tec3/ublue-forge
tec3/ublue-forge
1
0
Fork 0
mirror of https://github.com/ublue-os/forge.git synced 2025-04-18 20:43:43 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

chore: Merge pull request #9 from ublue-os/tepene/rvproxy

Browse source 
reverse proxy
This commit is contained in:
Stephan Lüscher 2023-04-28 20:05:58 +02:00 committed by GitHub
parent b0ac736de2 aab9df8e04
commit 27ee316ca6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 58 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.vscode/cspell_custom.txt vendored
View file

@ -1,3 +1,4 @@
devcontainer devcontainer
minica minica
rvproxy
ublue ublue

8
README.md
View file

@ -27,12 +27,18 @@ We use a [Minica](https://github.com/jsha/minica) as simple CA to generate a
key pair and a root certificate for `*.ublue.local`. The wildcard certificate is key pair and a root certificate for `*.ublue.local`. The wildcard certificate is
then made available to all other components and are valid for 2 years and 30 days. then made available to all other components and are valid for 2 years and 30 days.
### Reverse Proxy
As an entry point for all components we use [Caddy](https://caddyserver.com/) as
a reverse proxy. Based on URL routing it will redirect the traffic to the
right container instance.
### Container Registry ### Container Registry
As container registry we make use of the [Docker Registry 2.0](https://hub.docker.com/_/registry/) As container registry we make use of the [Docker Registry 2.0](https://hub.docker.com/_/registry/)
implementation for storing and distributing container images implementation for storing and distributing container images
The container registry is available at `registry.ublue.local:9001` The container registry is available at `registry.ublue.local`
## Firing Up the Forge ## Firing Up the Forge

18
forge-pod.yml
View file

@ -10,10 +10,26 @@ spec:
- name: ublue-os_forge-minica-pvc - name: ublue-os_forge-minica-pvc
persistentVolumeClaim: persistentVolumeClaim:
claimName: ublue-os_forge-minica claimName: ublue-os_forge-minica
- name: ublue-os_forge-registry-pvc - name: ublue-os_forge-registry-pvc
persistentVolumeClaim: persistentVolumeClaim:
claimName: ublue-os_forge-registry claimName: ublue-os_forge-registry
containers: containers:
- name: rvproxy.ublue.local
image: rvproxy
resources:
limits:
memory: 128Mi
cpu: 200m
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-minica-pvc
ports:
- containerPort: 443
hostPort: 443
protocol: TCP
- name: registry.ublue.local - name: registry.ublue.local
image: registry image: registry
resources: resources:
@ -28,8 +44,8 @@ spec:
name: ublue-os_forge-registry-pvc name: ublue-os_forge-registry-pvc
ports: ports:
- containerPort: 5000 - containerPort: 5000
hostPort: 9001
protocol: TCP protocol: TCP
initContainers: initContainers:
- name: minica.ublue.local - name: minica.ublue.local
image: minica image: minica

28
rvproxy/Caddyfile Normal file
View file

@ -0,0 +1,28 @@
# Global options
{
auto_https disable_certs
persist_config off
}
# Reverse-proxy configuration
*.ublue.local {
## TLS certificates
tls /certs/_.ublue.local/cert.pem /certs/_.ublue.local/key.pem
# container registry
@registry host registry.ublue.local
handle @registry {
reverse_proxy ublue-os_forge-registry.ublue.local:5000 {
transport http {
tls
tls_trusted_ca_certs /certs/minica.pem
}
}
}
# Fallback for otherwise unhandled domains
handle {
respond "Bad hostname" 400
}
}

5
rvproxy/Containerfile Normal file
View file

@ -0,0 +1,5 @@
# Source Image
FROM docker.io/library/caddy:2.6.4-alpine
# Add configuration file
COPY ./Caddyfile /etc/caddy/Caddyfile