vault-wrap: правка скриптов запуска.

.gitlab-ci.yml

@@ -62,7 +62,7 @@ vault_wrap_deploy:
   <<: *dedicated-runner
   stage: deploy
   script:
-    - mkdir -p /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
+    - docker volume create vault-wrap_vault-wrap-conf
     - cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
     - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
     - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
@@ -76,13 +76,13 @@ traefik_deploy:
   <<: *dedicated-runner
   stage: deploy
   script:
-    - mkdir -p /srv/docker/volumes/traefik-conf/_data
+    - mkdir -p /usr/lcal/etc/traefik
-    - mkdir -p /srv/docker/volumes/traefik-traefik-ssl/_data
+    - docker volume create traefik_traefik-ssl
-    - mkdir -p /srv/docker/volumes/traefik-dynamic-conf/_data
+    - docker volume create  traefik_traefik-dynamic-conf
     - cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/traefik-traefik-ssl/_data
-    - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/traefik-traefik-ssl/_data
+    - cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/traefik_traefik-ssl/_data
-    - cp traefik-files/traefik.yml /srv/docker/volumes/traefik-conf/_data/traefik.yml
+    - cp traefik-files/traefik.yml /usr/lcal/etc/traefik/traefik.yml
-    - cp traefik-files/certificates.yml /srv/docker/volumes/traefik-dynamic-conf/_data/certificates.yml
+    - cp traefik-files/certificates.yml /srv/docker/volumes/traefik_traefik-dynamic-conf/_data/certificates.yml
     - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
     - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
     - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi

Dockerfile

@@ -14,7 +14,7 @@ RUN mkdir -p /usr/local/share/vault-wrap && mkdir -p /var/log/vault-wrap
 
 WORKDIR /usr/bin
 
-COPY --from=build /app/bin /go/bin
+COPY --from=build /app/bin/vault-wrap /go/bin/vault-wrap
 
 
 COPY entrypoint.sh .

docker-compose.yml

@@ -5,7 +5,7 @@ services:
     # $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
     image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
     environment:
-      - ACTION_ADDRESS=${ACTION_ADDRESS}
+      - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
       - VAULT_ADDRESS=${VAULT_ADDRESS}
       - LISTEN_PORT=443
       - TLS_KEY_FILE=${TLS_KEY_FILE}
@@ -41,10 +41,10 @@ services:
       - --providers.file.directory=/configuration/
       - --providers.file.watch=true
     volumes:
-      - ./configuration/:/configuration/
+      - traefik-dynamic-conf:/configuration/
-      - ./traefik.yml:/traefik.yml:ro
+      - /usr/local/etc/traefik/traefik.yml:/traefik.yml:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./ssl/:/ssl/:ro
+      - traefik-ssl:/ssl/:ro
     ports:
       - 80:80
       - 8080:8080
@@ -72,3 +72,5 @@ networks:
 volumes:
   vault-wrap-log:
   vault-wrap-conf:
+  traefik-conf:
+  traefik-ssl: