Add EAB Config options (#101)

caddyserver · Aug 22, 2022 · d00dc59 · d00dc59
1 parent 769911d
commit d00dc59
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 2 deletions.
diff --git a/charts/caddy-ingress-controller/README.md b/charts/caddy-ingress-controller/README.md
@@ -53,6 +53,8 @@ The command removes all the Kubernetes components associated with the chart and
 | image.tag | string | `"latest"` |  |
 | imagePullSecrets | list | `[]` |  |
 | ingressController.config.acmeCA | string | `""` |  |
+| ingressController.config.acmeEABKeyId | string | `""` |  |
+| ingressController.config.acmeEABMacKey | string | `""` |  |
 | ingressController.config.debug | bool | `false` |  |
 | ingressController.config.email | string | `""` |  |
 | ingressController.config.metrics | bool | `true` |  |

diff --git a/charts/caddy-ingress-controller/values.schema.json b/charts/caddy-ingress-controller/values.schema.json
@@ -110,6 +110,14 @@
                 }
               ]
             },
+            "acmeEABKeyId": {
+              "$id": "#/properties/ingressController/properties/config/properties/acmeEABKeyId",
+              "type": "string"
+            },
+            "acmeEABMacKey": {
+              "$id": "#/properties/ingressController/properties/config/properties/acmeEABMacKey",
+              "type": "string"
+            },
             "debug": {
               "$id": "#/properties/ingressController/properties/config/properties/debug",
               "type": "boolean"

diff --git a/charts/caddy-ingress-controller/values.yaml b/charts/caddy-ingress-controller/values.yaml
@@ -25,6 +25,8 @@ ingressController:
   classNameRequired: false
   leaseId: ""
   config:
+    acmeEABKeyId: ""
+    acmeEABMacKey: ""
     # -- Acme Server URL
     acmeCA: ""
     debug: false

diff --git a/internal/caddy/global/configmap.go b/internal/caddy/global/configmap.go
@@ -2,11 +2,13 @@ package global
 
 import (
 	"encoding/json"
+
 	caddy2 "github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig"
 	"github.com/caddyserver/caddy/v2/modules/caddytls"
 	"github.com/caddyserver/ingress/pkg/converter"
 	"github.com/caddyserver/ingress/pkg/store"
+	"github.com/mholt/acmez/acme"
 )
 
 type ConfigMapPlugin struct{}
@@ -39,6 +41,13 @@ func (p ConfigMapPlugin) GlobalHandler(config *converter.Config, store *store.St
 			acmeIssuer.CA = cfgMap.AcmeCA
 		}
 
+		if cfgMap.AcmeEABKeyId != "" && cfgMap.AcmeEABMacKey != "" {
+			acmeIssuer.ExternalAccount = &acme.EAB{
+				KeyID:  cfgMap.AcmeEABKeyId,
+				MACKey: cfgMap.AcmeEABMacKey,
+			}
+		}
+
 		if cfgMap.Email != "" {
 			acmeIssuer.Email = cfgMap.Email
 		}

diff --git a/pkg/store/configmap_parser.go b/pkg/store/configmap_parser.go
@@ -1,18 +1,21 @@
 package store
 
 import (
+	"reflect"
+	"time"
+
 	"github.com/caddyserver/caddy/v2"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
 	apiv1 "k8s.io/api/core/v1"
-	"reflect"
-	"time"
 )
 
 // ConfigMapOptions represents global options set through a configmap
 type ConfigMapOptions struct {
 	Debug                     bool           `json:"debug,omitempty"`
 	AcmeCA                    string         `json:"acmeCA,omitempty"`
+	AcmeEABKeyId              string         `json:"acmeEABKeyId,omitempty"`
+	AcmeEABMacKey             string         `json:"acmeEABMacKey,omitempty"`
 	Email                     string         `json:"email,omitempty"`
 	ExperimentalSmartSort     bool           `json:"experimentalSmartSort,omitempty"`
 	ProxyProtocol             bool           `json:"proxyProtocol,omitempty"`