From 13c4bda841f43db1b535a7ee799e36f33c3b3bc8 Mon Sep 17 00:00:00 2001 From: svkalinin Date: Tue, 9 Jul 2024 16:28:45 +0300 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D0=BB=20?= =?UTF-8?q?=D0=B7=D0=B0=D0=BF=D1=83=D1=81=D0=BA=20=D0=B2=20=D0=B4=D0=BE?= =?UTF-8?q?=D0=BA=D0=B5=D1=80.=20=D0=A1=D0=B1=D0=BE=D1=80=D0=BA=D1=83=20?= =?UTF-8?q?=D0=B8=20=D0=B7=D0=B0=D0=BF=D1=83=D1=81=D0=BA=20=D1=87=D0=B5?= =?UTF-8?q?=D1=80=D0=B5=D0=B7=20=D0=B3=D0=B8=D1=82=D0=BB=D0=B0=D0=B1.=20IN?= =?UTF-8?q?F-1541?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitlab-ci.yml | 68 ++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile | 9 +++++- docker-compose.yml | 24 ++++++++++++++++ entrypoint.sh | 8 ++++++ vault.go | 5 ---- 5 files changed, 108 insertions(+), 6 deletions(-) create mode 100644 .gitlab-ci.yml create mode 100644 docker-compose.yml create mode 100644 entrypoint.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..90239f2 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,68 @@ +stages: + - build + - release + - deploy + +variables: + DOCKER_DRIVER: overlay2 + IMAGE_PATH: $CI_REGISTRY/$CI_PROJECT_PATH + # IMAGE_VERSION: $CI_COMMIT_SHORT_SHA + RELEASE_VERSION: $CI_COMMIT_SHORT_SHA + +before_script: + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + - mkdir -p .ci_status + +.dedicated-builder: &dedicated-builder + tags: + - build1-shell + + +.dedicated-runner: &dedicated-runner + tags: + - runner1-prod-shell + +vault_wrap_build: + <<: *dedicated-builder + stage: build + script: + - DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose -f vault-wrap/docker-compose.yml build vault-wrap + - docker tag $IMAGE_PATH/vault-wrap:$RELEASE_VERSION $IMAGE_PATH/vault-wrap:dev + - docker push $IMAGE_PATH/vault-wrap:dev + - touch .ci_status/vault_wrap_build + only: + refs: + - master + changes: + - vault-wrap.go + - Dockerfile + - entrypoint.sh + - docker-compose.yml + - .gitlab-ci.yml + artifacts: + paths: + - .ci_status/ + +# --------------- RELEASE STAGE -------------# +vault_wrap_release: + <<: *dedicated-builder + stage: release + script: + - if [ -e .ci_status/vault_wrap_build ]; then docker pull $IMAGE_PATH/vault-wrap:dev; docker tag $IMAGE_PATH/vault-wrap:dev $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; docker push $IMAGE_PATH/vault-wrap:$RELEASE_VERSION; touch .ci_status/vault_wrap_release; fi + artifacts: + paths: + - .ci_status/ + only: + refs: + - master + + +#-------------- DEPLOY STAGE ------------------# +vault_wrap_deploy: + <<: *dedicated-runner + stage: deploy + script: + - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d vault-wrap; fi + only: + refs: + - master diff --git a/Dockerfile b/Dockerfile index e517f92..5d30cce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,11 +9,18 @@ RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/vault-wrap ./vault.go FROM alpine:3.20 RUN apk add tzdata #RUN apk --no-cache add ca-certificates +RUN mkdir -p /usr/local/share/vault-wrap && mkdir -p WORKDIR /usr/bin COPY --from=build /go/src/app/bin /go/bin # COPY cronjobs /etc/crontabs/root -./bin/vault-wrap -action-address "${ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "${TLS_CERT}" -tls-key "${TLS_KEY}" +COPY entrypoint.sh . + +# COPY cronjobs /etc/crontabs/root + # start crond with log level 8 in foreground, output to stderr # CMD ["crond", "-f", "-d", "8"] + +ENTRYPOINT ["/bin/sh", "./entrypoint.sh"] + diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..23e3f1e --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,24 @@ +version: '3' + +services: + vault-wrap: + # $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml + image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION + environment: + - ACTION_ADDRESS=${ACTION_ADDRESS} + - VAULT_ADDRESS=${VAULT_ADDRESS} + - TLS_KEY_FILE=${TLS_KEY_FILE} + - TLS_CERT_FILE=${TLS_CERT_FILE} + - HTML_TEMPLATE_DIR=${HTML_TEMPLATE_DIR} + - TZ=Europe/Moscow + restart: always + build: + context: . + volumes: + - vault-wrap-log:/var/log/vault-wrap + - vault-wrap-conf:/usr/local/share/vault-wrap + logging: + # driver: "syslog" + options: + max-size: "10m" + max-file: "5" diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..2f0ae4f --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -u + +while true ;do + /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log + + sleep 120 +done diff --git a/vault.go b/vault.go index 747906d..cd69a71 100644 --- a/vault.go +++ b/vault.go @@ -18,11 +18,6 @@ import ( "github.com/gorilla/mux" "github.com/sethvargo/go-password/password" - // "io" - // "io/ioutil" - - // "github.com/hashicorp/vault-client-go" - // "github.com/hashicorp/vault-client-go/schema" ) // {