github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/g3doc/user_guide/tutorials/kubernetes.md (about) 1 # WordPress with Kubernetes 2 3 This page shows you how to deploy a sample [WordPress][wordpress] site using 4 [GKE Sandbox][gke-sandbox]. 5 6 ### Before you begin 7 8 Take the following steps to enable the Kubernetes Engine API: 9 10 1. Visit the [Kubernetes Engine page][project-selector] in the Google Cloud 11 Platform Console. 12 1. Create or select a project. 13 14 ### Creating a node pool with gVisor enabled 15 16 Create a node pool inside your cluster with option `--sandbox type=gvisor` added 17 to the command, like below: 18 19 ```bash 20 gcloud beta container node-pools create sandbox-pool --cluster=${CLUSTER_NAME} --image-type=cos_containerd --sandbox type=gvisor 21 ``` 22 23 If you prefer to use the console, select your cluster and select the **ADD NODE 24 POOL** button: 25 26  27 28 Then select the **Image type** with **Containerd** and select **Enable sandbox 29 with gVisor** option. Select other options as you like: 30 31  32 33 ### Check that gVisor is enabled 34 35 The gvisor RuntimeClass is instantiated during node creation. You can check for 36 the existence of the gvisor RuntimeClass using the following command: 37 38 ```bash 39 kubectl get runtimeclasses 40 ``` 41 42 ### Wordpress deployment 43 44 Now, let's deploy a WordPress site using GKE Sandbox. WordPress site requires 45 two pods: web server in the frontend, MySQL database in the backend. Both 46 applications use PersistentVolumes to store the site data data. In addition, 47 they use secret store to share MySQL password between them. 48 49 First, let's download the deployment configuration files to add the runtime 50 class annotation to them: 51 52 ```bash 53 curl -LO https://k8s.io/examples/application/wordpress/wordpress-deployment.yaml 54 curl -LO https://k8s.io/examples/application/wordpress/mysql-deployment.yaml 55 ``` 56 57 Add a **spec.template.spec.runtimeClassName** set to **gvisor** to both files, 58 as shown below: 59 60 **wordpress-deployment.yaml:** 61 62 ```yaml 63 apiVersion: v1 64 kind: Service 65 metadata: 66 name: wordpress 67 labels: 68 app: wordpress 69 spec: 70 ports: 71 - port: 80 72 selector: 73 app: wordpress 74 tier: frontend 75 type: LoadBalancer 76 --- 77 apiVersion: v1 78 kind: PersistentVolumeClaim 79 metadata: 80 name: wp-pv-claim 81 labels: 82 app: wordpress 83 spec: 84 accessModes: 85 - ReadWriteOnce 86 resources: 87 requests: 88 storage: 20Gi 89 --- 90 apiVersion: apps/v1 91 kind: Deployment 92 metadata: 93 name: wordpress 94 labels: 95 app: wordpress 96 spec: 97 selector: 98 matchLabels: 99 app: wordpress 100 tier: frontend 101 strategy: 102 type: Recreate 103 template: 104 metadata: 105 labels: 106 app: wordpress 107 tier: frontend 108 spec: 109 runtimeClassName: gvisor # ADD THIS LINE 110 containers: 111 - image: wordpress:4.8-apache 112 name: wordpress 113 env: 114 - name: WORDPRESS_DB_HOST 115 value: wordpress-mysql 116 - name: WORDPRESS_DB_PASSWORD 117 valueFrom: 118 secretKeyRef: 119 name: mysql-pass 120 key: password 121 ports: 122 - containerPort: 80 123 name: wordpress 124 volumeMounts: 125 - name: wordpress-persistent-storage 126 mountPath: /var/www/html 127 volumes: 128 - name: wordpress-persistent-storage 129 persistentVolumeClaim: 130 claimName: wp-pv-claim 131 ``` 132 133 **mysql-deployment.yaml:** 134 135 ```yaml 136 apiVersion: v1 137 kind: Service 138 metadata: 139 name: wordpress-mysql 140 labels: 141 app: wordpress 142 spec: 143 ports: 144 - port: 3306 145 selector: 146 app: wordpress 147 tier: mysql 148 clusterIP: None 149 --- 150 apiVersion: v1 151 kind: PersistentVolumeClaim 152 metadata: 153 name: mysql-pv-claim 154 labels: 155 app: wordpress 156 spec: 157 accessModes: 158 - ReadWriteOnce 159 resources: 160 requests: 161 storage: 20Gi 162 --- 163 apiVersion: apps/v1 164 kind: Deployment 165 metadata: 166 name: wordpress-mysql 167 labels: 168 app: wordpress 169 spec: 170 selector: 171 matchLabels: 172 app: wordpress 173 tier: mysql 174 strategy: 175 type: Recreate 176 template: 177 metadata: 178 labels: 179 app: wordpress 180 tier: mysql 181 spec: 182 runtimeClassName: gvisor # ADD THIS LINE 183 containers: 184 - image: mysql:5.6 185 name: mysql 186 env: 187 - name: MYSQL_ROOT_PASSWORD 188 valueFrom: 189 secretKeyRef: 190 name: mysql-pass 191 key: password 192 ports: 193 - containerPort: 3306 194 name: mysql 195 volumeMounts: 196 - name: mysql-persistent-storage 197 mountPath: /var/lib/mysql 198 volumes: 199 - name: mysql-persistent-storage 200 persistentVolumeClaim: 201 claimName: mysql-pv-claim 202 ``` 203 204 Note that apart from `runtimeClassName: gvisor`, nothing else about the 205 Deployment has is changed. 206 207 You are now ready to deploy the entire application. Just create a secret to 208 store MySQL's password and *apply* both deployments: 209 210 ```bash 211 kubectl create secret generic mysql-pass --from-literal=password=${YOUR_SECRET_PASSWORD_HERE?} 212 kubectl apply -f mysql-deployment.yaml 213 kubectl apply -f wordpress-deployment.yaml 214 ``` 215 216 Wait for the deployments to be ready and an external IP to be assigned to the 217 Wordpress service: 218 219 ```bash 220 watch kubectl get service wordpress 221 ``` 222 223 Now, copy the service `EXTERNAL-IP` from above to your favorite browser to view 224 and configure your new WordPress site. 225 226 Congratulations! You have just deployed a WordPress site using GKE Sandbox. 227 228 ### What's next 229 230 To learn more about GKE Sandbox and how to run your deployment securely, take a 231 look at the [documentation][gke-sandbox-docs]. 232 233 [gke-sandbox-docs]: https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods 234 [gke-sandbox]: https://cloud.google.com/kubernetes-engine/sandbox/ 235 [project-selector]: https://console.cloud.google.com/projectselector/kubernetes 236 [wordpress]: https://wordpress.com/