Skip to content

Instantly share code, notes, and snippets.

@caruccio
Last active May 17, 2024 12:32
Show Gist options
  • Save caruccio/340c162c0ce52902faf605ea9780aecf to your computer and use it in GitHub Desktop.
Save caruccio/340c162c0ce52902faf605ea9780aecf to your computer and use it in GitHub Desktop.
Caddy insecure tls reverse proxy

This example shows how to access an insecure tls server using a reverse proxy

$ cat insecure-proxy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: prom-proxy
  name: prom-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prom-proxy
  template:
    metadata:
      labels:
        app: prom-proxy
    spec:
      containers:
      - image: caddy
        name: caddy
        ports:
        - containerPort: 9091
        volumeMounts:
        - name: caddyfile
          mountPath: /etc/caddy
      volumes:
      - configMap:
          name: caddyfile
        name: caddyfile
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: caddyfile
data:
  Caddyfile: |
    {
      debug
      admin off
      log {
        output stdout
        format json
      }
    }

    :9091 {
      reverse_proxy {
        to https://prometheus-k8s.openshift-monitoring.svc.cluster.local:9091
        transport http {
                tls
                tls_insecure_skip_verify
        }
      }
    }
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: prom-proxy
  name: prom-proxy
spec:
  ports:
  - name: http
    port: 9091
    protocol: TCP
    targetPort: 9091
  selector:
    app: prom-proxy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment