Part 8 – Hosting this blog on my own server – Finally getting WordPress to run

Tweak the cert-manager ingress

In part #6 we had rendered the manifest using helm, fixed the storage class and the service. In the previous post, we looked at what we need to do to get TLS ingress and a certificate for our site.

Do delete the ingress part from manifest.yaml, starting at one line before kind: Ingress delete all lines associated with ingress.  Create a new file, called ingress-https-letsencrypt.yaml, and paste this content.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wordpress-2
  namespace: "wordpress"
  labels:
    app.kubernetes.io/name: wordpress
    helm.sh/chart: wordpress-15.2.17
    app.kubernetes.io/instance: wordpress
    app.kubernetes.io/managed-by: Helm
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: "traefik"
  rules:
    - host: "blog.mydomain.tld"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: wordpress
                port:
                  number: 5681
  tls:
    - hosts:
        - "blog.mydomain.tld"
      secretName: blog-tls

Change the blog.mydomain.tld hostname to your host.

Next, you need to make sure that the DNS resolution works and is pointing to your external WAN IP address.  Port forwarding rules must of course also be in place, as discussed earlier.

Next, let us create another file, ingress-https.yaml, with the following content, replacing blog.mydomain.tld with your actual domain.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
  name: wordpress
  namespace: "wordpress"
  labels:
    app.kubernetes.io/name: wordpress
    helm.sh/chart: wordpress-15.2.17
    app.kubernetes.io/instance: wordpress
    app.kubernetes.io/managed-by: Helm
spec:
  tls:
  - hosts:
    - "blog.mydomain.tld"
    secretName: blog-tls
  rules:
    - host: "blog.mydomain.tld"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: wordpress
                port:
                  number: 5681
Start the deployment and service

Next, start the wordpress, mariadb. Go to a terminal, change to the folder where your edited rendered manifest is and.

kubectl apply -f manifest.yaml

It will take a few minutes for both database and wordpress pods to come up.  Check with kubectl get pod -n wordpress

Next, create the service

 

kubectl apply -f service.yaml

That one should be quick.

Apply cert-manager ingress to get a TLS certificate

We are now going to get the certificate.

kubectl apply -f ingress-https-letsencrypt.yaml

Wait a minute or so, until you get

$ kubectl get secret                                                                                      (k3d-k3d-cluster/wordpress)
NAME                TYPE                DATA   AGE
wordpress-mariadb   Opaque              2      9d
wordpress           Opaque              1      9d
blog-tls            kubernetes.io/tls   2      9d
redirect-tls        kubernetes.io/tls   2      8d

The blog-tls secret name should be named just like shown, without hex suffix.  When the secret is ready, the fake ingress is no longer needed

kubectl delete -f ingress-https-letsencrypt.yaml
Create the https ingress
kubectl apply -f ingress-https.yaml

This will create the ingress that is actually used.

Login to your wordpress site

Now you can login to your new site with your favorite browser, at https://blog.mydomain.tld/admin.  Use the username and password that was in the shell script to run helm.  This should get you to the admin interface of wordpress.

Final thoughts

This brings this series to a close, I hope this was helpful.  Why would you do all of this work?  Running WordPress with Kubernetes has some advantages — Kubernetes will restart WordPress if it crashes. Rolling your own is a good way to learn how these systems work and how they are configured, and what configuration options exist.

Leave a Reply