Skip to content

WIP Caddy 2 ingress controller for Kubernetes


Notifications You must be signed in to change notification settings


Repository files navigation

Caddy Ingress Controller

This is the Kubernetes Ingress Controller for Caddy. It includes functionality for monitoring Ingress resources on a Kubernetes cluster and includes support for providing automatic HTTPS certificates for all hostnames defined in the ingress resources that it is managing.


  • Helm 3+
  • Kubernetes 1.19+


In the charts folder, a Helm Chart is provided to make installing the Caddy Ingress Controller on a Kubernetes cluster straightforward. To install the Caddy Ingress Controller adhere to the following steps:

  1. Create a new namespace in your cluster to isolate all Caddy resources.
kubectl create namespace caddy-system
  1. Install the Helm Chart.
helm install \
  --namespace=caddy-system \
  --repo \
  --atomic \
  mycaddy \


  1. Generate kubernetes yaml file.
git clone
cd ingress

# generate the yaml file
helm template mycaddy ./charts/caddy-ingress-controller \
  --namespace=caddy-system \
  > mycaddy.yaml

# apply the file
kubectl apply -f mycaddy.yaml

This will create a service of type LoadBalancer in the caddy-system namespace on your cluster. You'll want to set any DNS records for accessing this cluster to the external IP address of this LoadBalancer when the external IP is provisioned by your cloud provider.

You can get the external IP address with kubectl get svc -n caddy-system

  1. Alternate installation method: Glasskube

To install the Caddy ingress controller using Glasskube, you can select "caddy-ingress-controller" from the "ClusterPackages" tab in the Glasskube GUI then click "install" or you can run the following command:

glasskube install caddy-ingress-controller

Add an email address in the package configuration section in the UI to enable automatic HTTPS, or run:

glasskube install caddy-ingress-controller --value ""


To view any logs generated by Caddy or the Ingress Controller you can view the pod logs of the Caddy Ingress Controller.

Get the pod name with:

kubectl get pods -n caddy-system

View the pod logs:

kubectl logs <pod-name> -n caddy-system

Automatic HTTPS

To have automatic HTTPS (not to be confused with On-demand TLS), you simply have to specify your email in the config map. When using Helm chart, you can add --set when installing.

On-Demand TLS

On-demand TLS can generate SSL certs on the fly and can be enabled in this controller by setting the onDemandTLS config to true:

helm install ...\
  --set ingressController.config.onDemandTLS=true

You can also specify options for the on-demand config: onDemandRateLimitInterval, onDemandRateLimitBurst and onDemandAsk

Bringing Your Own Certificates

If you would like to disable automatic HTTPS for a specific host and use your own certificates you can create a new TLS secret in Kubernetes and define what certificates to use when serving your application on the ingress resource.


Create TLS secret mycerts, where ./tls.key and ./tls.crt are valid certificates for

kubectl create secret tls mycerts --key ./tls.key --cert ./tls.crt
kind: Ingress
  name: example
  annotations: caddy
  - host:
      - path: /
        pathType: Prefix
            name: test
              number: 8080
    - secretName: mycerts # use mycerts for host


Learn how to start contributing on the Contributing Guidline.


Apache License 2.0