studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(build): mTLS for buildkitd + public exposure via TLS passthrough

Browse Source 
cert-manager self-signed CA issues server and client certs for BuildKit
mTLS. Buildkitd serves TLS on its ClusterIP (hostNetwork removed) and
is publicly reachable at build.DOMAIN_SUFFIX:443 through Pingora's new
SNI-based TLS passthrough router. Clients authenticate with the client
certificate from the buildkitd-client-tls secret.
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-26 14:23:56 +00:00
parent 632099893a
commit 33f0e44545
5 changed files with 149 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
base/build/kustomization.yaml
View File

@@ -3,5 +3,6 @@ kind: Kustomization
resources:
- namespace.yaml
- buildkitd-mtls.yaml
- buildkitd-deployment.yaml
- buildkitd-service.yaml