WordPress flux integration

info

This runbook configures the WordPress application repo (website/coach) into the cluster via the flux-config repo so that Flux can reconcile k8s/prod/ with SOPS decryption enabled.

WordPress GitOps series

WordPress GitOps summary
WordPress repo and prerequisites
WordPress manifests
WordPress flux integration - you are here
WordPress operations, restore and backups

1. Create manifests in `flux-config`

This prepares the cluster-side objects and ensures the namespace exists before the app is applied.

1.1 Pull updates and create directories

cd ~/Projects/flux-config
git pull
mkdir -p clusters/my-cluster/wordpress/coach

1.2 Expected directory layout

tree -a -I '.git|.DS_Store'

clusters/my-cluster/
        └── wordpress
            ├── 00-kustomization-coach.yaml
            ├── coach
            │   ├── 00-namespace.yaml
            │   ├── 10-kustomization.yaml
            │   ├── kustomization.yaml
            │   └── source.yaml
            └── kustomization.yaml

warning

Ensure clusters/my-cluster/kustomization.yaml includes ./wordpress, or nothing under this folder will ever reconcile.

2. Flux Kustomization to include WordPress

This tells Flux to apply clusters/my-cluster/wordpress/coach from flux-config.

2.1 `00-kustomization-coach.yaml`

# clusters/my-cluster/wordpress/00-kustomization-coach.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: wordpress-coach
  namespace: flux-system
spec:
  interval: 5m
  path: ./clusters/my-cluster/wordpress/coach
  prune: true
  sourceRef:
    kind: GitRepository
    name: flux-system
  wait: true

2.2 WordPress aggregator `kustomization.yaml`

# clusters/my-cluster/wordpress/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - ./coach

3. Namespace manifest

This ensures the namespace exists before Flux tries to apply app resources into it.

3.1 `00-namespace.yaml`

# clusters/my-cluster/wordpress/coach/00-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: wp-coach
  labels:
    app.kubernetes.io/name: coach
    app.kubernetes.io/part-of: wordpress

4. GitRepository and Kustomization for the app repo

This points Flux to the app repo and enables SOPS decryption.

4.1 GitRepository: `source.yaml`

# clusters/my-cluster/wordpress/coach/source.yaml
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: wordpress-coach
  namespace: flux-system
spec:
  interval: 1m
  url: ssh://git@git-ssh.reids.net.au/website/coach.git
  ref:
    branch: main
  secretRef:
    name: flux-ssh-auth

4.2 Kustomization: `10-kustomization.yaml`

# clusters/my-cluster/wordpress/coach/10-kustomization.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: wordpress-coach
  namespace: flux-system
spec:
  interval: 5m
  path: ./k8s/prod
  prune: true
  sourceRef:
    kind: GitRepository
    name: wordpress-coach
  decryption:
    provider: sops
    secretRef:
      name: sops-age
  wait: true
  timeout: 10m

4.3 Kustomize wrapper: `kustomization.yaml`

# clusters/my-cluster/wordpress/coach/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - 00-namespace.yaml
  - source.yaml
  - 10-kustomization.yaml

5. Ensure cluster root includes `./wordpress`

This is the usual cluster-level Kustomize entrypoint pattern.

5.1 Cluster root `kustomization.yaml`

# clusters/my-cluster/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - ./cloudflare
  - ./origin-ca-issuer
  - ./wordpress

6. Commit and reconcile

This applies the flux-config changes and forces Flux to pick up the new GitRepository and Kustomization.

6.1 Commit and push

git add .
git commit -m "add wordpress coach via Flux"
git push

6.2 Force reconciliation

flux reconcile source git wordpress-coach -n flux-system
flux reconcile kustomization wordpress-coach -n flux-system --with-source

6.3 Verify

flux get sources git -n flux-system
flux get kustomizations -n flux-system
kubectl -n wp-coach get pods,svc,ingress
kubectl -n wp-coach get certificate muppit-au-origin
kubectl -n wp-coach get secret

7. Verification checklist

flux get sources git -n flux-system includes wordpress-coach Ready
flux get kustomizations -n flux-system includes wordpress-coach Ready
kubectl -n wp-coach get pods shows WordPress and MariaDB Ready

WordPress GitOps series​

1. Create manifests in flux-config​

1.1 Pull updates and create directories​

1.2 Expected directory layout​

2. Flux Kustomization to include WordPress​

2.1 00-kustomization-coach.yaml​

2.2 WordPress aggregator kustomization.yaml​

3. Namespace manifest​

3.1 00-namespace.yaml​

4. GitRepository and Kustomization for the app repo​

4.1 GitRepository: source.yaml​

4.2 Kustomization: 10-kustomization.yaml​

4.3 Kustomize wrapper: kustomization.yaml​

5. Ensure cluster root includes ./wordpress​

5.1 Cluster root kustomization.yaml​

6. Commit and reconcile​

6.1 Commit and push​

6.2 Force reconciliation​

6.3 Verify​

7. Verification checklist​