This is the Kubernetes Ingress Controller for Caddy. It includes functionality
for monitoring Ingress
resources on a Kubernetes cluster and includes support
for providing automatic HTTPS certificates for all hostnames defined in ingress
resources that it is managing.
In the charts
folder a Helm Chart is provided to make installing the Caddy
Ingress Controller on a Kubernetes cluster straight forward. To install the
Caddy Ingress Controller adhere to the following steps:
- Create a new namespace in your cluster to isolate all Caddy resources.
kubectl create namespace caddy-system
- Install the Helm Chart.
helm install \
--namespace=caddy-system \
--repo https://caddyserver.github.io/ingress/ \
--atomic \
--set image.tag=latest \
mycaddy \
caddy-ingress-controller
The helm chart create a service of type LoadBalancer
in the caddy-system
namespace on your cluster. You'll want to set any DNS records for accessing this
cluster to the external IP address of this LoadBalancer
when the external IP
is provisioned by your cloud provider.
You can get the external IP address with kubectl get svc -n caddy-system
To view any logs generated by Caddy or the Ingress Controller you can view the pod logs of the Caddy Ingress Controller.
Get the pod name with:
kubectl get pods -n caddy-system
View the pod logs:
kubectl logs <pod-name> -n caddy-system
To enable automatic https via ingress controller using Let's Encrypt you can set
the argument ingressController.autotls=true
and the email to use
ingressController.email=your@email.com
on the caddy ingress controller helm
chart values.
Example:
--set ingressController.autotls=true
--set ingressController.email=your@email.com
when you execute the helm-chart installation.
If you would like to disable automatic HTTPS for a specific host and use your own certificates you can create a new TLS secret in Kubernetes and define what certificates to use when serving your application on the ingress resource.
Example:
Create TLS secret mycerts
, where ./tls.key
and ./tls.crt
are valid
certificates for test.com
.
kubectl create secret tls mycerts --key ./tls.key --cert ./tls.crt
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example
annotations:
kubernetes.io/ingress.class: caddy
spec:
rules:
- host: test.com
http:
paths:
- path: /
backend:
serviceName: test
servicePort: 8080
tls:
- hosts:
- test.com
secretName: mycerts # use mycerts for host test.com