vault-wrap: Правка запучска в части https

This commit is contained in:
svkalinin 2024-07-11 08:20:24 +03:00
parent 3da3dfed44
commit 58803532da
2 changed files with 18 additions and 17 deletions

View File

@ -74,21 +74,21 @@ vault_wrap_deploy:
refs: refs:
- main - main
traefik_deploy: # traefik_deploy:
<<: *dedicated-runner # <<: *dedicated-runner
stage: deploy # stage: deploy
script: # script:
- mkdir -p /home/gitlab-runner/traefik # - mkdir -p /home/gitlab-runner/traefik
- docker volume create vault-wrap_traefik-ssl # - docker volume create vault-wrap_traefik-ssl
- docker volume create vault-wrap_traefik-dynamic-conf # - docker volume create vault-wrap_traefik-dynamic-conf
- docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary # - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
- docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary # - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
- docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary # - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
- cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml # - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt # - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
- export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key # - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi # - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
only: # only:
refs: # refs:
- main # - main

View File

@ -29,6 +29,7 @@ services:
- "traefik.http.services.secret.loadbalancer.server.port=443" - "traefik.http.services.secret.loadbalancer.server.port=443"
- "traefik.docker.network=reverse-proxy" - "traefik.docker.network=reverse-proxy"
- "traefik.http.routers.secret.tls=true" - "traefik.http.routers.secret.tls=true"
- "traefik.http.services.secret.loadbalancer.server.scheme=https"
networks: networks:
- default - default
- vault-wrap - vault-wrap