From 7ecb775667f1d18432be135b31196e8484a0e95c Mon Sep 17 00:00:00 2001 From: panshuxiao Date: Mon, 8 Dec 2025 14:04:09 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9crd=20yaml=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E4=BD=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/application.yaml | 52 +++++++++++++ .../mengningsoftware-docs-ci-cd-crd.yaml | 73 ++++--------------- 2 files changed, 68 insertions(+), 57 deletions(-) create mode 100644 .gitea/workflows/application.yaml diff --git a/.gitea/workflows/application.yaml b/.gitea/workflows/application.yaml new file mode 100644 index 0000000..3c308e1 --- /dev/null +++ b/.gitea/workflows/application.yaml @@ -0,0 +1,52 @@ +apiVersion: application.devstar.cn/v1 +kind: Application +metadata: + name: mengningsoftware + namespace: web-servers + labels: + app.kubernetes.io/component: web-server + app.kubernetes.io/managed-by: devstar + app.kubernetes.io/name: mengningsoftware +spec: + environment: + NGINX_VERSION: "1.24.0" + expose: true + networkPolicy: + gateway: + enabled: true + hosts: + - "mengning.com.cn" + ports: + - name: http + number: 80 + protocol: HTTP + - name: https + number: 443 + protocol: HTTPS + tls: + - hosts: + - "mengning.com.cn" + minProtocolVersion: "TLSv1_2" + mode: SIMPLE + secretName: mengningsoftware-tls + secretNamespace: istio-system + replicas: 2 + resources: + cpu: "500m" + memory: "512Mi" + service: + enabled: true + type: ClusterIP + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + template: + type: stateless + image: ${DOCKER_REGISTRY_ADDRESS}/${DOCKER_REPOSITORY_ARTIFACT}:latest + ports: + - name: http + port: 80 + protocol: TCP + diff --git a/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml b/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml index 7ec3cb8..8ba845c 100644 --- a/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml +++ b/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml @@ -46,6 +46,8 @@ jobs: env: DOCKER_REGISTRY_ADDRESS: ${{ vars.DOCKER_REGISTRY_ADDRESS }} DOCKER_REPOSITORY_ARTIFACT: ${{ vars.DOCKER_REPOSITORY_ARTIFACT }} + TLS_CERTIFICATE: ${{ secrets.TLS_CERTIFICATE }} + TLS_PRIVATE_KEY: ${{ secrets.TLS_PRIVATE_KEY }} run: | curl -LO https://mirrors.ustc.edu.cn/kubernetes/core%3A/stable%3A/v1.28/deb/amd64/kubectl_1.28.0-1.1_amd64.deb sudo dpkg -i kubectl_1.28.0-1.1_amd64.deb @@ -54,63 +56,20 @@ jobs: kubectl config set-context remote-context --cluster=remote-cluster --user=token-user kubectl config use-context remote-context - # 生成与当前集群中 mengningsoftware Application 一致的 CRD YAML,只更新镜像地址 - cat > /tmp/application-crd.yaml < /tmp/tls.crt + echo "$TLS_PRIVATE_KEY" > /tmp/tls.key + kubectl create secret tls mengningsoftware-tls \ + --cert=/tmp/tls.crt \ + --key=/tmp/tls.key \ + -n istio-system \ + --dry-run=client -o yaml | kubectl apply -f - + rm -f /tmp/tls.crt /tmp/tls.key + + # 替换 Application YAML 中的镜像地址变量并应用 + sed "s|\${DOCKER_REGISTRY_ADDRESS}|${DOCKER_REGISTRY_ADDRESS}|g; s|\${DOCKER_REPOSITORY_ARTIFACT}|${DOCKER_REPOSITORY_ARTIFACT}|g" \ + .gitea/workflows/application.yaml > /tmp/application-crd.yaml # 删除旧的 Application CRD(如果存在,忽略错误) kubectl delete application mengningsoftware -n web-servers --ignore-not-found=true || true