Running inside Kubernetes

slyall · December 4, 2020, 12:08am

Hi, We are looking at deploying caddy as a proxy inside kubernetes and were wondering if it is a good fit for the following:

What we have is http requests coming from outside the kubernetes cluster, going through an ingress controller and hitting a service/pod that acts as a proxy to forward the request to a backend system (with a fixed hostname).

We’ve been running nginx as a simple system, it just loads an nginx container and a config. But this has caused problems when the backend DNS changes and ngix doesn’t (cause thats a premium nginx feature). We had a look at using traefik since we use it for our ingress but the manual config for that is a little user-hostile.

A couple of people recommended caddy and we are looking at that. We’d just be hoping to put a config in a configmap and run it using helm.

We’ve looked around a little, obviously the recent v2 upgrade makes stuff hard to google. We were wondering:

If others are running it as a standalone inside kubernetes
Is there is a helm chart around that you’d recommend?
Are there any tricks to running under kubernetes/docker
Is there a good sample caddyfile for a proxy? I have found Composing in the Caddyfile but most other docs just seem to have fragments.

Apologies if these questions are bit beginner. But most people seem to is caddy slightly differently to what we are looking at.

francislavoie · December 4, 2020, 5:53am

A proxy can be as simple as just this:

example.com {
	reverse_proxy backend:8080
}

Where backend is the DNS entry or your service (i.e. provided by the the k8s DNS).

There’s a bunch of knobs you can tweak depending on your needs, like you could use srv+http:// if you have service discovery set up, you could turn on health checking, load balance policies, etc.

One thing I’m aware of is that the default k8s ingress is at the HTTP layer I believe, so you wouldn’t be able to use Caddy for its Auto HTTPS features (best-in-class automatic ACME cert management, etc) because the ingress controller would need to terminate TLS before it gets to Caddy. I think.

There is a project in-progress for making Caddy a k8s ingress controller, but I’m not a k8s user so I’m not sure at what level of readiness it is right now, your mileage may vary.

I’m more of a docker + docker-compose user myself

We have an official docker image here which might be what you need (make sure to review its docs): Docker Hub

system · January 3, 2021, 12:08am

This topic was automatically closed after 30 days. New replies are no longer allowed.