wordpress #1

Supports: kubernetes

Deploy this charm on Kubernetes with the CLI. Find out how by reading the docs.


Wordpress, uses official Docker Wordpress image by default

Wordpress k8s charm

A Juju charm for a Kubernetes deployment of Wordpress, using the official Dockerhub Wordpress image or an image built from this base.


This is a k8s charm and can only be deployed to to a Juju k8s cloud, attached to a controller using juju add-k8s.

The image to spin up is specified in the image charm configuration option using standard docker notation (eg. 'localhost:32000/mywork-rev42'). The default image is Dockerhub's wordpresscharmers/wordpress:bionic-stable image, but you can also use private images by specifying image_user and image_pass charm configuration.

Configuration for the Wordpress image is in standard Juju config. In particular:

  • db_host, db_user & db_password. This charm may in future be relatable to a MySQL deployment, when the MySQL charm is updated to support cross model relations.
  • ports. Custom images may require additional ports to be opened, such as those providing monitoring or metrics endpoints.

Additional runtime configuration is specified as YAML snippets in the charm config. Both container_config and container_secrets items are provided, and they are combined together. container_config gets logged, container_secrets does not. This allows you to configure customized Wordpress images.


To deploy in a test environment, first of all deploy MySQL into a IaaS model:

juju deploy cs:mysql

Initialise the database as follows:

CREATE DATABASE wordpress CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'wordpress'@'%' IDENTIFIED BY 'wordpress';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'%';

Deploy the charm into your Kubernetes Juju model:

juju deploy cs:~wordpress-charmers/wordpress

The Wordpress k8s charm requires TLS secrets to be pre-configured to ensure logins are kept secure. Create a self-signed certificate and upload it as a Kubernetes secret (assuming you're using MicroK8s):

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt
microk8s.kubectl create secret tls -n wordpress tls-wordpress --cert=server.crt --key=server.key

Tell the charm where the database is and provide some initial setup:

juju config wordpress db_host=$DB_HOST db_user=wordpress db_password=wordpress tls_secret_name=tls-wordpress \
        initial_settings="user_name: admin
        admin_email: devnull@example.com
        weblog_title: Test Blog
        blog_public: False"

From there you can test the site by updating your /etc/hosts file and creating a static entry for the IP address of the Kubernetes ingress gateway:

App        Version                  Status   Scale  Charm      Store  Rev  OS          Address         Message
wordpress  wordpress:bionic-stable  waiting      1  wordpress  local    0  kubernetes

echo ' myblog.example.com' | sudo tee -a /etc/hosts

It will take about 5 to 10 minutes for Juju hooks to discover the site is live and perform the initial setup for you. Look for this line in the output of juju debug-log to confirm:

unit.wordpress/0.juju-log Wordpress configured and initialised

This is due to issue #166 and will be fixed once Juju supports a Kubernetes pod ready hook.

To retrieve the random admin password, run the following (until LP#1907063 is addressed):

microk8s.kubectl exec -ti -n wordpress wordpress-operator-0 -- cat /root/initial.passwd

You should now be able to browse to https://myblog.example.com/wp-admin.


Notes for deploying a test setup locally using microk8s:

sudo snap install juju --classic
sudo snap install juju-wait --classic
sudo snap install microk8s --classic
sudo snap alias microk8s.kubectl kubectl

microk8s.reset  # Warning! Clean slate!
microk8s.enable dns dashboard registry storage
microk8s.status --wait-ready
microk8s.config | juju add-k8s myk8s
juju bootstrap myk8s
juju add-model wordpress-test
juju create-storage-pool operator-storage kubernetes storage-class=microk8s-hostpath
juju deploy cs:~wordpress-charmers/wordpress-k8s --channel=edge wordpress
# TLS certificates are required for the ingress to function properly, self-signed is okay
# for testing but make sure you use valid ones in production.
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt
kubectl create secret tls tls-wordpress --cert=server.crt --key=server.key
juju config wordpress db_host= db_user=wp db_password=secret tls_secret_name=tls-wordpress \
    initial_settings="user_name: admin
    admin_email: devnull@canonical.com
    weblog_title: Test Blog
    blog_public: False"
juju wait
juju status # Shows IP address, and port is 80


(string) Blog hostname
(string) YAML formatted map of container config keys & values. These are generally accessed from inside the image as environment variables. Use to configure customized Wordpress images. This configuration gets logged; use container_secrets for secrets.
(string) YAML formatted map of secrets. Works just like container_config, except that values should not be logged.
(string) MySQL database host
(string) MySQL database name
(string) MySQL database user's password
(string) MySQL database user
(string) The docker image to install. Required. Defaults to Dockerhub wordpresscharmers/wordpress:bionic-stable
(string) Password to use for the configured image registry, if required
(string) Username to use for the configured image registry, if required
(string) Optional, YAML formatted, Wordpress configuration. It is used only during initial deployment. Changing it at later stage has no effect. If set to non empty string required keys are: user_name: admin_username admin_email: name@example.com Optionally you can also provide weblog_title: Blog title # empty by default admin_password: <secret> # autogenerated if not set blog_public: False # by default blogs are public If admin_password is not provided it will be automatically generated and stored on the operator pod in the /root directory
(string) Ports to expose, space separated list in name:8000 format. Names are alphanumeric + hyphen. e.g. "http:80 metrics:7127"
(string) The Kubernetes TLS secret resource name.
(string) Akismet key. If empty, akismet will not be automatically enabled
(string) Launchpad teams and corresponding access levels, for use with the openid plugins. Valid Wordpress access levels are: administrator, editor, author, contributor, subscriber If empty, OpenID will not be enabled. Format is key=value pairs (where key is the Launchpad team, and value is the Wordpress role) - commas separate multiple pairs. Example format: "site-sysadmins=administrator,site-editors=editor,site-executives=editor"
(string) YAML dictionary with keys named after wordpress settings and the desired values. Please note that the settings will be reset to values provided every time hooks run