chore: Merge pull request #9 from ublue-os/tepene/rvproxy

reverse proxy

.vscode/cspell_custom.txt

@@ -1,3 +1,4 @@
 devcontainer
 minica
+rvproxy
 ublue

README.md

@@ -27,12 +27,18 @@ We use a [Minica](https://github.com/jsha/minica) as simple CA to generate a
 key pair and a root certificate for `*.ublue.local`. The wildcard certificate is
 then made available to all other components and are valid for 2 years and 30 days.
 
+### Reverse Proxy
+
+As an entry point for all components we use [Caddy](https://caddyserver.com/) as
+a reverse proxy. Based on URL routing it will redirect the traffic to the
+right container instance.
+
 ### Container Registry
 
 As container registry we make use of the [Docker Registry 2.0](https://hub.docker.com/_/registry/)
 implementation for storing and distributing container images
 
-The container registry is available at `registry.ublue.local:9001`
+The container registry is available at `registry.ublue.local`
 
 ## Firing Up the Forge
 

forge-pod.yml

@@ -10,10 +10,26 @@ spec:
     - name: ublue-os_forge-minica-pvc
       persistentVolumeClaim:
         claimName: ublue-os_forge-minica
+
     - name: ublue-os_forge-registry-pvc
       persistentVolumeClaim:
         claimName: ublue-os_forge-registry
+
   containers:
+    - name: rvproxy.ublue.local
+      image: rvproxy
+      resources:
+        limits:
+          memory: 128Mi
+          cpu: 200m
+      volumeMounts:
+        - mountPath: /certs
+          name: ublue-os_forge-minica-pvc
+      ports:
+        - containerPort: 443
+          hostPort: 443
+          protocol: TCP
+
     - name: registry.ublue.local
       image: registry
       resources:
@@ -28,8 +44,8 @@ spec:
           name: ublue-os_forge-registry-pvc
       ports:
         - containerPort: 5000
-          hostPort: 9001
           protocol: TCP
+
   initContainers:
     - name: minica.ublue.local
       image: minica

rvproxy/Caddyfile

@@ -0,0 +1,28 @@
+# Global options
+{
+        auto_https disable_certs
+        persist_config off
+}
+
+# Reverse-proxy configuration
+*.ublue.local {
+        ## TLS certificates
+        tls /certs/_.ublue.local/cert.pem /certs/_.ublue.local/key.pem
+
+        # container registry
+        @registry host registry.ublue.local
+
+        handle @registry {
+                reverse_proxy ublue-os_forge-registry.ublue.local:5000 {
+                        transport http {
+                                tls
+                                tls_trusted_ca_certs /certs/minica.pem
+                        }
+                }
+        }
+
+        # Fallback for otherwise unhandled domains
+        handle {
+                respond "Bad hostname" 400
+        }
+}

rvproxy/Containerfile

@@ -0,0 +1,5 @@
+# Source Image
+FROM docker.io/library/caddy:2.6.4-alpine
+
+# Add configuration file
+COPY ./Caddyfile /etc/caddy/Caddyfile