vault-wrap: правка скриптов запуска.
This commit is contained in:
svkalinin
parent
7b29cf67b5
commit
fe2716b1c3
|
|
@ -62,7 +62,7 @@ vault_wrap_deploy:
|
|||
<<: *dedicated-runner
|
||||
stage: deploy
|
||||
script:
|
||||
- mkdir -p /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
|
||||
- docker volume create vault-wrap_vault-wrap-conf
|
||||
- cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
|
||||
- cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/vault-wrap_vault-wrap-conf/_data/
|
||||
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
||||
|
|
@ -76,13 +76,13 @@ traefik_deploy:
|
|||
<<: *dedicated-runner
|
||||
stage: deploy
|
||||
script:
|
||||
- mkdir -p /srv/docker/volumes/traefik-conf/_data
|
||||
- mkdir -p /srv/docker/volumes/traefik-traefik-ssl/_data
|
||||
- mkdir -p /srv/docker/volumes/traefik-dynamic-conf/_data
|
||||
- mkdir -p /usr/lcal/etc/traefik
|
||||
- docker volume create traefik_traefik-ssl
|
||||
- docker volume create traefik_traefik-dynamic-conf
|
||||
- cp /etc/ssl/certs/runner1-prod.corp.samsonopt.ru.crt /srv/docker/volumes/traefik-traefik-ssl/_data
|
||||
- cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/traefik-traefik-ssl/_data
|
||||
- cp traefik-files/traefik.yml /srv/docker/volumes/traefik-conf/_data/traefik.yml
|
||||
- cp traefik-files/certificates.yml /srv/docker/volumes/traefik-dynamic-conf/_data/certificates.yml
|
||||
- cp /etc/ssl/private/runner1-prod.corp.samsonopt.ru.key /srv/docker/volumes/traefik_traefik-ssl/_data
|
||||
- cp traefik-files/traefik.yml /usr/lcal/etc/traefik/traefik.yml
|
||||
- cp traefik-files/certificates.yml /srv/docker/volumes/traefik_traefik-dynamic-conf/_data/certificates.yml
|
||||
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
||||
- export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
|
||||
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ RUN mkdir -p /usr/local/share/vault-wrap && mkdir -p /var/log/vault-wrap
|
|||
|
||||
WORKDIR /usr/bin
|
||||
|
||||
COPY --from=build /app/bin /go/bin
|
||||
COPY --from=build /app/bin/vault-wrap /go/bin/vault-wrap
|
||||
|
||||
|
||||
COPY entrypoint.sh .
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ services:
|
|||
# $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
|
||||
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
|
||||
environment:
|
||||
- ACTION_ADDRESS=${ACTION_ADDRESS}
|
||||
- ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
|
||||
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
||||
- LISTEN_PORT=443
|
||||
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
||||
|
|
@ -41,10 +41,10 @@ services:
|
|||
- --providers.file.directory=/configuration/
|
||||
- --providers.file.watch=true
|
||||
volumes:
|
||||
- ./configuration/:/configuration/
|
||||
- ./traefik.yml:/traefik.yml:ro
|
||||
- traefik-dynamic-conf:/configuration/
|
||||
- /usr/local/etc/traefik/traefik.yml:/traefik.yml:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./ssl/:/ssl/:ro
|
||||
- traefik-ssl:/ssl/:ro
|
||||
ports:
|
||||
- 80:80
|
||||
- 8080:8080
|
||||
|
|
@ -72,3 +72,5 @@ networks:
|
|||
volumes:
|
||||
vault-wrap-log:
|
||||
vault-wrap-conf:
|
||||
traefik-conf:
|
||||
traefik-ssl:
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user