From 9ad4f481dc5f23838f67cfe058ee89edfaf32884 Mon Sep 17 00:00:00 2001 From: panshuxiao Date: Tue, 9 Dec 2025 13:43:01 +0800 Subject: [PATCH] =?UTF-8?q?ci-cd=E4=BD=BF=E7=94=A8crd=20yaml=E5=AE=8C?= =?UTF-8?q?=E6=88=90=E6=9B=B4=E6=96=B0mengning.com.cn?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/application.yaml | 52 +++++++++++++++++++ .../mengningsoftware-docs-ci-cd.yaml | 38 +++++++++++--- 2 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 .gitea/workflows/application.yaml diff --git a/.gitea/workflows/application.yaml b/.gitea/workflows/application.yaml new file mode 100644 index 0000000..9b5a6f7 --- /dev/null +++ b/.gitea/workflows/application.yaml @@ -0,0 +1,52 @@ +apiVersion: application.devstar.cn/v1 +kind: Application +metadata: + name: mengningsoftware + namespace: web-servers + labels: + app.kubernetes.io/component: web-server + app.kubernetes.io/managed-by: devstar + app.kubernetes.io/name: mengningsoftware +spec: + environment: + NGINX_VERSION: "1.24.0" + expose: true + networkPolicy: + gateway: + enabled: true + hosts: + - "mengning.com.cn" + ports: + - name: http + number: 80 + protocol: HTTP + - name: https + number: 443 + protocol: HTTPS + tls: + - hosts: + - "mengning.com.cn" + minProtocolVersion: "TLSv1_2" + mode: SIMPLE + secretName: mengningsoftware-tls + secretNamespace: istio-system + replicas: 2 + resources: + cpu: "500m" + memory: "512Mi" + service: + enabled: true + type: ClusterIP + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + template: + type: stateless + image: ${DOCKER_REGISTRY_ADDRESS}/${DOCKER_REPOSITORY_ARTIFACT}:${DOCKER_IMAGE_TAG} + ports: + - name: http + port: 80 + protocol: TCP + diff --git a/.gitea/workflows/mengningsoftware-docs-ci-cd.yaml b/.gitea/workflows/mengningsoftware-docs-ci-cd.yaml index f79a529..fea0a4d 100644 --- a/.gitea/workflows/mengningsoftware-docs-ci-cd.yaml +++ b/.gitea/workflows/mengningsoftware-docs-ci-cd.yaml @@ -37,12 +37,18 @@ jobs: - name: 登录 Docker Registry 并推送镜像 run: | echo "${{ secrets.DOCKER_REGISTRY_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_REGISTRY_USERNAME }} ${{ vars.DOCKER_REGISTRY_ADDRESS }} --password-stdin - docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/devstar/devstar-studio-docs:${{ gitea.sha }} - docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/devstar/devstar-studio-docs:latest - docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/devstar/devstar-studio-docs:${{ gitea.sha }} - docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/devstar/devstar-studio-docs:latest + docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:${{ gitea.sha }} + docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest + docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:${{ gitea.sha }} + docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest - - name: 📝 Update mengning.com.cn + - name: 📝 Update mengning.com.cn(通过删除/创建 Application CRD) + env: + DOCKER_REGISTRY_ADDRESS: ${{ vars.DOCKER_REGISTRY_ADDRESS }} + DOCKER_REPOSITORY_ARTIFACT: ${{ vars.DOCKER_REPOSITORY_ARTIFACT }} + DOCKER_IMAGE_TAG: ${{ gitea.sha }} + TLS_CERTIFICATE: ${{ secrets.TLS_CERTIFICATE }} + TLS_PRIVATE_KEY: ${{ secrets.TLS_PRIVATE_KEY }} run: | curl -LO https://mirrors.ustc.edu.cn/kubernetes/core%3A/stable%3A/v1.28/deb/amd64/kubectl_1.28.0-1.1_amd64.deb sudo dpkg -i kubectl_1.28.0-1.1_amd64.deb @@ -50,4 +56,24 @@ jobs: kubectl config set-credentials token-user --token=${{ secrets.K8S_TOKEN }} kubectl config set-context remote-context --cluster=remote-cluster --user=token-user kubectl config use-context remote-context - kubectl set image deployment/devstar-docs-app devstar-docs=${{ vars.DOCKER_REGISTRY_ADDRESS }}/devstar/devstar-studio-docs:latest -n app \ No newline at end of file + + # 创建或更新 TLS Secret + # Secret 名称: mengningsoftware-tls + echo "$TLS_CERTIFICATE" > /tmp/tls.crt + echo "$TLS_PRIVATE_KEY" > /tmp/tls.key + kubectl create secret tls mengningsoftware-tls \ + --cert=/tmp/tls.crt \ + --key=/tmp/tls.key \ + -n istio-system \ + --dry-run=client -o yaml | kubectl apply -f - + rm -f /tmp/tls.crt /tmp/tls.key + + # 替换 Application YAML 中的镜像地址变量并应用 + sed "s|\${DOCKER_REGISTRY_ADDRESS}|${DOCKER_REGISTRY_ADDRESS}|g; s|\${DOCKER_REPOSITORY_ARTIFACT}|${DOCKER_REPOSITORY_ARTIFACT}|g; s|\${DOCKER_IMAGE_TAG}|${DOCKER_IMAGE_TAG}|g" \ + .gitea/workflows/application.yaml > /tmp/application-crd.yaml + + # 删除旧的 Application CRD(如果存在,忽略错误) + kubectl delete application mengningsoftware -n web-servers --ignore-not-found=true || true + + # 创建新的 Application CRD + kubectl apply -f /tmp/application-crd.yaml \ No newline at end of file -- 2.49.1