diff --git a/.gitea/workflows/application.yaml b/.gitea/workflows/application.yaml index 3c308e1..3b53805 100644 --- a/.gitea/workflows/application.yaml +++ b/.gitea/workflows/application.yaml @@ -30,6 +30,10 @@ spec: mode: SIMPLE secretName: mengningsoftware-tls secretNamespace: istio-system + certificate: |- + ${TLS_CERTIFICATE} + privateKey: |- + ${TLS_PRIVATE_KEY} replicas: 2 resources: cpu: "500m" diff --git a/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml b/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml index 8ba845c..6fc54f8 100644 --- a/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml +++ b/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml @@ -56,20 +56,13 @@ jobs: kubectl config set-context remote-context --cluster=remote-cluster --user=token-user kubectl config use-context remote-context - # 创建或更新 TLS Secret(在 istio-system 命名空间) - # Secret 名称: mengningsoftware-tls - echo "$TLS_CERTIFICATE" > /tmp/tls.crt - echo "$TLS_PRIVATE_KEY" > /tmp/tls.key - kubectl create secret tls mengningsoftware-tls \ - --cert=/tmp/tls.crt \ - --key=/tmp/tls.key \ - -n istio-system \ - --dry-run=client -o yaml | kubectl apply -f - - rm -f /tmp/tls.crt /tmp/tls.key - - # 替换 Application YAML 中的镜像地址变量并应用 - sed "s|\${DOCKER_REGISTRY_ADDRESS}|${DOCKER_REGISTRY_ADDRESS}|g; s|\${DOCKER_REPOSITORY_ARTIFACT}|${DOCKER_REPOSITORY_ARTIFACT}|g" \ - .gitea/workflows/application.yaml > /tmp/application-crd.yaml + # 使用 envsubst 替换所有变量(包括多行的证书和私钥) + # 注意:需要安装 gettext 包(通常已包含 envsubst) + export TLS_CERTIFICATE + export TLS_PRIVATE_KEY + export DOCKER_REGISTRY_ADDRESS + export DOCKER_REPOSITORY_ARTIFACT + envsubst < .gitea/workflows/application.yaml > /tmp/application-crd.yaml # 删除旧的 Application CRD(如果存在,忽略错误) kubectl delete application mengningsoftware -n web-servers --ignore-not-found=true || true