[ci skip] Fix pull-through cache for all registries

Replace deprecated wildcard containerd mirror with per-registry config_path approach. Add proxy containers for ghcr.io, quay.io, registry.k8s.io, and reg.kyverno.io on the docker-registry VM. Set static IP for docker-registry VM to avoid DHCP issues.
2026-02-14 13:09:03 +00:00 · 2026-02-14 13:09:03 +00:00 · 36d32b49e7
commit 36d32b49e7
parent 163d6a728d
6 changed files with 184 additions and 6 deletions
--- a/modules/create-vm/main.tf
+++ b/modules/create-vm/main.tf
@ -30,6 +30,10 @@ variable "vlan_tag" {
  type    = string
  default = null
 }
+variable "ipconfig0" {
+  type    = string
+  default = "ip=dhcp,ip6=dhcp"
+}

 resource "proxmox_vm_qemu" "cloudinit-vm" {
  vmid             = var.vmid
@ -48,7 +52,7 @@ resource "proxmox_vm_qemu" "cloudinit-vm" {
  cicustom           = "vendor=local:snippets/${var.cisnippet_name}"
  ciupgrade          = true
  nameserver         = "1.1.1.1 8.8.8.8"
-  ipconfig0          = "ip=dhcp,ip6=dhcp"
+  ipconfig0          = var.ipconfig0
  skip_ipv6          = true
  ciuser             = "root"
  cipassword         = "root"
--- a/modules/docker-registry/config-proxy.yaml.tpl
+++ b/modules/docker-registry/config-proxy.yaml.tpl
@ -0,0 +1,29 @@
+version: 0.1
+log:
+  fields:
+    service: registry-${name}
+storage:
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /var/lib/registry
+    maxsize: 5GiB
+  delete:
+    enabled: true
+  maintenance:
+    uploadpurging:
+      enabled: true
+      age: 24h
+      interval: 4h
+      dryrun: false
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options: [nosniff]
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3
+proxy:
+  remoteurl: ${remote_url}