|
|
@@ -0,0 +1,125 @@
|
|
|
+apiVersion: extensions/v1beta1
|
|
|
+kind: Deployment
|
|
|
+metadata:
|
|
|
+ namespace: public-service
|
|
|
+ name: openldap
|
|
|
+ labels:
|
|
|
+ app: openldap
|
|
|
+spec:
|
|
|
+ replicas: 1
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app: openldap
|
|
|
+ spec:
|
|
|
+ containers:
|
|
|
+ - name: openldap
|
|
|
+ image: osixia/openldap:1.2.1
|
|
|
+ volumeMounts:
|
|
|
+ - name: ldap-data
|
|
|
+ mountPath: /var/lib/ldap
|
|
|
+ - name: ldap-config
|
|
|
+ mountPath: /etc/ldap/slapd.d
|
|
|
+ - name: ldap-certs
|
|
|
+ mountPath: /container/service/slapd/assets/certs
|
|
|
+ ports:
|
|
|
+ - containerPort: 389
|
|
|
+ name: openldap
|
|
|
+ env:
|
|
|
+ - name: LDAP_LOG_LEVEL
|
|
|
+ value: "256"
|
|
|
+ - name: LDAP_ORGANISATION
|
|
|
+ value: "Example Inc."
|
|
|
+ - name: LDAP_DOMAIN
|
|
|
+ value: "example.org"
|
|
|
+ - name: LDAP_ADMIN_PASSWORD
|
|
|
+ value: "admin"
|
|
|
+ - name: LDAP_CONFIG_PASSWORD
|
|
|
+ value: "config"
|
|
|
+ - name: LDAP_READONLY_USER
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_READONLY_USER_USERNAME
|
|
|
+ value: "readonly"
|
|
|
+ - name: LDAP_READONLY_USER_PASSWORD
|
|
|
+ value: "readonly"
|
|
|
+ - name: LDAP_RFC2307BIS_SCHEMA
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_BACKEND
|
|
|
+ value: "mdb"
|
|
|
+ - name: LDAP_TLS
|
|
|
+ value: "true"
|
|
|
+ - name: LDAP_TLS_CRT_FILENAME
|
|
|
+ value: "ldap.crt"
|
|
|
+ - name: LDAP_TLS_KEY_FILENAME
|
|
|
+ value: "ldap.key"
|
|
|
+ - name: LDAP_TLS_CA_CRT_FILENAME
|
|
|
+ value: "ca.crt"
|
|
|
+ - name: LDAP_TLS_ENFORCE
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_TLS_CIPHER_SUITE
|
|
|
+ value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
|
|
|
+ - name: LDAP_TLS_VERIFY_CLIENT
|
|
|
+ value: "demand"
|
|
|
+ - name: LDAP_REPLICATION
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_REPLICATION_CONFIG_SYNCPROV
|
|
|
+ value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
|
|
|
+ - name: LDAP_REPLICATION_DB_SYNCPROV
|
|
|
+ value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
|
|
|
+ - name: LDAP_REPLICATION_HOSTS
|
|
|
+ value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
|
|
|
+ - name: KEEP_EXISTING_CONFIG
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
|
|
|
+ value: "true"
|
|
|
+ - name: LDAP_SSL_HELPER_PREFIX
|
|
|
+ value: "ldap"
|
|
|
+ volumes:
|
|
|
+ - name: ldap-data
|
|
|
+ persistentVolumeClaim:
|
|
|
+ claimName: ldap-data
|
|
|
+ - name: ldap-config
|
|
|
+ persistentVolumeClaim:
|
|
|
+ claimName: ldap-config
|
|
|
+ - name: ldap-certs
|
|
|
+ persistentVolumeClaim:
|
|
|
+ claimName: ldap-certs
|
|
|
+---
|
|
|
+kind: PersistentVolumeClaim
|
|
|
+apiVersion: v1
|
|
|
+metadata:
|
|
|
+ namespace: public-service
|
|
|
+ name: ldap-data
|
|
|
+spec:
|
|
|
+ accessModes: [ "ReadWriteOnce" ]
|
|
|
+ storageClassName: "gluster-heketi"
|
|
|
+ resources:
|
|
|
+ requests:
|
|
|
+ storage: 100Mi
|
|
|
+
|
|
|
+---
|
|
|
+kind: PersistentVolumeClaim
|
|
|
+apiVersion: v1
|
|
|
+metadata:
|
|
|
+ namespace: public-service
|
|
|
+ name: ldap-config
|
|
|
+spec:
|
|
|
+ accessModes: [ "ReadWriteOnce" ]
|
|
|
+ storageClassName: "gluster-heketi"
|
|
|
+ resources:
|
|
|
+ requests:
|
|
|
+ storage: 10Mi
|
|
|
+---
|
|
|
+kind: PersistentVolumeClaim
|
|
|
+apiVersion: v1
|
|
|
+metadata:
|
|
|
+ namespace: public-service
|
|
|
+ name: ldap-certs
|
|
|
+spec:
|
|
|
+ accessModes: [ "ReadWriteOnce" ]
|
|
|
+ storageClassName: "gluster-heketi"
|
|
|
+ resources:
|
|
|
+ requests:
|
|
|
+ storage: 10Mi
|
|
|
+
|
|
|
+
|
Dotbalo