diff --git a/forge-pod.yml b/forge-pod.yml index 145f9e8..4e466f2 100644 --- a/forge-pod.yml +++ b/forge-pod.yml @@ -10,10 +10,26 @@ spec: - name: ublue-os_forge-minica-pvc persistentVolumeClaim: claimName: ublue-os_forge-minica + - name: ublue-os_forge-registry-pvc persistentVolumeClaim: claimName: ublue-os_forge-registry + containers: + - name: rvproxy.ublue.local + image: rvproxy + resources: + limits: + memory: 128Mi + cpu: 200m + volumeMounts: + - mountPath: /certs + name: ublue-os_forge-minica-pvc + ports: + - containerPort: 443 + hostPort: 443 + protocol: TCP + - name: registry.ublue.local image: registry resources: @@ -28,8 +44,8 @@ spec: name: ublue-os_forge-registry-pvc ports: - containerPort: 5000 - hostPort: 9001 protocol: TCP + initContainers: - name: minica.ublue.local image: minica diff --git a/rvproxy/Caddyfile b/rvproxy/Caddyfile new file mode 100644 index 0000000..76cb80e --- /dev/null +++ b/rvproxy/Caddyfile @@ -0,0 +1,28 @@ +# Global options +{ + auto_https disable_certs + persist_config off +} + +# Reverse-proxy configuration +*.ublue.local { + ## TLS certificates + tls /certs/_.ublue.local/cert.pem /certs/_.ublue.local/key.pem + + # container registry + @registry host registry.ublue.local + + handle @registry { + reverse_proxy ublue-os_forge-registry.ublue.local:5000 { + transport http { + tls + tls_trusted_ca_certs /certs/minica.pem + } + } + } + + # Fallback for otherwise unhandled domains + handle { + respond "Bad hostname" 400 + } +} \ No newline at end of file diff --git a/rvproxy/Containerfile b/rvproxy/Containerfile new file mode 100644 index 0000000..e8171f9 --- /dev/null +++ b/rvproxy/Containerfile @@ -0,0 +1,5 @@ +# Source Image +FROM docker.io/library/caddy:2.6.4-alpine + +# Add configuration file +COPY ./Caddyfile /etc/caddy/Caddyfile