roger/k3s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
k3s-cluster/gitea/registry-ingress.yaml
Roger Oriol 3f3467cb13 gitea registry ingress
2026-06-27 11:46:53 +02:00

43 lines
1.4 KiB
YAML
Raw Permalink Blame History

# Dedicated DNS-only hostname for the Gitea container registry.
#
# WHY: Docker registry pushes can't go through the Cloudflare proxy, which caps
# request bodies at 100 MB (413 Payload Too Large). `registry.rogi.casa` is a
# DNS-only (grey-cloud) record in Cloudflare pointing straight at the cluster,
# so Traefik serves it directly with a Let's Encrypt cert (HTTP-01). Git traffic
# on `git.rogi.casa` stays behind the Cloudflare proxy untouched.
#
# Cloudflare setup:
# A registry.rogi.casa <cluster-public-IP> DNS-only (grey cloud)
#
# Push with:
# docker login registry.rogi.casa -u <gitea-user>
# docker tag git.rogi.casa/roger/hermes-agent:v1.35-1 registry.rogi.casa/roger/hermes-agent:v1.35-1
# docker push registry.rogi.casa/roger/hermes-agent:v1.35-1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea-registry
namespace: gitea
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
# Allow large docker layer uploads (no upstream body-size cap from Traefik).
traefik.ingress.kubernetes.io/buffering: |
maxRequestBodyBytes: 0
spec:
ingressClassName: traefik
tls:
- hosts:
- registry.rogi.casa
secretName: gitea-registry-tls
rules:
- host: registry.rogi.casa
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitea
port:
number: 80
Reference in New Issue View Git Blame Copy Permalink