A simple demo to build a Wordpress app on the Akamai Connected Cloud, configuring a Fully Qualified Domain (FQDN) using a custom Dynamic DNS (DDNS) service.
Note When cloning this repo you must either add the --recurse-submodules
flag e.g.:
git clone --recurse-submodules https://github.com/johnybradshaw/acc-demo.git
or from within the directory after a standard clone:
git submodule update --init
This repo helps you build Wordpress on Akamai Connected Cloud, it does this by creating:
Akamai Connected Cloud Infrastructure:
- Kubernetes Cluster (LKE)
- Load Balancer (Nodebalancer)
- Firewall
On LKE it will deploy:
- NGINX Ingress Controller
- Metrics-Server
- Cert-Manager
Which will then let it deploy:
- MariaDB Database in a Highly Available (HA) configuration
- Wordpress
- TLS Certificate
And this will be secured by a TLS Certificate for the site provided by Let's Encrypt.
This design is modular, and depends on the upstream modules:
lke
-
- Deploys the Linode Kubernetes Cluster
lke-networking
-
- Deploys the Firewall to protect the Cluster
lke-helm
-
- Deploys the following Helm charts:
-
-
-
- Enables Horizontal Pod Autoscaling
-
-
-
-
-
- Enables automatic TLS Certificate creation
-
-
-
-
-
- Enables and manages Kubernetes Ingress via a reverse proxy and loadbalancer
-
-
-
-
-
- Deploys the application and database
-
-
It is dependant on a Dynamic DNS service to provide a Fully Qualified Domain Name (FQDN) based on the username of the person running this Terraform.
The DDNS service requires a secret_key
, acting as a 'pre-shared key' to hash and sign the request.
This module deploys NGINX-Ingress, Metrics Server, Cert-Manager, and Wordpress on a Linode Kubernetes (LKE) Cluster on the Akamai Connected Cloud using Terraform and Helm Charts.
The readme.md has the following sections:
- Requirements - Min requirements for the module to run
- Providers - Providers required by the module
- Inputs- Inputs to the module
- Outputs - Outputs from the module
- Usage - How to use the module
The following requirements are needed by this module:
The following providers are used by this module:
- linode.default (2.10.0)
The following Modules are called:
Source: ./modules/lke
Version:
Source: ./modules/lke-helm
Version:
Source: ./modules/lke-networking
Version:
The following input variables are required:
Description: DNS Configuration
Type:
object({
# domain = string // Domain name for the application
# soa_email = string // SOA email address for the domain
ddns = string // DDNS hostname
ddns_secure = bool // Use HTTPS for DDNS service
})
Description: Configuration for Linode services.
Type:
object({
email = string // Linode account email address
api_token = string // Linode API token
region = string // Linode region to deploy to
secret_key = string // Secret key for DDNS
tags = list(string) // Tags to apply to all resources
})
Description: LKE Cluster Configuration
Type:
object({
name = string // Name of the LKE cluster
region = string // Linode region for the LKE cluster
k8s_version = string // Kubernetes version for the LKE cluster
high_availability = bool // Enable or disable high availability
tags = list(string) // Tags for the LKE cluster
node_pools = list(object({ // List of node pools for the LKE cluster
type = string // Type of nodes in the pool
count = number // Number of nodes in the pool
autoscaler = optional(object({
min_nodes = number
max_nodes = number
}))
}))
})
Description: Subdomain for the Wordpress site
Type: string
The following input variables are optional (have default values):
Description: Use production certificates (true) or staging certificates (false)
Type: bool
Default: false
The following outputs are exported:
Description: The API endpoint for the deployed LKE cluster.
Description: The Kubeconfig file for the deployed LKE cluster.
Description: The link to the LKE cluster in the Linode Cloud Manager.
Description: The link to the firewall created for the LKE cluster.
Description: Wordpress Admin URL
Description: Wordpress Password
Description: Wordpress URL
Description: Wordpress Username
Sample usage of this module is as shown below. For detailed info, look at inputs and outputs.
Create a terraform.tfvars
file and update with:
linode_config = {
email = "" // Linode account email address
api_token = "" // Linode API token
region = "" // // Linode region to deploy to
secret_key = "" // Secret key for DDNS
tags = ["cloud-day", "wordpress"]
}
dns = { // DNS settings
ddns = "" // DDNS domain name for the application
ddns_secure = true // DDNS secure domain name for the application
}
lke_cluster = {
name = "lke-tf-par" // Name of your LKE cluster
region = "fr-par" // Region where your LKE cluster will be deployed
k8s_version = "1.28" // Kubernetes version for your LKE cluster
tags = ["dev"]
high_availability = true // Enable high availability for your LKE cluster
node_pools = [ // Node pools configuration
{
type = "g7-highmem-1" // Type of nodes in the first pool
count = 3 // Number of nodes in the first pool
autoscaler = { // Enable autoscaling for the first pool
min_nodes = 3 // Minimum number of nodes in the first pool
max_nodes = 5 // Maximum number of nodes in the first pool
}
},
# {
# type = "g6-standard-2" // Type of nodes in the second pool
# count = 3 // Number of nodes in the second pool
# autoscaler = { // Disable autoscaling for the first pool
# min_nodes = 3 // Minimum number of nodes in the first pool
# max_nodes = 7 // Maximum number of nodes in the first pool
# }
# }
]
}
production = true // Enable production mode for your application
subdomain = "mydomain" // Subdomain to configure for DDNS
Verify your settings using the following command:
terraform init
terraform plan
Apply the changes
terraform apply
You will see a list of outputs similar to:
Apply complete! Resources: 13 added, 0 changed, 0 destroyed.
Outputs:
cluster_endpoint = "https://51cb2a61-74a7-4ab5-bc48-6f97991b9e88.fr-par-1.linodelke.net:443"
cluster_kubeconfig = <sensitive>
cluster_link = "https://cloud.linode.com/kubernetes/clusters/123456/summary"
lke_firewall_url = "https://cloud.linode.com/firewalls/123456"
wordpressAdmin = "https://username.ddns.domain.name/wp-login.php"
wordpressPassword = <sensitive>
wordpressURL = "https://subdomain.ddns.domain.name"
wordpressUsername = "username"
The build will take sometime to complete, once Terraform reports the build as complete you will need to wait up to 5 minutes for the certificate to be generated and applied.
For security reasons the password to your Wordpress account is not shown automatically, to view it you can run the following command:
terraform output wordpressPassword
And then login to Wordpress using the wordpressAdmin
URL and wordpressUsername
shown in the output.
To clean up simply run:
terraform destroy
And confirm to remove all created resources.