wwwgmo stack
Description
Examples site with nginx, phpfpm, mysql, phpmyadmin, elasticsearch and kibana
Build environment
| folders | description |
|---|---|
| docker.sh | files to build the docker image |
| docker/mariadb | env file |
| docker/nginx | config file |
| docker/php-fpm | files to create docker image |
| src | site source |
Docker
Global environment variables
Copy file ALL .env.dist to .env
Complete or modify the values according to your needs
Build
Install plugin php for elasticsearch
./docker.sh install
Build image
./docker.sh build
or
./docker.sh build-no-cache
Start
./docker.sh start
Check
docker exec wwwgmo-mariadb mysql -uroot -p<MYSQL_ROOT_PASSWORD> mysql -e 'SELECT user,host FROM mysql.user;'
docker exec wwwgmo-elasticsearch curl -u elastic:<ELASTIC_PASSWORD> http://wwwgmo-elasticsearch:9200/_cluster/health?pretty
docker exec wwwgmo-php-fpm curl -s -u elastic:<ELASTIC_PASSWORD> http://wwwgmo-elasticsearch:9200/_cluster/health?pretty
Access
http://<server_name>:<NGINX_PORT>
kubernetes
| folders | description |
|---|---|
| deploy.sh | files to deploy on k8s or k3s (see ./deploy.s -h) |
| helm | Chart root folder |
| Chart.yaml | Charts file |
| values-configs.yml | configs file use for kubernetes manifest |
| values-secrets.yaml | secrets file for kubernetes manifet (Must be encrypted with sops in a production environment) |
| templates/elasticsearch | manifests for elasticsearch |
| templates/kibana | manifests for kibana |
| templates/mariadb | manifests for mariadb |
| templates/phpmyadmin | manifests for phpmyadmin |
| templates/php-fpm | manifest for php-fpm |
Secret registry (regcred)
You need credential to pull an image from private registry.
Create or modify the secret
kubectl create secret docker-registry secret-regcred --dry-run=client \
--docker-server=https://index.docker.io/v1/ \
--docker-username=<username> \
--docker-password=<secret> \
--docker-email=<adress@sample.com> -o yaml > helm/template/secret-regcred.yaml
Certificats
cat certs/gmolab.net.key | base64 -w0
copy the base64 result into file values-secrets.yaml in ssl_key key
cat certs/gmolab.net.crt | base64 -w0
copy the base64 result into file values-config.yaml in ssl_crt key
Docker image version
In the helm/Chart.yaml file, the appVersion value must match the version of the docker image (see DOCKER_IMAGE_VERSION in the .env file and SITE_VERSION in the docker/php-fpm/.env file)
Deployment by script
This is the recommended way
This script builds the docker image based on the Kubernetes VM architecture (AMD64 or ARM64). At each deployment the minor version of the image is incremented by 1.
./deploy.md -n wwwgmo -k k3s
Manual deployment
Set kubesystem config
rm -f $HOME/.kube/config
for k3s
ln -s $HOME/.kube/k3s $HOST/.kube/config
for k8s
ln -s $HOST/.kube/k8s $HOST/.kube/config
Set namespace and kube system
export NS=wwwgmo
export KUBE_SYS=k3s|k8s
Test template
helm template $NS --set kube=$KUBE_SYS ./helm --values=./helm/values-configs.yaml --values=./helm/values-secrets.yaml --namespace $NS
Chart deployment
helm upgrade $NS --set kube=$KUBE_SYS ./helm --install --atomic --cleanup-on-fail --values=./helm/values-configs.yaml --values=./helm/values-secrets.yaml --namespace $NS --create-namespace
Remove
helm uninstall $NS -n $NS
kubectl delete namespaces $NS
NOTES
Cronjob
When we deploy manually (I do not why) you must trig manually the cronjob to make a DB backup to termine correctly the helm command
kubectl create job -n $NS --from=cronjob/cronjob-mariadb-backupdb dbbackup-$(date +%Y-%m-%d-%H-%M-%S)
Database
Not necessary because created during deployment. We leave the procedure below for information
First export NS environment variable
export NS=<your_namespace>
You can use createDBOnKube.sh or create manually with below commands
Create user
kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p<rootPass> -e \"CREATE USER 'gmo_db'@'%' IDENTIFIED BY '<dbPass>';\""
Check user
kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p<rootPass> -e 'SELECT user,host FROM mysql.user;'"
Create database
kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p<rootPass> -e \"CREATE DATABASE gmo_db;\""
Check database
kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p<rootPass> -e 'SHOW DATABASES;'"
Grants access
kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p<rootpass> -e \"GRANT ALL PRIVILEGES ON gmo_db.* TO 'gmo_db'@'%';FLUSH PRIVILEGES;\""
Check grants
kubectl -n $NS exec statefulset-mariadb-0 --container mariadb -- /bin/bash -c "/usr/bin/mysql -u root -p<rootPass> -e \"SHOW GRANTS FOR 'gmo_db'@'%';\""
Troubeshooting
How to Fix "Pods stuck in Terminating status" Error
kubectl get pods --all-namespaces | grep Terminating | while read line; do
pod_name=$(echo $line | awk '{print $2}' ) \
name_space=$(echo $line | awk '{print $1}' ); \
kubectl delete pods $pod_name -n $name_space --grace-period=0 --force
done
Sources
Elasticsearch-PHP
Pull an Image from a Private Registry
MariaDB Statefulset
PHP-FPM, nginx, kubernetes and docker
Changelog
3.25 (2024-04-14)
New features:
- added elasticsearch and kibana
- added option
installto scriptdocker.shto install php elasticserch module - created
deploy.shscript
Fixed bugs:
- problem with display environment var in php site
Updated:
- added new features in README.md
- added Changelog part in README.md
2.5 (2024-03-29)
Fixed bugs:
- fixed somes bugs
New features:
- posibility to deploy on k3s or k8s
Updated:
- updated README.md
1.0 (2024-03-01)
- Created from scratch