0

我正在尝试使用 Gitlab 和 Google Cloud 在 Kubernetes 上配置 CI,但我坚持创建 Let's Encrypt 证书。我有 2 个集群用于 2 个环境:

  1. 环境范围:production- 用于生产实例
  2. 环境范围:*- 用于暂存和审查实例

部署后,我配置了一个带有我声明的端点的入口服务:staging.my-domain.com第二个对我来说是个谜:le-23830502.my-domain.com. 第二台主机在两个环境中是相等的 - 登台和生产,当我尝试生成证书时,我只能为一个环境做这件事(因为第二个 acme 挑战永远不会通过,因为我不能指向两个不同的 DNS一个子域上的 IP 地址)。

有谁知道这个主机是什么?在哪里配置,我可以禁用它还是让它在不同的环境中独一无二?

我注意到这是我来自 gitlab 的带有le-前缀的项目 ID。我还发现 2 个环境变量 ($ADDITIONAL_HOSTS$ENVIRONMENT_ADDITIONAL_HOSTS) 用于为 Ingress 添加另一个主机地址,但那个仍然存在。

分期部署:

RESOURCES:
==> v1/Deployment
NAME     READY  UP-TO-DATE  AVAILABLE  AGE
staging  1/1    1           1          6d3h
==> v1/Pod(related)
NAME                      READY  STATUS       RESTARTS  AGE
staging-69d9fb68cc-85prp  1/1    Running      0         13s
staging-744bfc8cc5-jc5w9  1/1    Terminating  0         22h
==> v1/Service
NAME                 TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)   AGE
staging-auto-deploy  ClusterIP  10.116.8.120  <none>       3030/TCP  6d3h
==> v1beta1/Ingress
NAME                 CLASS   HOSTS                                              ADDRESS        PORTS    AGE
staging-auto-deploy  <none>  staging.my-domain.com,le-23830502.my-domain.com    34.121.X.X     80, 443  6d3h

产品部署:

RESOURCES:
==> v1/Deployment
NAME        READY  UP-TO-DATE  AVAILABLE  AGE
production  1/1    1           1          26h
==> v1/Pod(related)
NAME                         READY  STATUS       RESTARTS  AGE
production-77d9fbdf45-ps6xg  0/1    Terminating  6         10m
production-c7849868f-djhhk   1/1    Running      0         18s
==> v1/Service
NAME                    TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)   AGE
production-auto-deploy  ClusterIP  10.27.15.197  <none>       3030/TCP  26h
==> v1beta1/Ingress
NAME                    CLASS   HOSTS                                           ADDRESS      PORTS    AGE
production-auto-deploy  <none>  prod.my-domain.com,le-23830502.my-domain.com    34.69.X.X    80, 443  26h

.gitlab-ci.yaml:

include:
  - template: Auto-DevOps.gitlab-ci.yml

test:
  variables:
    DB_URL: "mongodb://mongo:27017/kubernetes-poc-app"
  services:
    - name: mongo:4.4.3
      alias: mongo
  stage: test
  image: gliderlabs/herokuish:latest
  needs: []
  script:
    - cp -R . /tmp/app
    - /bin/herokuish buildpack test
  rules:
    - if: '$TEST_DISABLED'
      when: never
    - if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'

.production: &production_template
  extends: .auto-deploy
  stage: production
  script:
    - auto-deploy check_kube_domain
    - auto-deploy download_chart
    - auto-deploy ensure_namespace
    - auto-deploy initialize_tiller
    - auto-deploy create_secret
    - auto-deploy deploy
    - auto-deploy delete canary
    - auto-deploy delete rollout
    - auto-deploy persist_environment_url
  environment:
    name: production
    url: http://prod.$KUBE_INGRESS_BASE_DOMAIN
  artifacts:
    paths: [environment_url.txt, tiller.log]
    when: always

production:
  <<: *production_template
  rules:
    - if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
      when: never
    - if: '$STAGING_ENABLED'
      when: never
    - if: '$CANARY_ENABLED'
      when: never
    - if: '$INCREMENTAL_ROLLOUT_ENABLED'
      when: never
    - if: '$INCREMENTAL_ROLLOUT_MODE'
      when: never
    - if: '$CI_COMMIT_BRANCH == "master"'

staging:
  extends: .auto-deploy
  stage: staging
  variables:
    DATABASE_URL: "here should be url"
    DATABASE_NAME: "here should be name"
  script:
    - auto-deploy check_kube_domain
    - auto-deploy download_chart
    - auto-deploy ensure_namespace
    - auto-deploy initialize_tiller
    - auto-deploy create_secret
    - auto-deploy deploy
    - auto-deploy persist_environment_url
  artifacts:
    paths: [ environment_url.txt, tiller.log ]
    when: always
  environment:
    name: staging
    url: http://staging.$KUBE_INGRESS_BASE_DOMAIN
  rules:
    - if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
      when: never
    - if: '$CI_COMMIT_BRANCH != "develop"'
      when: never
    - if: '$STAGING_ENABLED'

review:
  extends: .auto-deploy
  stage: review
  script:
    - auto-deploy check_kube_domain
    - auto-deploy download_chart
    - auto-deploy ensure_namespace
    - auto-deploy initialize_tiller
    - auto-deploy create_secret
    - auto-deploy deploy
    - auto-deploy persist_environment_url
  environment:
    name: review/$CI_COMMIT_REF_NAME
    url: http://review.$KUBE_INGRESS_BASE_DOMAIN
    on_stop: stop_review
  artifacts:
    paths: [environment_url.txt, tiller.log]
    when: always
  rules:
    - if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
      when: never
    - if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "develop"'
      when: never
    - if: '$REVIEW_DISABLED'
      when: never
    - if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
      when: manual
      allow_failure: true

stop_review:
  extends: .auto-deploy
  stage: cleanup
  variables:
    GIT_STRATEGY: none
  script:
    - auto-deploy initialize_tiller
    - auto-deploy delete
  environment:
    name: review/$CI_COMMIT_REF_NAME
    action: stop
  allow_failure: true
  rules:
    - if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
      when: never
    - if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "develop"'
      when: never
    - if: '$REVIEW_DISABLED'
      when: never
    - if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
      when: manual
4

1 回答 1

0

如果需要移除添加的 le-1234567 域,则需要修改 ingress.yaml 模板。

你可以在这里找到它: https ://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image/-/blob/master/assets/auto-deploy-app/templates/ingress.yaml

您可以分叉项目并构建新图像,或者您可以按照在此处添加自己的图表的指南: https ://docs.gitlab.com/ee/topics/autodevops/customize.html#custom-helm-chart

这是我如何为我的 Rails 应用程序修改它的示例: https://gitlab.com/leifcr/auto-deploy-image-rails/-/blob/master/assets/auto-deploy-app/templates/ingress。 yaml

如果您有多个项目都需要相同的配置,我建议您更改图像以满足您的需求。如果您只有一个,请添加捆绑图表。

于 2021-10-27T20:07:24.093 回答