Skip to content

gradx/aks-wordpress-reverse-proxy-ssl-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
Kubernetes
Kubernetes
 
 
docs
docs
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Azure Kubernetes Service + WordPress/Nginx Reverse Proxy + LetsEncrypt SSL Demo

GitHub License

Seven Simple Steps -- the "SSS" S-stack

  • Install Kubernetes
  • Login into AKS cluster
  • Install Cert Manager
  • Install Ingress Nginx Controller
  • Update DNS Provider with A record resolving to the ingress-nginx controller
  • Create Lets Encrypt SSL Cluster Issuer
  • Deploy WordPress/Nginx + MariaDB

Install Kubernetes

az aks create \
    --resource-group <ResourceGroup> \
    --subscription <SubscriptionName> \
    --name yokubix \
    --location eastus2 \
    --node-vm-size Standard_D2s_v3 \
    --node-count 1 \
    --max-pods 50 \
    --generate-ssh-keys \
    --enable-workload-identity \
    --enable-oidc-issuer \
    --enable-aad \
    --aad-admin-group-object-ids <Entra_Group_Id>

Login into AKS Cluster

az aks get-credentials --resource-group networkwatcherrg --name yokubix
export KUBECONFIG=~/kube.config
kubelogin convert-kubeconfig -l azurecli

Install Cert Manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml

Install Ingress Nginx Controller

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cl
oud/deploy.yaml

Update DNS Provider with A record resolving to the ingress-nginx controller

kubectl get svc -n ingress-nginx

  • Find the external IP address of the ingress-nginx-controller

    image

  • Add an A record in your DNS

image

Create Let's Encrypt Cluster Issuer

kubectl apply -f cluster-prod.yaml and kubectl apply -f cluster-staging.yaml

Deploy WordPress/Nginx + MariaDB

kubectl apply -f mariadb-volume.yaml
kubectl apply -f mariadb-claim.yaml
kubectl apply -f mariadb-service.yaml
kubectl apply -f mariadb-deployment.yaml

kubectl apply -f wordpress-volume.yaml
kubectl apply -f wordpress-claim.yaml
kubectl apply -f wordpress-ingress.yaml
kubectl apply -f wordpress-service.yaml
kubectl apply -f wordpress-deployment.yaml
  • IMPORTANT Update settings, especially in mariadb-deployment and wordpress-deployment.yaml

Demo Complete

Here

Lessons Learned

  • --aad-admin-group-object-ids is required for Entra ID access
  • Bitnami supports these settings to resolve infinite loop redirect issues with HTTP_X_FORWARDED_PROTO
        - name: WORDPRESS_ENABLE_REVERSE_PROXY
          value: "yes"
        - name: WORDPRESS_ENABLE_HTTPS
          value: "yes"
  • SecurityContext resolves permissions issues writing wp-config.php to the volumeMount /bitnami/wordpress
    spec:
      securityContext:
        runAsUser: 1
        fsGroup: 0
  • Annotations can vary to fix Nginx client_max_body_size based on your ingress nginx controller
    nginx.ingress.kubernetes.io/proxy-body-size: 80m
  • Use of a static IP for the ingress nginx controller is a best practice
  • A DaemonSet ingress configuration is sometimes recommended

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages