我试图在Kubernetes上配置CI与Gitlab和Google Cloud,我被困在让我们加密证书创建上。我有两个集群用于两个环境:
- 环境范围:
production-用于生产实例 - 环境范围:
*-用于分级和评审实例
部署后,我配置了一个入口服务,我声明了端点:staging.my-domain.com和第二个端点,这对我来说是个谜:le-23830502.my-domain.com。第二台主机在两个环境中是相等的-阶段和生产,当我试图生成证书时,我只能为一个环境生成证书(因为第二个acme挑战永远不会通过,因为我不能在DNS上指向一个子域上的两个不同的ip地址)。
有谁知道那是什么宿主吗?在哪里配置,我可以禁用它或使它在不同的环境中是唯一的吗?
我注意到这是我的项目id从gitlab与le-前缀。我还发现了2个环境变量($ADDITIONAL_HOSTS和$ENVIRONMENT_ADDITIONAL_HOSTS),用于为入口添加另一个主机地址,但那个仍然存在。
分段部署:
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
staging 1/1 1 1 6d3h
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
staging-69d9fb68cc-85prp 1/1 Running 0 13s
staging-744bfc8cc5-jc5w9 1/1 Terminating 0 22h
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
staging-auto-deploy ClusterIP 10.116.8.120 <none> 3030/TCP 6d3h
==> v1beta1/Ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
staging-auto-deploy <none> staging.my-domain.com,le-23830502.my-domain.com 34.121.X.X 80, 443 6d3h
Prod部署:
RESOURCES:
==> v1/Deployment
NAME READY UP-TO-DATE AVAILABLE AGE
production 1/1 1 1 26h
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
production-77d9fbdf45-ps6xg 0/1 Terminating 6 10m
production-c7849868f-djhhk 1/1 Running 0 18s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
production-auto-deploy ClusterIP 10.27.15.197 <none> 3030/TCP 26h
==> v1beta1/Ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
production-auto-deploy <none> prod.my-domain.com,le-23830502.my-domain.com 34.69.X.X 80, 443 26h
.gitlab-ci.yaml:
include:
- template: Auto-DevOps.gitlab-ci.yml
test:
variables:
DB_URL: "mongodb://mongo:27017/kubernetes-poc-app"
services:
- name: mongo:4.4.3
alias: mongo
stage: test
image: gliderlabs/herokuish:latest
needs: []
script:
- cp -R . /tmp/app
- /bin/herokuish buildpack test
rules:
- if: '$TEST_DISABLED'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
.production: &production_template
extends: .auto-deploy
stage: production
script:
- auto-deploy check_kube_domain
- auto-deploy download_chart
- auto-deploy ensure_namespace
- auto-deploy initialize_tiller
- auto-deploy create_secret
- auto-deploy deploy
- auto-deploy delete canary
- auto-deploy delete rollout
- auto-deploy persist_environment_url
environment:
name: production
url: http://prod.$KUBE_INGRESS_BASE_DOMAIN
artifacts:
paths: [environment_url.txt, tiller.log]
when: always
production:
<<: *production_template
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$STAGING_ENABLED'
when: never
- if: '$CANARY_ENABLED'
when: never
- if: '$INCREMENTAL_ROLLOUT_ENABLED'
when: never
- if: '$INCREMENTAL_ROLLOUT_MODE'
when: never
- if: '$CI_COMMIT_BRANCH == "master"'
staging:
extends: .auto-deploy
stage: staging
variables:
DATABASE_URL: "here should be url"
DATABASE_NAME: "here should be name"
script:
- auto-deploy check_kube_domain
- auto-deploy download_chart
- auto-deploy ensure_namespace
- auto-deploy initialize_tiller
- auto-deploy create_secret
- auto-deploy deploy
- auto-deploy persist_environment_url
artifacts:
paths: [ environment_url.txt, tiller.log ]
when: always
environment:
name: staging
url: http://staging.$KUBE_INGRESS_BASE_DOMAIN
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$CI_COMMIT_BRANCH != "develop"'
when: never
- if: '$STAGING_ENABLED'
review:
extends: .auto-deploy
stage: review
script:
- auto-deploy check_kube_domain
- auto-deploy download_chart
- auto-deploy ensure_namespace
- auto-deploy initialize_tiller
- auto-deploy create_secret
- auto-deploy deploy
- auto-deploy persist_environment_url
environment:
name: review/$CI_COMMIT_REF_NAME
url: http://review.$KUBE_INGRESS_BASE_DOMAIN
on_stop: stop_review
artifacts:
paths: [environment_url.txt, tiller.log]
when: always
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "develop"'
when: never
- if: '$REVIEW_DISABLED'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
when: manual
allow_failure: true
stop_review:
extends: .auto-deploy
stage: cleanup
variables:
GIT_STRATEGY: none
script:
- auto-deploy initialize_tiller
- auto-deploy delete
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
allow_failure: true
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "develop"'
when: never
- if: '$REVIEW_DISABLED'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
when: manual
如果需要删除已添加的le-1234567域,则需要修改入口。yaml模板。
你可以在这里找到它:https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image/-/blob/master/assets/auto-deploy-app/templates/ingress.yaml
你可以fork这个项目,并构建新的图像,或者你可以按照下面的指南添加你自己的图表:https://docs.gitlab.com/ee/topics/autodevops/customize.html custom-helm-chart
下面是我如何修改rails应用程序的一个例子:https://gitlab.com/leifcr/auto-deploy-image-rails/-/blob/master/assets/auto-deploy-app/templates/ingress.yaml
如果您有多个项目都需要相同的配置,我建议更改图像以适应您的需求。如果只有一个,请添加一个捆绑图表。