vault-wrap: правка скриптов запуска.

This commit is contained in:
svkalinin 2024-07-10 15:12:03 +03:00
parent 7b29cf67b5
commit fe2716b1c3
3 changed files with 14 additions and 12 deletions

View File

@ -62,7 +62,7 @@ vault_wrap_deploy:
<<: *dedicated-runner <<: *dedicated-runner
stage: deploy stage: deploy
script: script:
- mkdir -p /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/ - docker volume create vault-wrap_vault-wrap-conf
- cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/ - cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
- cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/ - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
@ -76,13 +76,13 @@ traefik_deploy:
<<: *dedicated-runner <<: *dedicated-runner
stage: deploy stage: deploy
script: script:
- mkdir -p /srv/docker/volumes/traefik-conf/_data - mkdir -p /usr/lcal/etc/traefik
- mkdir -p /srv/docker/volumes/traefik-traefik-ssl/_data - docker volume create traefik_traefik-ssl
- mkdir -p /srv/docker/volumes/traefik-dynamic-conf/_data - docker volume create traefik_traefik-dynamic-conf
- cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/traefik-traefik-ssl/_data - cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/traefik-traefik-ssl/_data
- cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/traefik-traefik-ssl/_data - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/traefik_traefik-ssl/_data
- cp traefik-files/traefik.yml /srv/docker/volumes/traefik-conf/_data/traefik.yml - cp traefik-files/traefik.yml /usr/lcal/etc/traefik/traefik.yml
- cp traefik-files/certificates.yml /srv/docker/volumes/traefik-dynamic-conf/_data/certificates.yml - cp traefik-files/certificates.yml /srv/docker/volumes/traefik_traefik-dynamic-conf/_data/certificates.yml
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
- export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi

View File

@ -14,7 +14,7 @@ RUN mkdir -p /usr/local/share/vault-wrap && mkdir -p /var/log/vault-wrap
WORKDIR /usr/bin WORKDIR /usr/bin
COPY --from=build /app/bin /go/bin COPY --from=build /app/bin/vault-wrap /go/bin/vault-wrap
COPY entrypoint.sh . COPY entrypoint.sh .

View File

@ -5,7 +5,7 @@ services:
# $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml # $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
environment: environment:
- ACTION_ADDRESS=${ACTION_ADDRESS} - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
- VAULT_ADDRESS=${VAULT_ADDRESS} - VAULT_ADDRESS=${VAULT_ADDRESS}
- LISTEN_PORT=443 - LISTEN_PORT=443
- TLS_KEY_FILE=${TLS_KEY_FILE} - TLS_KEY_FILE=${TLS_KEY_FILE}
@ -41,10 +41,10 @@ services:
- --providers.file.directory=/configuration/ - --providers.file.directory=/configuration/
- --providers.file.watch=true - --providers.file.watch=true
volumes: volumes:
- ./configuration/:/configuration/ - traefik-dynamic-conf:/configuration/
- ./traefik.yml:/traefik.yml:ro - /usr/local/etc/traefik/traefik.yml:/traefik.yml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- ./ssl/:/ssl/:ro - traefik-ssl:/ssl/:ro
ports: ports:
- 80:80 - 80:80
- 8080:8080 - 8080:8080
@ -72,3 +72,5 @@ networks:
volumes: volumes:
vault-wrap-log: vault-wrap-log:
vault-wrap-conf: vault-wrap-conf:
traefik-conf:
traefik-ssl: