diff --git a/runner/deployment.yaml b/runner/deployment.yaml
index ea2e404..83a6d44 100644
--- a/runner/deployment.yaml
+++ b/runner/deployment.yaml
@@ -18,7 +18,7 @@ spec:
       nodeSelector:
         role: system
       hostAliases:
-        - ip: 10.245.189.80
+        - ip: 127.0.0.1
           hostnames:
             - git.lunarfront.tech
       containers:
@@ -55,6 +55,19 @@ spec:
             - name: runner-data
               mountPath: /data
 
+        - name: registry-proxy
+          image: haproxy:alpine
+          resources:
+            requests:
+              cpu: 10m
+              memory: 16Mi
+            limits:
+              cpu: 100m
+              memory: 64Mi
+          volumeMounts:
+            - name: haproxy-config
+              mountPath: /usr/local/etc/haproxy
+
         - name: dind
           image: docker:dind
           securityContext:
@@ -78,3 +91,6 @@ spec:
         - name: runner-data
           persistentVolumeClaim:
             claimName: gitea-runner-data
+        - name: haproxy-config
+          configMap:
+            name: runner-haproxy-config
diff --git a/runner/haproxy-configmap.yaml b/runner/haproxy-configmap.yaml
new file mode 100644
index 0000000..1b1d0bd
--- /dev/null
+++ b/runner/haproxy-configmap.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: runner-haproxy-config
+  namespace: runner
+data:
+  haproxy.cfg: |
+    global
+      daemon
+      log stdout format raw local0
+
+    defaults
+      mode tcp
+      log global
+      timeout connect 5s
+      timeout client 30s
+      timeout server 30s
+
+    frontend registry
+      bind 0.0.0.0:443
+      default_backend nginx
+
+    backend nginx
+      server nginx ingress-nginx-controller.ingress-nginx.svc.cluster.local:443 send-proxy