caddy-ingress
Caddy ingress controller for Kubernetes - with Cloudflare support!
10K+
The Caddy K8s Ingress Controller includes functionality for monitoring Ingress resources on a Kubernetes cluster. It is capable of automatically provisioning and renewing SSL/TLS certificates for all hostnames defined in the ingress resources that it is managing.
In the charts folder, a Helm Chart is provided to make installing the Caddy
Ingress Controller on a Kubernetes cluster straightforward. To install the
Caddy Ingress Controller adhere to the following steps:
helm repo add caddy-ingress http://butlergroup.net/caddy-ingress/
kubectl create namespace caddy-system
kubectl create secret generic cloudflare-api-token \
--from-literal=CF_API_TOKEN=your_cloudflare_api_token \
-n caddy-system
helm install caddy-ingress caddy-ingress/caddy-ingress-controller \
--namespace=caddy-system
helm install caddy-ingress caddy-ingress/caddy-ingress-controller \
--namespace=caddy-system \
--set [email protected] \
--set ingressController.config.onDemandTLS=true \
--set ingressController.config.acmeDNSProvider=cloudflare \
--set ingressController.config.acmeDNSResolvers[0]=1.1.1.1 \
--set ingressController.config.permissionEndpoint=http://your-permission-endpoint
Note: Caddy expects to be able to query a local HTTP endpoint and receive an HTTP 200 OK response for domains authorized for on-demand TLS. See this link for details.
This will create a service of type LoadBalancer in the caddy-system
namespace on your cluster. You'll want to set any DNS records for accessing this
cluster to the external IP address of this LoadBalancer when the external IP
is provisioned by your cloud provider.
You can get the external IP address with kubectl get svc -n caddy-system
To view any logs generated by Caddy or the Ingress Controller you can view the pod logs of the Caddy Ingress Controller.
Get the pod name with:
kubectl get pods -n caddy-system
View the pod logs:
kubectl logs <pod-name> -n caddy-system
To have automatic HTTPS (not to be confused with On-demand TLS), you simply have
to specify your email in the config map. When using Helm chart, you can add
--set [email protected] when installing.
On-demand TLS can generate SSL certs on the fly
and can be enabled in this controller by setting the onDemandTLS config to true:
helm install ...\
--set ingressController.config.onDemandTLS=true
If you would like to disable automatic HTTPS for a specific host and use your own certificates you can create a new TLS secret in Kubernetes and define what certificates to use when serving your application on the ingress resource.
Example:
Create TLS secret mycerts, where ./tls.key and ./tls.crt are valid
certificates for test.com.
kubectl create secret tls mycerts --key ./tls.key --cert ./tls.crt
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
annotations:
kubernetes.io/ingress.class: caddy
spec:
rules:
- host: test.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test
port:
number: 8080
tls:
- secretName: mycerts # use mycerts for host test.com
hosts:
- test.com
Learn how to start contributing on the Contributing Guidline.
Please read our Terms of Service before using our software. Violators of these Terms are not supported by the community or contributors.
Please also read our Privacy Policy to understand how we handle your personal information.
Have questions or suggestions? Reach out to us at [email protected]. Thank you and happy coding! :)
Content type
Image
Digest
sha256:7e35df9f0…
Size
72.9 MB
Last updated
about 4 hours ago
docker pull butlergroup/caddy-ingress