1. The problem I’m having:
Using caddy-Ingress-controller for automatic https redirection and automatic ssl/termination. I’m setting up ArgoCD for my cluster and part of the instructions shares terminating SSL at the controller, but using Nginx as the example. I managed to get this working for Caddy, but I get a grpc warninig about an http flag when using the ArgoCD CLI.
I’m looking for two things:
- Nginx uses annotations, is there any way to see what annotations Caddy uses for ingress configs? I’ve tried a few, but they don’t seem to take.
- How can I properly get rid of the warning?
I get the feeling my protocol annotation isn’t actually working based on the config output. Most examples I come across are using Caddyfile, but considering the deployment in this scenario I don’t think this would be the appropriate solution. To be fair, I’ve seen this isn’t a big deal and I can just add the flag. However, the perfectionist in me wants to know why I’m seeing it and how I can get rid of it.
Thanks!
2. Error messages and/or full log output:
% argocd login grpc.argocd.example.com
{"level":"warning","msg":"Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.","time":"2025-09-21T06:34:33-05:00"}
Username: admin
Password:
'admin:login' logged in successfully
Context 'grpc.argocd.example.com' updated
%
3. Caddy (ingress) version:
caddy/ingress:v0.2.1
4. How I installed and ran Caddy:
a. System environment:
Bare metal kubernetes cluster
b. Command:
helm install caddy caddy-ingress/caddy-ingress-controller -n caddy-system -f values.yaml
c. Service/unit/compose file:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-grpc
namespace: argocd
annotations:
caddy.ingress.kubernetes.io/protocol: "grpc"
spec:
ingressClassName: caddy
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 443
host: grpc.argocd.example.com
d. My complete Caddy config:
{
"admin": {},
"apps": {
"http": {
"servers": {
"ingress_server": {
"automatic_https": {},
"listen": [
":80",
":443"
],
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http"
},
"upstreams": [
{
"dial": "argocd-server.argocd.svc.cluster.local:80"
}
]
}
],
"match": [
{
"host": [
"argocd.example.com"
],
"path": [
"/*"
],
"protocol": "https"
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "http"
},
"upstreams": [
{
"dial": "argocd-server.argocd.svc.cluster.local:443"
}
]
}
],
"match": [
{
"host": [
"grpc.argocd.example.com"
],
"path": [
"/*"
],
"protocol": "https"
}
]
}
],
"tls_connection_policies": [
{}
]
},
"metrics_server": {
"automatic_https": {
"disable": true
},
"listen": [
":9765"
],
"routes": [
{
"handle": [
{
"handler": "metrics"
}
],
"match": [
{
"path": [
"/metrics"
]
}
]
},
{
"handle": [
{
"handler": "static_response",
"status_code": 200
}
],
"match": [
{
"path": [
"/healthz"
]
}
]
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"issuers": [
{
"ca": "https://acme-v02.api.letsencrypt.org/directory",
"email": "user@example.com",
"module": "acme"
}
]
}
]
}
}
},
"logging": {},
"storage": {
"leaseId": "",
"module": "secret_store",
"namespace": "caddy-system"
}
}