# wwwgmo stack ## Description Examples site with nginx, phpfpm, mysql, phpmyadmin, elasticsearch and kibana ## Build environment |**folders**|**description**| |:---|:---| |docker.sh|files to build the docker image| |docker/mariadb|env file| |docker/nginx|config file| |docker/php-fpm|files to create docker image| |src|site source| ## Docker ### Global environment variables Copy file ALL `.env.dist` to `.env` Complete or modify the values according to your needs ### Build #### Install plugin php for elasticsearch ./docker.sh install #### Build image ./docker.sh build or ./docker.sh build-no-cache ### Start ./docker.sh start #### Check docker exec wwwgmo-mariadb mysql -uroot -p mysql -e 'SELECT user,host FROM mysql.user;' docker exec wwwgmo-elasticsearch curl -u elastic: http://wwwgmo-elasticsearch:9200/_cluster/health?pretty docker exec wwwgmo-php-fpm curl -s -u elastic: http://wwwgmo-elasticsearch:9200/_cluster/health?pretty #### Access http://: ## kubernetes |**folders**|**description**| |:---|:---| |deploy.sh|files to deploy on k8s or k3s (see ./deploy.s -h)| |helm|Chart root folder| |Chart.yaml|Charts file| |values-configs.yml|configs file use for kubernetes manifest| |values-secrets.yaml|secrets file for kubernetes manifet (Must be encrypted with sops in a production environment)| |templates/elasticsearch|manifests for elasticsearch| |templates/kibana|manifests for kibana| |templates/mariadb|manifests for mariadb| |templates/phpmyadmin|manifests for phpmyadmin| |templates/php-fpm|manifest for php-fpm| ### Secret registry (regcred) You need credential to pull an image from private registry. Create or modify the secret ``` kubectl create secret docker-registry secret-regcred --dry-run \ --docker-server=https://index.docker.io/v1/ \ --docker-username= \ --docker-password= \ --docker-email= -o yaml > helm/template/site/secret-regcred.yaml ``` ### Certificats cat certs/gmolab.net.key | base64 -w0 copy the base64 result into file `values-secrets-kXs.yaml` in ssl_key key cat certs/gmolab.net.crt | base64 -w0 copy the base64 result into file `values-config-kXs.yaml` in ssl_crt key ### Docker image version In the `helm/Chart.yaml` file, the `appVersion` value must match the version of the docker image (see DOCKER_IMAGE_VERSION in the `.env` file and SITE_VERSION in the `docker/php-fpm/.env` file) ## Deployment by script This is the recommended way >This script builds the docker image based on the Kubernetes VM architecture (AMD64 or ARM64). At each deployment the minor version of the image is incremented by 1. ./deploy.md -n wwwgmo -k k3s ## Manual deployment ### Set kubesystem config rm -f $HOST/.kube/config for **k3s** ln -s $HOST/.kube/k3s $HOST/.kube/config for **k8s** ln -s $HOST/.kube/k8s $HOST/.kube/config ### Set namespace and kube system export NS=wwwgmo export KUBE_SYS=k3s|k8s ### Test template helm template $NS --set kube=$KUBE_SYS ./helm --values=./helm/values-configs.yaml --values=./helm/values-secrets.yaml --namespace $NS ### Chart deployment helm upgrade $NS --set kube=$KUBE_SYS ./helm --install --atomic --cleanup-on-fail --values=./helm/values-configs.yaml --values=./helm/values-secrets.yaml --namespace $NS --create-namespace ## Remove helm uninstall $NS -n $NS kubectl delete namespaces $NS ## NOTES ### Cronjob When we deploy manually (I do not why) you must trig manually the cronjob to make a DB backup to termine correctly the helm command kubectl create job -n $NS --from=cronjob/cronjob-mariadb-backupdb dbbackup-$(date +%Y-%m-%d-%H-%M-%S) ## Database Not necessary because created during deployment. We leave the procedure below for information First export NS environment variable export NS= You can use `createDBOnKube.sh` or create manually with below commands #### Create user ```bash kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p -e \"CREATE USER 'gmo_db'@'%' IDENTIFIED BY '';\"" ``` #### Check user ```bash kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p -e 'SELECT user,host FROM mysql.user;'" ``` #### Create database ```bash kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p -e \"CREATE DATABASE gmo_db;\"" ``` #### Check database ```bash kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p -e 'SHOW DATABASES;'" ``` #### Grants access ```bash kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p -e \"GRANT ALL PRIVILEGES ON gmo_db.* TO 'gmo_db'@'%';FLUSH PRIVILEGES;\"" ``` #### Check grants ```bash kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p -e \"SHOW GRANTS FOR 'gmo_db'@'%';\"" ``` ## Troubeshooting ### How to Fix "Pods stuck in Terminating status" Error ```bash kubectl get pods --all-namespaces | grep Terminating | while read line; do pod_name=$(echo $line | awk '{print $2}' ) \ name_space=$(echo $line | awk '{print $1}' ); \ kubectl delete pods $pod_name -n $name_space --grace-period=0 --force done ``` ## Sources [Elasticsearch-PHP](https://www.elastic.co/guide/en/elasticsearch/client/php-api/current/index.html) [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) [MariaDB Statefulset](https://mariadb.org/create-statefulset-mariadb-application-in-k8s/) [PHP-FPM, nginx, kubernetes and docker](https://matthewpalmer.net/kubernetes-app-developer/articles/php-fpm-nginx-kubernetes.html) ## Changelog ### 3.25 (2024-04-14) **New features:** * added elasticsearch and kibana * added option `install` to script `docker.sh` to install php elasticserch module * created `deploy.sh` script **Fixed bugs:** * problem with display environment var in php site **Updated:** * added new features in README.md * added Changelog part in README.md --- ### 2.5 (2024-03-29) **Fixed bugs:** * fixed somes bugs **New features:** * posibility to deploy on k3s or k8s **Updated:** * updated README.md --- ### 1.0 (2024-03-01) * Created from scratch