This architecture uses click-to-deploy so you can spin up infrastructure in minutes using terraform!
43% of the Web is built on Wordpress. Because of its simplicity and versatility, Wordpress can be used for internal websites and customer facing e-commerce platforms in small to large businesses, while still offering security. Cloud Run automatically scales your WordPress application to handle any amount of traffic, without requiring manual intervention. This means that your website can handle large traffic spikes, without worrying about capacity.
Cloud Run allows you to deploy your WordPress application quickly and easily, with a few clicks or commands. You can deploy your application from a container image stored in a container registry or directly from a Git repository. This click-to-deploy architecture leverages the serverless and scalability benefits of using Cloud Run to host a Wordpress Application connected to a PostgreSQL instance.
This repo is based on the Cloud Foundation Fabric blueprint available here.
These are some of the use cases you can build on top of this infrastructure:
- Business websites
- E-commerce websites
- Portfolios
- Non-profit websites
- Educational Websites
The main components that are deployed in this architecture are the following (you can learn about them by following the hyperlinks):
- Cloud Run: serverless PaaS offering to host containers for web-oriented applications, while offering security, scalability and easy versioning
- Cloud SQL: Managed solution for SQL databases
- VPC Serverless Connector: Solution to access the CloudSQL VPC from Cloud Run, using only internal IP addresses
Pricing Estimates - We have created a sample estimate based on some usage we see from new startups looking to scale. This estimate would give you an idea of how much this deployment would essentially cost per month at this scale and you extend it to the scale you further prefer. Here's the link.
- Click on Open in Google Cloud Shell button below. Sign in if required and when the prompt appears, click on “confirm”. It will walk you through setting up your architecture.
- Run the prerequisites script to enable APIs and set Cloud Build permissions.
sh prereq.sh
Please note - New organizations have the 'Enforce Domain Restricted Sharing' policy enforced by default. You may have to edit the policy to allow public access to your Cloud Run instance. Please refer to this page for more information.
- Run the Cloud Build Job
gcloud builds submit . --config build/cloudbuild.yaml
🎉 Congratulations! 🎉
You have successfully deployed the foundation for running Wordpress using CloudRun on Google Cloud.
Notes:
- If you want to change your admin password later on, please note that you can only do so via the Wordpress user interface.
- If you have the domain restriction org. policy on your organization, you have to edit the
cloud_run_invokervariable and give it a value that will be accepted in accordance to your policy.
If you face a problem, please check out the known issues section.
Upon completion, you will see the output with the values for the Cloud Run service and the user and password to access the /admin part of the website. You can also view it later with:
terraform output
or for the concrete variable:
terraform output cloud_run_service
When clicking on the Wordpress link, it will immediately prompt you to register as an administrator. The password will be pre-filled and can be changed after registration.
Execute the command below on Cloud Shell to delete the resources, so there will be no billable charges made afterwards..
gcloud builds submit . --config build/cloudbuild_destroy.yaml
You might get the following error (or a similar one):
│ Error: resource is in failed state "Ready:False", message: Revision '...' is not ready and cannot serve traffic.│
In case this happens, manually run
gcloud builds submit . --config build/cloudbuild.yaml
to run the installation again.
A special thank you goes out to Natalia Strelkova (skalolazka) and Grigory Movsesyan, the original developers of this example architecture.
| name | description | type | default |
|---|---|---|---|
| project_id | Project id, references existing project if project_create is null. |
string |
|
| wordpress_image | Image to run with Cloud Run, starts with "gcr.io" | string |
mirror.gcr.io/library/wordpress |
| cloud_run_invoker | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone) | string |
"allUsers" |
| cloudsql_password | CloudSQL password (will be randomly generated by default) | string |
null |
| connector | Existing VPC serverless connector to use if not creating a new one | string |
null |
| create_connector | Should a VPC serverless connector be created or not | bool |
true |
| ip_ranges | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC | object({…}) |
{…} |
| prefix | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string |
"" |
| principals | List of users to give rights to (CloudSQL admin, client and instanceUser, Logging admin, Service Account User and TokenCreator), eg 'user@domain.com'. | list(string) |
[] |
| project_create | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) |
null |
| region | Region for the created resources | string |
|
| wordpress_password | Password for the Wordpress user (will be randomly generated by default) | string |
null |
| wordpress_port | Port for the Wordpress image | number |
8080 |
| name | description | sensitive |
|---|---|---|
| cloud_run_service | CloudRun service URL | ✓ |
| cloudsql_password | CloudSQL password | ✓ |
| wp_password | Wordpress user password | ✓ |
| wp_user | Wordpress username |