{"id":20040364,"url":"https://github.com/caddyserver/gateway","last_synced_at":"2025-04-09T18:16:52.036Z","repository":{"id":240589027,"uuid":"797934906","full_name":"caddyserver/gateway","owner":"caddyserver","description":"Kubernetes Gateway API implementation powered by Caddy","archived":false,"fork":false,"pushed_at":"2025-04-07T20:23:12.000Z","size":279,"stargazers_count":77,"open_issues_count":5,"forks_count":4,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-09T18:16:47.501Z","etag":null,"topics":["caddy","caddyserver","controller","gateway-api","kubernetes","operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/caddyserver.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-08T19:08:31.000Z","updated_at":"2025-04-04T21:45:17.000Z","dependencies_parsed_at":"2024-05-20T00:27:13.553Z","dependency_job_id":"63d0dad9-4bfa-4747-93a4-5631c059bc67","html_url":"https://github.com/caddyserver/gateway","commit_stats":{"total_commits":57,"total_committers":2,"mean_commits":28.5,"dds":"0.22807017543859653","last_synced_commit":"0dfaa015161b9b47ab521ecc0fb1a7f8e8bea1f1"},"previous_names":["caddyserver/gateway"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caddyserver%2Fgateway","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caddyserver%2Fgateway/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caddyserver%2Fgateway/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caddyserver%2Fgateway/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/caddyserver","download_url":"https://codeload.github.com/caddyserver/gateway/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248085323,"owners_count":21045139,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy","caddyserver","controller","gateway-api","kubernetes","operator"],"created_at":"2024-11-13T10:41:46.982Z","updated_at":"2025-04-09T18:16:52.005Z","avatar_url":"https://github.com/caddyserver.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Caddy Gateway (WIP)\n\nImplementation of the [Kubernetes](https://kubernetes.io) [Gateway API](https://gateway-api.sigs.k8s.io/)\nutilizing [Caddy](https://caddyserver.com/) as the underlying web server.\n\n## Description\n\nBy (ab)using the [Caddy Admin API](https://caddyserver.com/docs/api) we can dynamically program\nCaddy with any configuration we want on the fly, without downtime. Instead of requiring sidecar\ncontainers or custom Caddy modules.\n\n### Differences from Ingress\n\nFor those unaware the Gateway API is a Kubernetes SIG project being built to improve upon current\nstandards like the built-in [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/)\nresource. See \u003chttps://gateway-api.sigs.k8s.io/#whats-the-difference-between-gateway-api-and-an-api-gateway\u003e\nfor more details.\n\nThere is an Kubernetes Ingress controller implementation that also utilizes Caddy as the underlying\nwebserver that can be found at \u003chttps://github.com/caddyserver/ingress\u003e. This project differs in\na few ways.\n\n1. This project only implements support for the Gateway API resources and not the Ingress resource.\n2. This project is solely a Kubernetes controller, it uses Caddy's Admin REST API instead of being\n   wrapping or being directly integrated with Caddy, meaning you can bring your own Caddy deployments\n   and manage multiple separate Caddy deployments with a single controller deployment.\n\n## Architecture\n\nThere are two core components, the Controller (this repository) and Caddy (the webserver).\n\nThe Controller watches for changes to any Gateway API resources (and referenced resources).\nWhenever a watched resource is updated, a reconciliation cycle runs that will collect all the\nGateway API resources for a given `Gateway` and generate a JSON configuration for Caddy. Once the\nconfiguration is generated, the Controller will find all Caddy pods associated with the `Gateway`\nand send a request to the pod's Caddy Admin API.\n\nCaddy is the webserver running as either a Deployment or DaemonSet. It serves as the ingress point\nfor any Route resources and is where your requests will be processed.\n\n## Gateway API Support\n\nRequires Gateway API v1.1.0 CRDs to be installed on your cluster (some experimental CRDs are supported but are optional)\n\n### Resource Support\n\nSupport for missing resources is planned but not yet implemented.\n\n- [x] [GatewayClass](https://gateway-api.sigs.k8s.io/api-types/gatewayclass/)\n- [x] [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/)\n- [x] [ReferenceGrant](https://gateway-api.sigs.k8s.io/api-types/referencegrant/)\n- [ ] [BackendLBPolicy](https://gateway-api.sigs.k8s.io/geps/gep-1619/)\n- [x] [BackendTLSPolicy](https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/)\n- [x] [HTTPRoute](https://gateway-api.sigs.k8s.io/api-types/httproute/)\n- [ ] [GRPCRoute](https://gateway-api.sigs.k8s.io/api-types/grpcroute/)\n- [x] [TLSRoute](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tlsroute)\n- [x] [TCPRoute](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)\n- [x] [UDPRoute](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)\n\nThe [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) resource is not\nsupported and support is not planned, sorry.\n\n## Installation\n\nThe following steps assume you already have a Kubernetes cluster setup and configured with core\ncomponents like networking and DNS.\n\n### Installing CRDs\n\nThis repository doesn't contain any CRDs, instead it relies on the standardized Kubernetes Gateway\nAPI resources. See \u003chttps://gateway-api.sigs.k8s.io/guides/#installing-gateway-api\u003e for more details.\n\nWe recommend installing all Gateway API CRDs, including those that are experimental.\n\n```bash\n# Install Gateway API CRDs (including those that are experimental)\nkubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/experimental-install.yaml\n\n# Install Gateway API CRDs (only stable resources)\n# NOTE: **Do not use this command if you already ran the `experimental-install`**\nkubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml\n```\n\n### Installing the Controller and Caddy\n\nThe Controller requires you to provide your own Caddy instance, later we may provide a CRD that\nwill allow us to automatically deploy and manage Caddy for you, but for now you can use our pre-made\ndeployment templates (or bring your own).\n\nBefore deploying Caddy however, there are a few things you need to consider.\n\n1. Due to the way we program Caddy, we send an HTTP request to each Caddy pod. If your Caddy instances\n   do _not_ use TLS on the Admin API, any certificates programmed into Caddy will be sent over an\n   unsecure connection and may be visible to malicious actors.\n2. Enforce strict NetworkPolicies on who can access the Caddy Admin API. Your Caddy instance will\n   likely be exposed to the public internet and exposing the Caddy Admin API is extremely dangerous for\n   security.\n\nThe following example will get you up and running with the Controller and Caddy in a secure way.\n\nSee the [example](./example).\n\n## License\n\nCopyright 2024 Matthew Penner\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n\u003chttp://www.apache.org/licenses/LICENSE-2.0\u003e\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n## Credit\n\nThis project is in no way affiliated or associated with any of the following listed projects.\n\nParts of this controller would not be possible without the surrounding Kubernetes community and\nopen-source projects.\n\nI'd like to thank the [Cilium](https://github.com/cilium/cilium/) maintainers and community\ncontributors for building the base logic for the controller implementation, allowing me to focus\non Caddy integration rather than Gateway API semantics.\n\n## Known Issues\n\n- Modifying a BackendTLSPolicy will not trigger reconciliation of the Gateway.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaddyserver%2Fgateway","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaddyserver%2Fgateway","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaddyserver%2Fgateway/lists"}