Skip to content

Releases: brdelphus/ingress-caddy

caddy-0.6.0

31 Mar 01:45
@github-actions github-actions
caddy-0.6.0
94b6fb2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
caddy-0.6.0

What's Changed

Features

  • feat: annotation-driven TLS model with caddy.ingress/tls handler declaration (04231c4)
  • feat: add list/watch secrets permission for spec.tls support (631c980)
  • feat: add caddy-security, on-demand TLS, EAB, and HA features (8c38f8b)
  • feat: wire k8s_config_reloader into Helm chart (2327c9c)
  • feat: add caddyfile.extraGlobalOptions escape hatch for global Caddyfile config (b704f64)

Other

  • refactor: remove k8sIngress.enabled — ingress controller is always on (ed4e891)

Full diff: caddy-0.5.0...caddy-0.6.0

Loading

caddy-0.5.0

30 Mar 19:49
@github-actions github-actions
caddy-0.5.0
358c8c4

Choose a tag to compare

View all tags
caddy-0.5.0

What's Changed

Features

  • feat: wire k8s_config_reloader into Helm chart (2327c9c)
  • feat: add caddyfile.extraGlobalOptions escape hatch for global Caddyfile config (b704f64)
  • feat: CertMagic built-in ACME as alternative to cert-manager (358c8c4)

Full diff: caddy-0.4.0...caddy-0.5.0

Loading

caddy-0.4.0

30 Mar 19:14
@github-actions github-actions
caddy-0.4.0
51c61a9

Choose a tag to compare

View all tags
caddy-0.4.0

What's Changed

Features

  • feat(helm): add optional bundled Redis via Bitnami sub-chart dependency (e64049b)

Bug Fixes

  • fix(ci): fix chart release workflow (e58fa59)

Other

  • chore(helm): add Caddy icon to Chart.yaml (6852740)

Full diff: caddy-0.3.0...caddy-0.4.0

Loading

caddy-0.3.0

30 Mar 16:49
@github-actions github-actions
caddy-0.3.0
8c78e71

Choose a tag to compare

View all tags
caddy-0.3.0

What's Changed

Features

  • Add workloadType: Deployment mode — run Caddy as a fixed-replica Deployment instead of a DaemonSet
  • Add replicaCount value (default: 2) used when workloadType: Deployment
  • Deployment mode is recommended with service.type: LoadBalancer (MetalLB / cloud LBs); set hostPorts.enabled: false to avoid port conflicts

Usage

# Bare-metal k3s (default)
workloadType: DaemonSet
hostPorts:
  enabled: true

# Cloud / MetalLB
workloadType: Deployment
replicaCount: 2
hostPorts:
  enabled: false
service:
  enabled: true
  type: LoadBalancer
  externalTrafficPolicy: Local

Full diff: caddy-0.2.0...caddy-0.3.0

Loading

caddy-0.2.0

30 Mar 16:47
@github-actions github-actions
caddy-0.2.0
5528747

Choose a tag to compare

View all tags
caddy-0.2.0

What's Changed

Features

  • Add LoadBalancer Service support — creates a Service (type: LoadBalancer) that fronts the DaemonSet, for use with MetalLB or cloud load balancers (AWS NLB, GCE, etc.)
  • L4 ports declared in l4.hostPorts are automatically included in the LoadBalancer Service — no duplication needed
  • Make hostPort bindings on the DaemonSet conditional on hostPorts.enabled — set false when using a LoadBalancer to avoid node port conflicts
  • New service.* values: enabled, type, loadBalancerIP, externalTrafficPolicy, annotations

Notes

  • externalTrafficPolicy: Local is strongly recommended with LoadBalancer — it preserves the real client IP and avoids an extra kube-proxy hop
  • hostPorts.enabled: true and service.enabled: true can coexist if your LB provider supports it

Full diff: caddy-0.1.0...caddy-0.2.0

Loading

caddy-0.1.0

30 Mar 16:39
@github-actions github-actions
caddy-0.1.0
f9d2ae2

Choose a tag to compare

View all tags
caddy-0.1.0

What's Changed

Features

  • Initial Helm chart release
  • DaemonSet deployment with hostPort binding (80/443) for bare-metal k3s
  • Kubernetes Ingress controller via caddy-k8s — watches Ingress resources, pushes routes to Caddy admin API dynamically
  • Coraza WAF with OWASP Core Rule Set (DetectionOnly by default)
  • Layer 4 TCP/UDP routing via caddy-l4 — SMTP, IMAP, DNS, custom ports
  • TLS via cert-manager CSI driver — no sidecar, fsnotify rotation
  • CrowdSec IP reputation bouncer (optional)
  • Rate limiting with sliding-window (optional)
  • RFC 7234 HTTP response cache via Souin (optional)
  • MaxMind GeoIP country blocking with auto-updater init container (optional)
  • AI scraper / cloud datacenter IP blocker via caddy-defender (optional)
  • Security headers (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
  • Forward auth integration (Authelia / authentik / oauth2-proxy)
  • Real IP / trusted proxies with strict RTL X-Forwarded-For parsing
  • Prometheus metrics + ServiceMonitor, OpenTelemetry tracing
  • Stakater Reloader integration for zero-downtime ConfigMap updates
  • IngressClass resource with optional cluster-default flag
  • RBAC (ClusterRole/ClusterRoleBinding) for Ingress/Secret/Service watching
  • Multi-arch image: linux/amd64 + linux/arm64 (native runners, no QEMU)

Ingress annotations supported

caddy.ingress/ssl-redirect, whitelist-source-range, blocklist-source-range,
basic-auth-secret, proxy-read-timeout, proxy-send-timeout, proxy-connect-timeout,
proxy-body-size, backend-protocol, backend-tls-insecure-skip-verify,
proxy-http-version, permanent-redirect, temporal-redirect, redirect-code,
rewrite-target, server-alias, upstream-vhost, enable-cors, limit-rps, waf

Loading