From 5bc6c978ac59bb36ff1db1dde7c00179f8f85b05 Mon Sep 17 00:00:00 2001
From: "A. F. Dudley" <a.frederick.dudley@gmail.com>
Date: Sun, 25 Jan 2026 17:35:53 -0500
Subject: [PATCH] feat(k8s): support acme-email config for Caddy ingress

Adds support for configuring ACME email for Let's Encrypt certificates
in kind deployments. The email can be specified in the spec under
network.acme-email and will be used to configure the Caddy ingress
controller ConfigMap.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 stack_orchestrator/deploy/k8s/deploy_k8s.py |  2 +-
 stack_orchestrator/deploy/k8s/helpers.py    | 15 +++++++++++++++
 stack_orchestrator/deploy/spec.py           |  3 +++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/stack_orchestrator/deploy/k8s/deploy_k8s.py b/stack_orchestrator/deploy/k8s/deploy_k8s.py
index 326cb6ab..8c0d4bd2 100644
--- a/stack_orchestrator/deploy/k8s/deploy_k8s.py
+++ b/stack_orchestrator/deploy/k8s/deploy_k8s.py
@@ -316,7 +316,7 @@ class K8sDeployer(Deployer):
             self.connect_api()
             if self.is_kind() and not self.skip_cluster_management:
                 # Configure ingress controller (not installed by default in kind)
-                # Skip if already running
+                # Skip if already running (idempotent for shared cluster)
                 if not is_ingress_running():
                     install_ingress_for_kind(self.cluster_info.spec.get_acme_email())
                     # Wait for ingress to start
diff --git a/stack_orchestrator/deploy/k8s/helpers.py b/stack_orchestrator/deploy/k8s/helpers.py
index 888e59ca..6cdc930d 100644
--- a/stack_orchestrator/deploy/k8s/helpers.py
+++ b/stack_orchestrator/deploy/k8s/helpers.py
@@ -368,6 +368,21 @@ def install_ingress_for_kind(acme_email: str = ""):
     yaml_objects = list(yaml.safe_load_all(yaml_content))
     utils.create_from_yaml(api_client, yaml_objects=yaml_objects)
 
+    # Patch ConfigMap with ACME email if provided
+    if acme_email:
+        if opts.o.debug:
+            print(f"Configuring ACME email: {acme_email}")
+        core_api = client.CoreV1Api()
+        configmap = core_api.read_namespaced_config_map(
+            name="caddy-ingress-controller-configmap", namespace="caddy-system"
+        )
+        configmap.data["email"] = acme_email
+        core_api.patch_namespaced_config_map(
+            name="caddy-ingress-controller-configmap",
+            namespace="caddy-system",
+            body=configmap,
+        )
+
 
 def load_images_into_kind(kind_cluster_name: str, image_set: Set[str]):
     for image in image_set:
diff --git a/stack_orchestrator/deploy/spec.py b/stack_orchestrator/deploy/spec.py
index e5647b04..060f67ea 100644
--- a/stack_orchestrator/deploy/spec.py
+++ b/stack_orchestrator/deploy/spec.py
@@ -128,6 +128,9 @@ class Spec:
     def get_http_proxy(self):
         return self.obj.get(constants.network_key, {}).get(constants.http_proxy_key, [])
 
+    def get_acme_email(self):
+        return self.obj.get(constants.network_key, {}).get("acme-email", "")
+
     def get_annotations(self):
         return self.obj.get(constants.annotations_key, {})