acme: add external account binding support.

2020-12-01 10:40:05 +01:00
parent b5db753e11
commit a488430f23
6 changed files with 96 additions and 21 deletions
--- a/docs/content/reference/static-configuration/cli-ref.md
+++ b/docs/content/reference/static-configuration/cli-ref.md
@@ -69,6 +69,12 @@ Use a DNS-01 based challenge provider rather than HTTPS.
 `--certificatesresolvers.<name>.acme.dnschallenge.resolvers`:  
 Use following DNS servers to resolve the FQDN authority.

+`--certificatesresolvers.<name>.acme.eab.hmacencoded`:  
+Base64 encoded HMAC key from External CA.
+
+`--certificatesresolvers.<name>.acme.eab.kid`:  
+Key identifier from External CA.
+
 `--certificatesresolvers.<name>.acme.email`:  
 Email address used for registration.

--- a/docs/content/reference/static-configuration/env-ref.md
+++ b/docs/content/reference/static-configuration/env-ref.md
@@ -69,6 +69,12 @@ Use a DNS-01 based challenge provider rather than HTTPS.
 `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE_RESOLVERS`:  
 Use following DNS servers to resolve the FQDN authority.

+`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EAB_HMACENCODED`:  
+Base64 encoded HMAC key from External CA.
+
+`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EAB_KID`:  
+Key identifier from External CA.
+
 `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EMAIL`:  
 Email address used for registration.

--- a/docs/content/reference/static-configuration/file.toml
+++ b/docs/content/reference/static-configuration/file.toml
@@ -103,7 +103,7 @@
    namespaces = ["foobar", "foobar"]
    labelSelector = "foobar"
    ingressClass = "foobar"
-    throttleDuration = "10s"
+    throttleDuration = "42s"
    [providers.kubernetesIngress.ingressEndpoint]
      ip = "foobar"
      hostname = "foobar"
@@ -251,9 +251,6 @@
    addEntryPointsLabels = true
    addServicesLabels = true

-[pilot]
-  token = "foobar"
-
 [ping]
  entryPoint = "foobar"
  manualRouting = true
@@ -343,6 +340,9 @@
      preferredChain = "foobar"
      storage = "foobar"
      keyType = "foobar"
+      [certificatesResolvers.CertificateResolver0.acme.eab]
+        kid = "foobar"
+        hmacEncoded = "foobar"
      [certificatesResolvers.CertificateResolver0.acme.dnsChallenge]
        provider = "foobar"
        delayBeforeCheck = 42
@@ -358,6 +358,9 @@
      preferredChain = "foobar"
      storage = "foobar"
      keyType = "foobar"
+      [certificatesResolvers.CertificateResolver1.acme.eab]
+        kid = "foobar"
+        hmacEncoded = "foobar"
      [certificatesResolvers.CertificateResolver1.acme.dnsChallenge]
        provider = "foobar"
        delayBeforeCheck = 42
@@ -367,6 +370,9 @@
        entryPoint = "foobar"
      [certificatesResolvers.CertificateResolver1.acme.tlsChallenge]

+[pilot]
+  token = "foobar"
+
 [experimental]
  [experimental.plugins]
    [experimental.plugins.Descriptor0]
--- a/docs/content/reference/static-configuration/file.yaml
+++ b/docs/content/reference/static-configuration/file.yaml
@@ -270,8 +270,6 @@ metrics:
    password: foobar
    addEntryPointsLabels: true
    addServicesLabels: true
-pilot:
-  token: foobar
 ping:
  entryPoint: foobar
  manualRouting: true
@@ -358,6 +356,9 @@ certificatesResolvers:
      preferredChain: foobar
      storage: foobar
      keyType: foobar
+      eab:
+        kid: foobar
+        hmacEncoded: foobar
      dnsChallenge:
        provider: foobar
        delayBeforeCheck: 42
@@ -375,6 +376,9 @@ certificatesResolvers:
      preferredChain: foobar
      storage: foobar
      keyType: foobar
+      eab:
+        kid: foobar
+        hmacEncoded: foobar
      dnsChallenge:
        provider: foobar
        delayBeforeCheck: 42
@@ -385,6 +389,8 @@ certificatesResolvers:
      httpChallenge:
        entryPoint: foobar
      tlsChallenge: {}
+pilot:
+  token: foobar
 experimental:
  plugins:
    Descriptor0: