# SSL Certificate for registry.nge6.com apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: registry-certificate namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: registry-tls namespace: emissary spec: secretName: registry-tls issuerRef: name: letsencrypt-dns kind: ClusterIssuer dnsNames: - registry.nge6.com --- # Ambassador Host for registry.nge6.com apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: registry-host namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: getambassador.io/v2 kind: Host metadata: name: registry-host namespace: emissary annotations: external-dns.ambassador-service: emissary-ingress.emissary.svc.cluster.local external-dns.alpha.kubernetes.io/target: 212.2.241.28 spec: hostname: registry.nge6.com tlsSecret: name: registry-tls tlsContext: name: registry-mtls --- # TLSContext for mTLS - requires client certificates apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: registry-tls-context namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: getambassador.io/v2 kind: TLSContext metadata: name: registry-mtls namespace: emissary spec: hosts: - registry.nge6.com secret: registry-tls ca_secret: registry-client-ca cert_required: true min_tls_version: v1.2 max_tls_version: v1.2 --- # Ambassador Mapping for registry - direct to Forgejo, no Pomerium apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: name: registry-mapping namespace: crossplane-system spec: providerConfigRef: name: kubernetes-provider forProvider: manifest: apiVersion: getambassador.io/v2 kind: Mapping metadata: name: registry-mapping namespace: emissary spec: host: registry.nge6.com prefix: / service: http://forgejo-http.forgejo.svc.cluster.local:3000 timeout_ms: 300000 connect_timeout_ms: 10000