Skip to content

caddy-0.1.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 30 Mar 16:39
caddy-0.1.0
f9d2ae2

What's Changed

Features

  • Initial Helm chart release
  • DaemonSet deployment with hostPort binding (80/443) for bare-metal k3s
  • Kubernetes Ingress controller via caddy-k8s — watches Ingress resources, pushes routes to Caddy admin API dynamically
  • Coraza WAF with OWASP Core Rule Set (DetectionOnly by default)
  • Layer 4 TCP/UDP routing via caddy-l4 — SMTP, IMAP, DNS, custom ports
  • TLS via cert-manager CSI driver — no sidecar, fsnotify rotation
  • CrowdSec IP reputation bouncer (optional)
  • Rate limiting with sliding-window (optional)
  • RFC 7234 HTTP response cache via Souin (optional)
  • MaxMind GeoIP country blocking with auto-updater init container (optional)
  • AI scraper / cloud datacenter IP blocker via caddy-defender (optional)
  • Security headers (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
  • Forward auth integration (Authelia / authentik / oauth2-proxy)
  • Real IP / trusted proxies with strict RTL X-Forwarded-For parsing
  • Prometheus metrics + ServiceMonitor, OpenTelemetry tracing
  • Stakater Reloader integration for zero-downtime ConfigMap updates
  • IngressClass resource with optional cluster-default flag
  • RBAC (ClusterRole/ClusterRoleBinding) for Ingress/Secret/Service watching
  • Multi-arch image: linux/amd64 + linux/arm64 (native runners, no QEMU)

Ingress annotations supported

caddy.ingress/ssl-redirect, whitelist-source-range, blocklist-source-range,
basic-auth-secret, proxy-read-timeout, proxy-send-timeout, proxy-connect-timeout,
proxy-body-size, backend-protocol, backend-tls-insecure-skip-verify,
proxy-http-version, permanent-redirect, temporal-redirect, redirect-code,
rewrite-target, server-alias, upstream-vhost, enable-cors, limit-rps, waf

Assets 3
Loading