Skip to main content
FrankenPress is an opinionated, minimal way to run WordPress at scale on Kubernetes. Four small repos, one immutable site image, and a Helm chart that deploys on kind in under a minute.

Quickstart

Deploy a working WordPress site on a local kind cluster in 3 steps.

Architecture

What each * repo does and how they fit together.

Production topology

DragonflyDB Operator, MariaDB Operator, AWS S3, External Secrets.

Components

Deep dives into runtime, mu-plugin, site-template, and charts.

What’s in the box

1

Caddy + FrankenPHP runtime

A single-process container — no nginx, no PHP-FPM, no supervisord. runtime bakes caddyserver/cache-handler (Souin) for HTTP-level page caching with Redis-protocol storage.
2

Slim must-use plugin

Four components, all platform-housekeeping: S3UploadsBootstrap (refuses uploads when S3 isn’t fully configured — no silent local-disk fallback), SouinInvalidator (direct Redis DEL on save_post — bypasses cache-handler v0.16.0’s broken HTTP invalidation APIs), SiteHealth (suppresses Site Health tests whose failure is intentional under the immutable-image lockdown), and opt-in SMTPMailer (transport-agnostic SMTP for wp_mail() — Postmark, SendGrid, SES, etc.).
3

GitHub-template site

site-template is a Bedrock-layout WordPress site preconfigured for the runtime. Click “Use this template”, run fp init, you have a site — composer install, stack up, WP installed, latest snapshot applied, all in one command.
4

Bitnami-style Helm chart

charts ships site — a Helm chart that consumes any site-template-built image. Bundles MariaDB + Redis + MinIO subcharts for instant kind deploys. Production swaps to managed services / operators.
5

Auto-install on first deploy

A post-install Helm hook Job runs wp core install and wp core update-db so a fresh helm install produces a usable site — no manual kubectl exec. Idempotent across upgrades; opt-in syncAdminCredentials reconciles the admin password from a Secret on every release for ESO/Sealed-Secret rotation flows. See charts → First install.

Design principles

  • Immutable images, no admin-installable plugins. The “Update WordPress / plugins / themes” buttons are absent in admin. Lockdown is hard-coded; admin-side installs would land on ephemeral pod disk and vanish on restart anyway.
  • Single must-use plugin scope: S3 safety + cache invalidation. Anything else (URL fixers, object cache, metrics, WooCommerce log handlers) is a regular plugin sites install themselves.
  • Slim default deps. No WooCommerce, no opinionated theme picks. The site template ships only what’s strictly needed for WordPress to render.
  • No GitOps glue. The Helm chart deploys plain Deployment + Service + HTTPRoute. End users wrap with Argo Rollouts / Kargo / Flux / etc. as they see fit.

Why “FrankenPress”?

FrankenPHP — the modern PHP app server built on Caddy — does most of the heavy lifting for the runtime. We add Souin for HTTP cache, S3-Uploads for media, and just enough WordPress glue to make Bedrock-style sites work cleanly on Kubernetes.
FrankenPress is built and maintained by FrankenPress. All four * repositories are Apache-2.0 licensed.