Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
git_repo:
enabled: false
name: /my/repo
url: gitlab.com
version: "HEAD"
token_user: token-here
token_key: key-here
wp_content_dir: "."
# Default settings for OpenID Connect
openid_connect_settings:
enabled: false
# Client ID must correspond to client id setting in OpenID provider
client_id: wordpress
# Show a buton for SSO on login form (alternative is "auto" for SSO autologin)
login_type: button
# User WP gets access to
scope: email profile openid
identity_key: preferred_username
# Turn on to ignore SSL errors with OID providers (DON'T USE IN PRODUCTION!)
no_sslverify: "0"
# Timeout in seconds to wait for OID http requests
http_request_timeout: "5"
# Require users be logged in to see the site.
enforce_privacy: "0"
# Set to "1" to provide an alternative redirect route. Useful if your server
# is causing issues with the default admin-ajax method. You must flush rewrite
# rules after changing this setting. This can be done by saving the Permalinks
# settings page.
alternate_redirect_uri: "0"
# Where in the user claim array to find the user's nickname. Possible standard
# values: preferred_username, name, or sub.
nickname_key: "preferred_username"
# String from which the user's email address is built. Specify "{email}" as
# long as the user claim contains an email claim.
# This value is quoted twice, because otherwise the wp cli call interprets
# this as JSON instead of as a string.
email_format: "'{email}'"
# String from which the user's display name is built.
# Example: "{given_name} {family_name}"
displayname_format: ""
# If "1", the user's identity will be determined by the user name instead of
# the email address.
identify_with_username: "0"
# State valid time in seconds.
state_time_limit: "180"
# If a WordPress account already exists with the same identity as a
# newly-authenticated user over OpenID Connect, login as that user instead of
# generating an error.
link_existing_users: "0"
# After a successful OpenID Connect authentication, this will redirect the
# user back to the page on which they clicked the OpenID Connect login button.
# This will cause the login process to proceed in a traditional WordPress
# fashion. For example, users logging in through the default wp-login.php page
# would end up on the WordPress Dashboard and users logging in through the
# WooCommerce "My Account" page would end up on their account page.
redirect_user_back: "0"
# When enabled, this will automatically redirect the user back to the
# WordPress login page if their access token has expired.
redirect_on_logout: "1"
# Very simple log messages for debugging purposes.
enable_logging: "0"
log_limit: "1000"
# # Arbitrary secret key the server expects from this client.
# client_secret: REPLACE_THIS
# endpoint_login: https://sso.example.com/oauth2/auth
# endpoint_userinfo: https://sso.example.com/oauth2/userinfo
# endpoint_token: https://sso.example.com/oauth2/token
# endpoint_end_session: https://sso.example.com/logout
# If set to true roles are mapped to users when they log in. If this value is
# set to true, role_key has to be set as well.
role_mapping_enabled: false
# Where in the user claim array to find the user's roles. Possible standard
# values: roles or groups
role_key: "roles"
wordpress:
config:
db:
prefix: wp_
adm:
usid: admin
pssw: CHANGE-THIS-PASSWORD
email: mail@example.com
site:
multilingual:
enabled: false
plugins: []
config: []
# NOTE: Use a theme *slug* here
theme: twentytwenty
theme_fallback: twentytwenty
# NOTE: Make sure you use underscore and that the localisation is in full caps
locale: en_US
url: "http://localhost"
title: "Wordpress Helm"
## If including a plugin to alias wp login then set a path for alt and also set the config
# NOTE: The value of alt enabled must be set as true or false
alt:
enabled: false
# config: PATH-SETTING-IN-OPTIONS-TABLE
# path: SOME-LOGIN-PATH
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Path used by the liveness and readiness probes to see if the site runs
# correctly. Defaults to `/wp-login.php`
probe_path: /wp-login.php
wp_content:
## The directory to mount the files placed in wp-content. You shouldn't have to
## change this.
mount_path: /var/www/wp-content-mount
wp_upload:
## The directory to mount the files placed in wp-content/uploads. You shouldn't
## have to change this.
mount_path: /var/www/wp-uploads-mount
## Contents of the .htaccess file that is mounted in the `wpUploadMnt` directory
htaccess: |
## Disable access to all file types except the following
Require all denied
<Files ~ ".(xml|css|js|jpe?g|png|gif)$">
Require all granted
</Files>
## Detailed list of mu values and plugins with versions
## mu_plugins_dir 'mu-plugins' maps to wp-content/mu-plugins
## mu_plugins are installed as hidden and cannot be updated from the UI
# NOTE: A value for mu_plugins_enabled must be set. Use either true or false
mu_plugins_enabled: false
mu_plugins_dir: mu-plugins
# See values-local.yaml.example for an example value
mu_plugins: {}
## Enable externally triggered cron if a cron plugin is installed
# NOTE: mu_cron must be have the "enabled" value set as either true or false
mu_cron:
enabled: false
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# See values-local.yaml.example for an example value
persistence:
## Enable the use of a persistent volume
enabled: true
size: 1Gi
accessMode: ReadWriteOnce
# storageClass:
# existingClaim:
service:
type: ClusterIP
port: 8080
## Dictionary with variables that are inserted into the wordpress-init default
## task. Feel free to override these if necessary
ansibleVars:
wordpress_homedir: /var/www/html
wp_user: www-data
wp_group: www-data
config_user: nobody
config_group: nogroup
dbcharset: utf8mb4
dbcollate: utf8mb4_unicode_ci
cli_args: "--path={{ wordpress_homedir }}"
## Perms
mode_0750: u+rwx-s,g+rx-ws,o-rwx
mode_0640: u+rw-sx,g+r-wxs,o-rwx
mode_0644: u+rw-sx,g+r-wxs,o+r-wx
mode_0440: u+r-wxs,u+r-wxs,o-rwx
mode_0600: u+rw-xs,g-rwxs,o-rwx
#Config Directory
config_dir: /var/www
## Plugins
wordpress_default_plugins: "[classic-editor]"
wpSalts: {}
image:
repository: open.greenhost.net:4567/openappstack/wordpress-helm/wordpress
pullPolicy: Always
initImage:
repository: open.greenhost.net:4567/openappstack/wordpress-helm/wordpress-cli-ansible
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
pullPolicy: Always
ingress:
enabled: false
annotations:
# kubernetes.io/tls-acme: "true"
path: /
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
database:
db:
user: wordpress
password: CHANGE-THIS-PASSWORD
name: wordpress_db
replication:
enabled: true
master:
persistence:
size: 4Gi
config: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=utf8mb4
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
slave:
persistence:
size: 4Gi
config: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=utf8mb4
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
redis:
# Set this to true to have a Redis container next to your WP. The WP will be
# configured to connect to this Redis and `Redis Object Cache` plugin will be
# installed as a conventional plugin.
# # Set to true you want redis to have persistence:
# master:
# persistence:
# enabled: false
# # Set to true to have a master and a slave redis. Not necessary for caching
# cluster:
# enabled: false
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
backup:
enabled: false
# Some of the variables configured above are put into a variable here, that's
# completely stored as a b64encoded secret in Kubernetes. If you're not a
# developer, never change this variable, only change the variables it points to.
ansibleSecrets: |
DB_HOST: {{ .Release.Name }}-database
DB_NAME: {{ .Values.database.db.name }}
DB_PASS: {{ .Values.database.db.password }}
DB_PREFIX: {{ .Values.wordpress.config.db.prefix}}
DB_USER: {{ .Values.database.db.user }}
LOCALE: {{ .Values.wordpress.site.locale }}
WP_CONTENT_DIR: {{ .Values.wordpress.wp_content.mount_path }}
WP_CONTENT_REPO_CONTENT_DIR: {{ .Values.git_repo.wp_content_dir }}
WP_CONTENT_REPO_ENABLED: {{ .Values.git_repo.enabled }}
WP_CONTENT_REPO_URL: https://{{ .Values.git_repo.token_user }}:{{ .Values.git_repo.token_key }}@{{ .Values.git_repo.url }}{{ .Values.git_repo.name }}
WP_CONTENT_REPO_VERSION: {{ .Values.git_repo.version }}
WP_EMAIL: {{ .Values.wordpress.config.adm.email }}
WP_PASS: {{ .Values.wordpress.config.adm.pssw }}
WP_REDIS_ENABLED: {{ .Values.redis.enabled }}
WP_REDIS_HOST: {{ .Release.Name }}-redis-master
WP_REDIS_PASSWORD: {{ .Values.redis.password | default ( randAlphaNum 15 ) }}
WP_THEME: {{ .Values.wordpress.site.theme }}
WP_THEME_FALLBACK: {{ .Values.wordpress.site.theme_fallback }}
WP_TITLE: {{ .Values.wordpress.site.title }}
WP_UPLOAD_DIR: {{ .Values.wordpress.wp_upload.mount_path }}
WP_URL: {{ .Values.wordpress.site.url }}
WP_USER: {{ .Values.wordpress.config.adm.usid }}
WP_VERSION: {{ .Values.wordpress.site.version }}
WP_ALT_ENABLED: {{ .Values.wordpress.site.alt.enabled }}
WP_ALT_CONFIG: {{ .Values.wordpress.site.alt.config }}
WP_ALT_PATH: {{ .Values.wordpress.site.alt.path }}
WP_MU_PLUGINS_ENABLED: {{ .Values.wordpress.mu_plugins_enabled }}
WP_MU_PLUGINS_DIR: {{ .Values.wordpress.mu_plugins_dir }}
WP_MU_PLUGINS: {{ .Values.wordpress.mu_plugins | toJson }}
WP_MU_CRON_ENABLED: {{ .Values.wordpress.mu_cron.enabled }}
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
WP_MU_CRON_SETTINGS: {{ .Values.wordpress.mu_cron | toJson }}
WP_MULTILINGUAL_ENABLED: {{ .Values.wordpress.site.multilingual.enabled }}
WP_MULTILINGUAL_PLUGINS: {{ .Values.wordpress.site.multilingual.plugins }}
WP_MULTILINGUAL_CONFIG: {{ quote .Values.wordpress.site.multilingual.config }}
WP_OPENID_CONNECT_ENABLED: {{ .Values.openid_connect_settings.enabled }}
WP_OPENID_CONNECT_SETTINGS:
alternate_redirect_uri: {{ .Values.openid_connect_settings.alternate_redirect_uri }}
client_id: {{ .Values.openid_connect_settings.client_id }}
client_secret: {{ .Values.openid_connect_settings.client_secret }}
displayname_format: {{ .Values.openid_connect_settings.displayname_format }}
email_format: {{ .Values.openid_connect_settings.email_format }}
enable_logging: {{ .Values.openid_connect_settings.enable_logging }}
endpoint_end_session: {{ .Values.openid_connect_settings.endpoint_end_session }}
endpoint_login: {{ .Values.openid_connect_settings.endpoint_login }}
endpoint_token: {{ .Values.openid_connect_settings.endpoint_token }}
endpoint_userinfo: {{ .Values.openid_connect_settings.endpoint_userinfo }}
enforce_privacy: {{ .Values.openid_connect_settings.enforce_privacy }}
http_request_timeout: {{ .Values.openid_connect_settings.http_request_timeout }}
identify_with_username: {{ .Values.openid_connect_settings.identify_with_username }}
identity_key: {{ .Values.openid_connect_settings.identity_key }}
link_existing_users: {{ .Values.openid_connect_settings.link_existing_users }}
login_type: {{ .Values.openid_connect_settings.login_type }}
log_limit: {{ .Values.openid_connect_settings.log_limit }}
nickname_key: {{ .Values.openid_connect_settings.nickname_key }}
no_sslverify: {{ .Values.openid_connect_settings.no_sslverify }}
redirect_on_logout: {{ .Values.openid_connect_settings.redirect_on_logout }}
redirect_user_back: {{ .Values.openid_connect_settings.redirect_user_back }}
scope: {{ .Values.openid_connect_settings.scope }}
state_time_limit: {{ .Values.openid_connect_settings.state_time_limit }}
WP_SALTS:
AUTH_KEY: {{ .Values.wpSalts.AUTH_KEY | default ( randAlphaNum 32) }}
AUTH_SALT: {{ .Values.wpSalts.AUTH_SALT | default ( randAlphaNum 32) }}
LOGGED_IN_KEY: {{ .Values.wpSalts.LOGGED_IN_KEY | default ( randAlphaNum 32) }}
LOGGED_IN_SALT: {{ .Values.wpSalts.LOGGED_IN_SALT | default ( randAlphaNum 32) }}
NONCE_KEY: {{ .Values.wpSalts.NONCE_KEY | default ( randAlphaNum 32) }}
NONCE_SALT: {{ .Values.wpSalts.NONCE_SALT | default ( randAlphaNum 32) }}
SECURE_AUTH_KEY: {{ .Values.wpSalts.SECURE_AUTH_KEY | default ( randAlphaNum 32) }}
SECURE_AUTH_SALT: {{ .Values.wpSalts.SECURE_AUTH_SALT | default ( randAlphaNum 32) }}
WP_CACHE_KEY_SALT: {{ .Values.wpSalts.WP_CACHE_KEY_SALT | default ( randAlphaNum 32) }}
WP_CRON_CONTROL_SECRET: {{ .Values.wpSalts.WP_CRON_CONTROL_SECRET | default ( randAlphaNum 32 ) }}
## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1