Allow running outside a cluster

[stephank]

These are some changes I made to run the controller outside of the cluster:

• Uses KUBECONFIG if set. Ideally, we'd also support -kubeconfig, because the messages logged by BuildConfigFromFlags allude to this.
• Allow specifying a namespace for the ConfigMap (e.g. -config-map foo/bar). If set, Secrets will then also be generated in this namespace, rather than the pod namespace.
• Make the POD_{NAMESPACE,NAME} vars optional and warn if not set. If not set, -config-map must be provided with an explicit namespace, and Ingress status will not list external IPs.
• Prefers $RUNTIME_DIRECTORY/certs over /etc/caddy/certs, if the env var is set. This is a variable set by systemd when setting RuntimeDirectory in the service configuration.
  Though I wonder if we should not just use something like /tmp/caddy-certs in all cases here? This works in the container, and is secure in systemd with PrivateTmp.

P.S.: Changes like #301 make building with distribution toolchains a bit more difficult. For example, NixOS 24.11 packages Go 1.23. This doesn't matter for standard deployments, where binaries/images are provided, of course. But if these changes sound useful, maybe we can also relax toolchain version?

[codecov]

Codecov Report

Attention: Patch coverage is 14.28571% with 42 lines in your changes missing coverage. Please review.

Project coverage is 20.11%. Comparing base (3ea49d4) to head (21d8c07).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/controller/action_tls.go	0.00%	15 Missing ⚠️
internal/controller/controller.go	0.00%	15 Missing ⚠️
internal/k8s/pod.go	0.00%	9 Missing ⚠️
cmd/caddy/main.go	0.00%	1 Missing ⚠️
internal/caddy/global/secrets_store.go	0.00%	1 Missing ⚠️
pkg/storage/storage.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #305      +/-   ##
==========================================
- Coverage   20.37%   20.11%   -0.27%     
==========================================
  Files          30       30              
  Lines        1374     1397      +23     
==========================================
+ Hits          280      281       +1     
- Misses       1092     1114      +22     
  Partials        2        2              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Embraser01]

Hi, thanks for those contributions! Really nice stuff

LGTM ✅

[Embraser01]

P.S.: Changes like #301 make building with distribution toolchains a bit more difficult. For example, NixOS 24.11 packages Go 1.23. This doesn't matter for standard deployments, where binaries/images are provided, of course. But if these changes sound useful, maybe we can also relax toolchain version?

Not sure on the impact as I've been a bit taken by work these last months, @mavimo wdyt?

[stephank]

It looks like I was mistaken. Go 1.24 was backported to NixOS 24.11 a couple of weeks ago. So at least for NixOS, the toolchain version doesn't matter as much anymore. I can open a backport PR there if necessary in the future.

I rebased this PR to resolve the merge conflict; no other changes.