release: v1.0.3 / helm 0.9.5 — fix startup and liveness probes

brdelphus · claude · brdelphus · commit b19634ef242f · 2026-04-16T08:20:13.000-03:00
- admin binds 0.0.0.0 (was localhost) so kubelet probes reach it
  when using hostPorts (non-hostNetwork); pods were dying at ~70s
- remove host: localhost from readiness/liveness httpGet probes
- bump VERSION → 1.0.3, Chart.yaml → 0.9.5, image.tag → 1.0.3

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Changelog
 
+## [1.0.3] - 2026-04-16
+
+### Bug Fixes
+
+- **Caddy container no longer exits immediately on startup** — Dockerfile was missing `CMD`; the binary printed help text and exited. Added `CMD ["run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]` to the Dockerfile and matching `args` to the DaemonSet template so both the image default and the chart are self-consistent.
+- **Liveness/readiness probes now reach the admin API** — `admin` was bound to `localhost` and probes used `host: localhost`, which the kubelet resolves to the *node's* loopback rather than the pod's. Changed `admin.host` default to `""` (binds `0.0.0.0`) and removed the `host:` override from both probes. Affected all deployments using `hostPorts` (non-`hostNetwork`); pods were killed after ~70 s by the failing liveness probe.
+
+### Helm chart: 0.9.5
+
+---
+
 ## [1.0.2] - 2026-04-02
 
 ### New Features
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.2
+1.0.3
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: caddy
 description: Caddy ingress with WAF, TCP/UDP, CertMagic ACME (HTTP/TLS-ALPN/DNS/On-Demand), cert-manager CSI, CrowdSec, GeoIP, authentication/SSO, rate limiting and caching
 type: application
-version: 0.9.4
-appVersion: "1.0.2"
+version: 0.9.5
+appVersion: "1.0.3"
 icon: https://caddyserver.com/resources/images/caddy-circle-lock.svg
 
 keywords:
diff --git a/helm/templates/daemonset.yaml b/helm/templates/daemonset.yaml
@@ -153,15 +153,13 @@ spec:
           httpGet:
             path: /
             port: admin
-            host: localhost
           initialDelaySeconds: 5
           periodSeconds: 10
 
         livenessProbe:
           httpGet:
             path: /
             port: admin
-            host: localhost
           initialDelaySeconds: 15
           periodSeconds: 20
 
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -6,7 +6,7 @@ fullnameOverride: ""
 
 image:
   repository: ghcr.io/brdelphus/ingress-caddy
-  tag: "1.0.2"
+  tag: "1.0.3"
   pullPolicy: IfNotPresent
 
 # Image pull secrets for private registries.
@@ -416,8 +416,10 @@ caddyfile:
 # ── Admin API ──────────────────────────────────────────────────────────────────
 
 admin:
-  # Bind to localhost only — the metrics service exposes it via ClusterIP
-  host: localhost
+  # Bind to all interfaces so kubelet liveness/readiness probes can reach the
+  # admin API when using hostPorts (not hostNetwork). The metrics ClusterIP
+  # service gates external access; pod network is already cluster-internal.
+  host: ""
   port: 2019
 
 # ── LoadBalancer service ───────────────────────────────────────────────────────
