonsterInsights](https://wordpress.org/plugins/google-analytics-for-wordpress/): is regarded as the premier Google Analytics solution for WordPress. It facilitates seamless integration between your website and Google Analytics, providing detailed insights into how visitors discover and interact with your site.\n\n- [Query Monitor](https://wordpress.org/plugins/query-monitor/): serves as a developer tools panel for WordPress. It allows for debugging of database queries, PHP errors, hooks, and actions.\n\n- [All in One SEO](https://wordpress.org/plugins/all-in-one-seo-pack/): aids in driving more traffic from search engines to your website. While WordPress is inherently SEO-friendly, this plugin empowers you to further enhance your website traffic by implementing SEO best practices.\n\n- [SeedProd](https://wordpress.org/plugins/coming-soon/): This plugin stands out as the premier drag-and-drop page builder for WordPress. It simplifies the process of customizing your website design and crafting unique page layouts effortlessly, eliminating the need for manual code writing.\n\n- [UpdraftPlus](https://wordpress.org/plugins/updraftplus/): Facilitates backups and restoration. Backup your files and database backups into the cloud and restore with a single click.\n\nFor more plugins, visit \u003chttps://wordpress.org/plugins/\u003e \n\n\n### Enhancing Wordpress Performance\n\nContent Delivery Network (CDN) is a straightforward method to accelerate a WordPress website. \n\nA CDN consists of servers strategically positioned to optimize the delivery of media files, thereby enhancing the loading speed of web pages. \n\nMany websites encounter latency issues when their visitors are located far from the server location. \n\nBy utilizing a CDN, content delivery can be expedited by relieving the web server of the task of serving static content such as images, CSS, JavaScript, and video streams. \n\nAdditionally, caching static content minimizes latency. Overall, CDN serves as a dependable and effective solution for optimizing websites and enhancing the global user experience.\n\n\n### Configuring Cloudflare\n\n[Cloudflare](https://www.cloudflare.com/en-gb/) is a renowned provider of content delivery network (CDN), DNS, DDoS protection, and security services. Leveraging Cloudflare can significantly accelerate and bolster the security of your WordPress site, making it an excellent solution for website optimization and protection.\n\nCloudflare account is required for this configuration. Visit the [Cloudflare website](https://www.cloudflare.com/en-gb/) and signup for a free account.\n\nBelow are the steps to configure Cloudflare for your WordPress site:\n\n1. Log in to the Cloudflare dashboard using your account credentials and click on the `+ Add Site` button.\n\n2. Enter your WordPress site's domain and click `Add Site`.\n\n3. Choose the `Free` plan and click `Get Started`.\n\n4. From `Review DNS records` and click `Add record`. Add an `A` record with your desired name and the `IPv4 address` of your cloud provider load balancer. Click `Continue`.\n\n5. Follow instructions to change your domain registrar's nameservers to Cloudflare's nameservers.\n\n6. After updating nameservers, click `Done, check nameservers`.\n\n7. Cloudflare may offer configuration recommendations; you can skip these for now by clicking `Skip recommendations`.\n\nAn email will confirm when your site is active on Cloudflare.\nUse the Analytics page in your Cloudflare account to monitor web traffic on your WordPress site.\n\n\n-----\n\n###  Remove Wordpress and MariaDB\n   If you're taking the option to remove both applications, implement the following:\n\n**Delete PVC**\n   \nThis removes and unbounds PVC from PV.\n\n```bash\nkubectl delete -f pg-pvc.yml \n```\n\n**Delete Namespaces**\n\n```bash\nkubectl delete ns wordpress\nkubectl delete ns ingress-nginx\n```\n\n**Destroy AWS resources**\n\nFrom your local machine:\n\n```bash\nterraform destroy\n```\n\n-----\n\n\nEnjoy!   \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fodennav%2Fwordpress-mariadb-helm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fodennav%2Fwordpress-mariadb-helm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fodennav%2Fwordpress-mariadb-helm/lists"}