vault-wrap: Рабочий вариант. INF-1541
This commit is contained in:
parent
33f90e5e02
commit
62678531f4
|
@ -75,21 +75,21 @@ vault_wrap_deploy:
|
||||||
refs:
|
refs:
|
||||||
- main
|
- main
|
||||||
|
|
||||||
# traefik_deploy:
|
traefik_deploy:
|
||||||
# <<: *dedicated-runner
|
<<: *dedicated-runner
|
||||||
# stage: deploy
|
stage: deploy
|
||||||
# script:
|
script:
|
||||||
# - mkdir -p /home/gitlab-runner/traefik
|
- mkdir -p /home/gitlab-runner/traefik
|
||||||
# - docker volume create vault-wrap_traefik-ssl
|
- docker volume create vault-wrap_traefik-ssl
|
||||||
# - docker volume create vault-wrap_traefik-dynamic-conf
|
- docker volume create vault-wrap_traefik-dynamic-conf
|
||||||
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
|
- docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
|
||||||
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
|
- docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
|
||||||
# - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
|
- docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
|
||||||
# - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
|
- cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
|
||||||
# - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
||||||
# - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
|
- export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
|
||||||
# - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
|
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
|
||||||
# only:
|
only:
|
||||||
# refs:
|
refs:
|
||||||
# - main
|
- main
|
||||||
|
|
||||||
|
|
|
@ -6,15 +6,15 @@ services:
|
||||||
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
|
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
|
||||||
container_name: vault-wrap
|
container_name: vault-wrap
|
||||||
environment:
|
environment:
|
||||||
- ACTION_ADDRESS=${ACTION_ADDRESS:-secret.corp.samsonopt.ru}
|
- ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
|
||||||
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
||||||
- LISTEN_PORT=1234
|
- LISTEN_PORT=8080
|
||||||
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
||||||
- TLS_CERT_FILE=${TLS_CERT_FILE}
|
- TLS_CERT_FILE=${TLS_CERT_FILE}
|
||||||
- TZ=Europe/Moscow
|
- TZ=Europe/Moscow
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
ports:
|
||||||
- 1234:1234
|
- 1234:8080
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -27,4 +27,4 @@ providers:
|
||||||
endpoint: "unix:///var/run/docker.sock"
|
endpoint: "unix:///var/run/docker.sock"
|
||||||
exposedByDefault: false
|
exposedByDefault: false
|
||||||
file:
|
file:
|
||||||
filename: /configuration/certificates.yaml
|
filename: /configuration/certificates.yml
|
||||||
|
|
17
vault.go
17
vault.go
|
@ -251,7 +251,7 @@ func main() {
|
||||||
flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами")
|
flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами")
|
||||||
flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы")
|
flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы")
|
||||||
flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)")
|
flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)")
|
||||||
flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (host.name)")
|
flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (https://host.name)")
|
||||||
flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса")
|
flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса")
|
||||||
flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)")
|
flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)")
|
||||||
flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)")
|
flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)")
|
||||||
|
@ -303,19 +303,16 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
listenAddr := ":" + ListenPort
|
listenAddr := ":" + ListenPort
|
||||||
|
|
||||||
|
// ActionAddress = "https://" + ActionAddress
|
||||||
|
if Debug {
|
||||||
|
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
||||||
|
}
|
||||||
|
|
||||||
log.Println("Listening...")
|
log.Println("Listening...")
|
||||||
if TlsEnable {
|
if TlsEnable {
|
||||||
ActionAddress = "https://" + ActionAddress
|
|
||||||
if Debug {
|
|
||||||
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
|
||||||
}
|
|
||||||
log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil))
|
log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil))
|
||||||
} else {
|
} else {
|
||||||
ActionAddress = "http://" + ActionAddress
|
|
||||||
if Debug {
|
|
||||||
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
|
||||||
}
|
|
||||||
http.ListenAndServe(listenAddr, nil)
|
http.ListenAndServe(listenAddr, nil)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user