Deploying WordPress in Kubernetes exposed via Cloudflare Tunnels

So this is the story of how you are reading this blog, technically speaking.

When thinking about creating this blog, I realized that already had available compute and storage capabilities in my home lab, so why not using it to be the home of my tech blog project?

The following steps are not challenging, I’m assuming you already have a running MicroK8s cluster on your home server (or servers). In my case as the time of this writing it’s running on a couple of Intel NUCs with some external NFS storage attached as described on a previous post.

In order to deploy WordPress, I’m using the Bitnami Helm charts. Bitnami does a great job of curated releases of software packages with great documentation, you can find the details of this specific one here.

To expose the site on the Internet, I decided to test Cloudflare Tunnels. Even having the chance to expose via a reverse tunnel as explained here, Cloudflare offers a robust tunnel solution integrated with its CDN and cache capabilities, for free!!!

Deploying WordPress

First make sure to enable both the Helm and Metallb addons, will be using those on this deployment.

Enable the Bitnami repo for Helm:

$ microk8s helm repo add bitnami

As I want to customize my deployment, I created a values.yml file with the specific custom values to override the default chart ones:

  storageClass: nfs-csi

wordpressUsername: youruser
wordpressPassword: yourpassword
wordpressEmail: [email protected]
wordpressFirstName: First Name
wordpressLastName: Last Name
wordpressBlogName: Blog Name
replicaCount: 2

  loadBalancerIP: XXX.XXX.XXX.XXX

  enabled: true
  hostname: hostname.lan

  storageClass: nfs-csi
    - ReadWriteMany
  size: 20Gi

      storageClass: nfs-csi
      size: 10Gi
    username: username 
    password: password

First I define what storage class to use for all the required persistent volumes, in this case nfs-csi.

Then there are several WordPress specific values to define the blog data.

In my case I decided to have 2 replicas of WordPress, just for high availability.

Then I’m defining a value for loadBalancerIP, this is a specific IP address to be used by Melallb to expose the blog outside the cluster.

I’m also defining an ingress, which will be configured in my internal DNS for local LAN access.

Finally there are some definitions for persistent storage classes and sizes, and in the case of MariaDB also a user name and password.

With all this values defined in the values.yml file, you can deploy WordPress using Helm:

$ microk8s kubectl create namespace wordpress

$ microk8s helm install -f values.yml -n wordpress myblog bitnami/wordpress

After a while WordPress should be available by accessing through the defined load balancer IP address.

Expose via Cloudflare Tunnel

First of all create an account in Cloudflare if you don’t have one already.

The first step would be to define the site in Cloudflare, and delegate the DNS resolution of your domain to Cloudflare. This step requires to setup the assigned Cloudflare nameservers on your domain registrar. With this Cloudflare can fully manage your domain resolution and apply its protection and cache magic.

The next step is to create the tunnel from your local K8s cluster to Cloudflare.

Look for the Traffic section on Cloudflare dashboard, and there will find the Cloudflare Tunnel option. Launch the Zero Trust Dashboard.

This opens a new page where the tunnel can be defined, go to Access and then Tunnels.

There are two options to create tunnels, via dashboard of using the CLI, I decided to use the later to have more control over what’s going on.

The official instructions can be found here.

Major steps are:

  • Install the cloudflared daemon.
  • Authenticate using your credentials.
  • Create a tunnel with a specific name.
  • Create a configuration file with details for traffic routing.
  • Run the tunnel connection.

In my specific case, the configuration file looks like this:

url: http://XXX.XXX.XXX.XXX
credentials-file: /root/.cloudflared/XXXX-XXXX-XXXX-XXXX-XXXX.json

The url parameter is the already defined IP address of the local Metallb load balancer.

The tunnel id can be found on Cloudflare dashboard, and the credentials file corresponds to the tunnel id.

Running the tunnel connection and checking on the dashboard will give you a status of the link connection. You are ready to access your blog from anywhere on the Internet.

Let me know if this post was useful, and any comments or corrections you may find.


Related Posts

ZeroTier router to access my home network

Never had the real need to access my home network from the outside but recently as working back at the office is becoming a reality, I just…

Add shared storage to MicroK8s Kubernetes cluster

A big feature of any Kubernetes cluster is its capability to deploy running workloads among the different compute nodes depending on many factors, but primarily assuring availability…

NFS share with external SSD Raid 1 disks

When planning to provide my Kubernetes cluster with a dynamic storage provisioning option, I decided to use NFS to be able to attach volumes to multiple nodes…

Backup script for KVM virtual machines

KVM is a great virtualization engine, open source and light way. I’m running my Home Assistant VM inside an Intel NUC without any issues and super stable….

Expose Home Assistant on CG-NAT networks

There is no doubt that Home Assistant is a great home automation software that lets automate a wide range of home appliances. Open source and in constant…

0 0 votes
Article Rating
Notify of

Oldest Most Voted
Inline Feedbacks
View all comments