WordPress Operator

Kubernetes Operator written in Go for fully automated, high-performance WordPress deployments integrating AWS RDS, S3, and Secrets Manager

CUSTOM TOOLS
CLOUD INFRA
WordPress Operator Preview
Production infrastructure - not publicly accessible
Private repository - available upon request

WordPress Operator

A production-grade Kubernetes Operator written in Go, built to deploy and manage WordPress environments automatically with AWS-native infrastructure integration.
This operator eliminates manual setup by provisioning RDS databases, S3 buckets, and Secrets Manager entries, while deploying fully optimized PHP-FPM and NGINX containers tuned for WordPress performance and reliability.

Overview

The WordPress Operator encapsulates the entire lifecycle of a WordPress site — infrastructure, application, and runtime — into a single declarative resource.
Engineered with controller-runtime and client-go, it observes WordPressSite custom resources and reconciles the full stack: AWS services, Kubernetes resources, and application configuration, delivering consistent, self-healing deployments at scale.

Key Features

  • Declarative Site Creation – Deploy a complete WordPress site (database, secrets, storage, ingress, autoscaling) from one manifest.
  • AWS Integration
    • Automated RDS MySQL instance creation with subnet groups, parameter groups, and backup policies
    • S3 bucket provisioning for media offload with lifecycle and versioning
    • Secrets Manager integration for secure credential rotation
  • Custom Runtime Images
    • PHP-FPM Container: Minimal Alpine base, tuned for Opcache, Redis, and concurrent request throughput
    • NGINX Container: Custom caching layer with Brotli, Gzip, and pre-compressed static assets
  • Built-In Observability – Structured logging, Prometheus metrics, and reconciliation health checks
  • Resilient State Management – Idempotent reconciliation ensures desired state consistency even under network or API retries
  • GitOps Ready – Fully declarative, designed for Argo CD or Flux pipelines

Architecture

  • Language: Go (1.22+)
  • Framework: Kubebuilder (controller-runtime)
  • CRDs: WordPressSite and DatabaseInstance resources
  • Databases: AWS RDS (MySQL / Aurora)
  • Storage: S3 buckets for uploads and caching
  • Secrets: AWS Secrets Manager for secure credential delivery to pods
  • Ingress: NGINX with optional cert-manager TLS automation
  • Deployments:
    • Custom graystack-wordpress-php-fpm image
    • Custom graystack-wordpress-nginx image
  • Scalability: HPA and PDB templates per site with auto-tuned requests/limits

Performance Benchmarks

  • Deployment Time: Full WordPress environment ready in under 90 seconds
  • TTFB (cached): ~100–150ms on edge ingress
  • Uptime SLA: 99.99% with pod disruption budgets and graceful restarts
  • Asset Delivery: ~40% faster via S3 offload vs EFS baseline
  • Concurrency Handling: Sustains 1,000+ RPS on read-heavy workloads

Example Workflow

  1. Developer creates a site manifest:

    apiVersion: graystack.dev/v1alpha1
kind: WordPressSite
metadata:
  name: wp-gdlrural
spec:
  domain: gdlrural.com.au
  phpVersion: "8.2"
  replicas: 2
  storage:
    type: s3
  database:
    engine: mysql
    size: small

  2. Operator workflow:

    • Provisions an RDS instance with automated backups
    • Creates an S3 bucket and IAM role
    • Stores credentials in AWS Secrets Manager
    • Deploys optimized PHP-FPM + NGINX pods
    • Configures Ingress with TLS via cert-manager

  3. The site goes live — fully integrated, secure, and auto-scaled within minutes.

DevOps & Reliability

  • CI/CD: GitHub Actions pipelines integrated with Argo CD for automated environment syncs
  • IAM: IRSA for pod-level fine-grained AWS permissions
  • Backup & Recovery:
    • Automated RDS snapshotting
    • S3 versioning with lifecycle policies
  • Observability: Datadog and Prometheus exporters for reconciliation metrics
  • Network Policies: Enforced isolation for site-specific traffic

Results & Impact

  • Reduced provisioning from hours to 90 seconds
  • Delivered repeatable infrastructure parity across dev, staging, and production
  • Eliminated configuration drift with strict reconciliation logic
  • Enabled self-service WordPress deployment for multiple business units
  • Improved page load performance and reliability under high concurrent traffic

Technologies Used

LayerTechnology
LanguageGo 1.22+
FrameworkKubebuilder / controller-runtime
KubernetesEKS
DatabaseAWS RDS (MySQL / Aurora)
StorageAmazon S3 + EFS (optional)
SecretsAWS Secrets Manager
ContainersCustom PHP-FPM + NGINX builds
CI/CDGitHub Actions + Argo CD
MonitoringPrometheus / Datadog
IAM IntegrationIRSA (IAM Roles for Service Accounts)

Summary

The WordPress Operator represents a next-generation approach to WordPress hosting — combining cloud-native automation with infrastructure intelligence.
By leveraging Go, Kubebuilder, and AWS integration, it transforms WordPress management into a declarative, scalable, and observable system — delivering unmatched reliability and performance for enterprise and internal use cases alike.

LET'S MAKE IT HAPPEN TOGETHER

We uncover insights to achieve timelessness and relevance in this rapidly changing world.