# Caddy Ingress Controller

This is the Kubernetes Ingress Controller for Caddy. It includes functionality
for monitoring `Ingress` resources on a Kubernetes cluster and includes support
for providing automatic HTTPS certificates for all hostnames defined in ingress
resources that it is managing.

## Prerequisites

- Helm 3+
- Kubernetes 1.19+

## Setup

In the `charts` folder a Helm Chart is provided to make installing the Caddy
Ingress Controller on a Kubernetes cluster straight forward. To install the
Caddy Ingress Controller adhere to the following steps:

1. Create a new namespace in your cluster to isolate all Caddy resources.

```sh
kubectl create namespace caddy-system
```

2. Install the Helm Chart.

```sh
helm install \
  --namespace=caddy-system \
  --repo https://caddyserver.github.io/ingress/ \
  --atomic \
  --set image.tag=latest \
  mycaddy \
  caddy-ingress-controller
```

Or 

2. Generate kubernetes yaml file.
```sh
git clone https://github.com/caddyserver/ingress.git
cd ingress

# generate the yaml file
helm template mycaddy ./charts/caddy-ingress-controller \
  --namespace=caddy-system \
  --set image.tag=latest \
  > mycaddy.yaml

# apply the file
kubectl apply -f mycaddy.yaml
```

This will create a service of type `LoadBalancer` in the `caddy-system`
namespace on your cluster. You'll want to set any DNS records for accessing this
cluster to the external IP address of this `LoadBalancer` when the external IP
is provisioned by your cloud provider.

You can get the external IP address with `kubectl get svc -n caddy-system`

## Debugging

To view any logs generated by Caddy or the Ingress Controller you can view the
pod logs of the Caddy Ingress Controller.

Get the pod name with:

```sh
kubectl get pods -n caddy-system
```

View the pod logs:

```sh
kubectl logs <pod-name> -n caddy-system
```

## Automatic HTTPS

To enable automatic https via ingress controller using Let's Encrypt you can set
the argument `ingressController.autotls=true` and the email to use
`ingressController.email=your@email.com` on the caddy ingress controller helm
chart values.

Example:
 - `--set ingressController.autotls=true`
 - `--set ingressController.email=your@email.com`

when you execute the helm-chart installation.

## Bringing Your Own Certificates

If you would like to disable automatic HTTPS for a specific host and use your
own certificates you can create a new TLS secret in Kubernetes and define what
certificates to use when serving your application on the ingress resource.

Example:

Create TLS secret `mycerts`, where `./tls.key` and `./tls.crt` are valid
certificates for `test.com`.

```
kubectl create secret tls mycerts --key ./tls.key --cert ./tls.crt
```

```
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example
  annotations:
    kubernetes.io/ingress.class: caddy
spec:
  rules:
  - host: test.com
    http:
      paths:
      - path: /
        backend:
          serviceName: test
          servicePort: 8080
  tls:
  - hosts:
    - test.com
    secretName: mycerts # use mycerts for host test.com
```

### Contribution

Learn how to start contribution on the [Contributing Guidline](CONTRIBUTING.md).

## License

[Apache License 2.0](LICENSE.txt)