This article is a direct continuation of the previous guide. If you haven’t read it yet, start here: Initial Setup: WordPress on K3s (Ansible-managed).
This guide describes a clean, deterministic update pipeline for a WordPress stack running on Kubernetes via K3s, orchestrated with Ansible. Think of it as a layered onion of updates — each layer independently maintainable, yet fully composable. It also serves as a personal reference — a kind of living documentation — until these workflows become second nature to me 😉
🧱 Layer 1 — Operating System (AlmaLinux 9)
Security patches are handled automatically via dnf-automatic. For manual intervention:
dnf upgrade
If a kernel update is included:
reboot
- Firewall rules are re-applied via @reboot cron jobs
- K3s and all workloads recover automatically
⚙️ Layer 2 — K3s (Lightweight Kubernetes)
Check the current version:
k3s --version
Update K3s:
curl -sfL https://get.k3s.io | sh -
Verify cluster:
kubectl get pods -A
📦 Layer 3 — Helm Charts (ingress-nginx, cert-manager)
Update variables:
ingress_nginx_chart_version: "4.11.0" cert_manager_chart_version: "1.17.0"
Deploy:
ansible-playbook blog.yml --limit test
🐳 Layer 4 — Container Images
Update image tags:
blog_image_wordpress: "wordpress:6.8-fpm" blog_image_mariadb: "mariadb:11.5" blog_image_nginx: "nginx:1.28-alpine"
Deploy:
ansible-playbook blog.yml --limit test
⚠️ Note: Major MariaDB upgrades require a backup.
🧩 Layer 5 — WordPress Core & Plugins
Check updates:
kubectl exec deployment/wordpress -n wordpress -c wordpress-fpm -- \ php /var/www/html/wp-cli.phar core check-update \ --path=/var/www/html --allow-root
kubectl exec deployment/wordpress -n wordpress -c wordpress-fpm -- \ php /var/www/html/wp-cli.phar plugin list --update=available \ --path=/var/www/html --allow-root
Update core:
kubectl exec deployment/wordpress -n wordpress -c wordpress-fpm -- \ php /var/www/html/wp-cli.phar core update \ --path=/var/www/html --allow-root
Update plugins:
kubectl exec deployment/wordpress -n wordpress -c wordpress-fpm -- \ php /var/www/html/wp-cli.phar plugin update --all \ --path=/var/www/html --allow-root
Fix permissions:
kubectl exec deployment/wordpress -n wordpress -c wordpress-fpm -- \ chown -R www-data:www-data /var/www/html/wp-content
🚀 Recommended Update Pipeline
- dnf upgrade
- reboot (if needed)
- K3s update
- Update inventory (Helm + images)
- ansible-playbook
- wp-cli core update
- wp-cli plugin update –all
- Fix permissions
💡 Pro Tip: Steps 3–5 can be fully automated in a single Ansible run.
🧬 Final Thoughts
This setup follows a declarative, immutable infrastructure philosophy. Each layer updates independently, yet the system remains fully reproducible and predictable.
Less chaos. More control. Full nerd mode enabled. 🧠