mirror of
https://github.com/eliasstepanik/caddy-ingess.git
synced 2026-01-11 12:38:27 +00:00
e9c594cd55
* feat(annotations): Add annotations to rewrite requests * Upgrade caddy, ingress API version and some other deps * fix graceful shutdown * Upgrade caddy to v2.4.6 and add OCSP Check interval to global config * Add caddy duration parser
118 lines
2.8 KiB
Markdown
118 lines
2.8 KiB
Markdown
# Caddy Ingress Controller
|
|
|
|
This is the Kubernetes Ingress Controller for Caddy. It includes functionality
|
|
for monitoring `Ingress` resources on a Kubernetes cluster and includes support
|
|
for providing automatic HTTPS certificates for all hostnames defined in ingress
|
|
resources that it is managing.
|
|
|
|
## Prerequisites
|
|
|
|
- Helm 3+
|
|
- Kubernetes 1.19+
|
|
|
|
## Setup
|
|
|
|
In the `charts` folder a Helm Chart is provided to make installing the Caddy
|
|
Ingress Controller on a Kubernetes cluster straight forward. To install the
|
|
Caddy Ingress Controller adhere to the following steps:
|
|
|
|
1. Create a new namespace in your cluster to isolate all Caddy resources.
|
|
|
|
```sh
|
|
kubectl create namespace caddy-system
|
|
```
|
|
|
|
2. Install the Helm Chart.
|
|
|
|
```sh
|
|
helm install \
|
|
--namespace=caddy-system \
|
|
--repo https://caddyserver.github.io/ingress/ \
|
|
--atomic \
|
|
--set image.tag=latest \
|
|
mycaddy \
|
|
caddy-ingress-controller
|
|
```
|
|
|
|
The helm chart create a service of type `LoadBalancer` in the `caddy-system`
|
|
namespace on your cluster. You'll want to set any DNS records for accessing this
|
|
cluster to the external IP address of this `LoadBalancer` when the external IP
|
|
is provisioned by your cloud provider.
|
|
|
|
You can get the external IP address with `kubectl get svc -n caddy-system`
|
|
|
|
## Debugging
|
|
|
|
To view any logs generated by Caddy or the Ingress Controller you can view the
|
|
pod logs of the Caddy Ingress Controller.
|
|
|
|
Get the pod name with:
|
|
|
|
```sh
|
|
kubectl get pods -n caddy-system
|
|
```
|
|
|
|
View the pod logs:
|
|
|
|
```sh
|
|
kubectl logs <pod-name> -n caddy-system
|
|
```
|
|
|
|
## Automatic HTTPS
|
|
|
|
To enable automatic https via ingress controller using Let's Encrypt you can set
|
|
the argument `ingressController.autotls=true` and the email to use
|
|
`ingressController.email=your@email.com` on the caddy ingress controller helm
|
|
chart values.
|
|
|
|
Example:
|
|
- `--set ingressController.autotls=true`
|
|
- `--set ingressController.email=your@email.com`
|
|
|
|
when you execute the helm-chart installation.
|
|
|
|
## Bringing Your Own Certificates
|
|
|
|
If you would like to disable automatic HTTPS for a specific host and use your
|
|
own certificates you can create a new TLS secret in Kubernetes and define what
|
|
certificates to use when serving your application on the ingress resource.
|
|
|
|
Example:
|
|
|
|
Create TLS secret `mycerts`, where `./tls.key` and `./tls.crt` are valid
|
|
certificates for `test.com`.
|
|
|
|
```
|
|
kubectl create secret tls mycerts --key ./tls.key --cert ./tls.crt
|
|
```
|
|
|
|
```
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: example
|
|
annotations:
|
|
kubernetes.io/ingress.class: caddy
|
|
spec:
|
|
rules:
|
|
- host: test.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test
|
|
servicePort: 8080
|
|
tls:
|
|
- hosts:
|
|
- test.com
|
|
secretName: mycerts # use mycerts for host test.com
|
|
```
|
|
|
|
### Contribution
|
|
|
|
Learn how to start contribution on the [Contributing Guidline](CONTRIBUTING.md).
|
|
|
|
## License
|
|
|
|
[Apache License 2.0](LICENSE.txt)
|