| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 |
- apiVersion: extensions/v1beta1
- kind: Deployment
- metadata:
- namespace: public-service
- name: openldap
- labels:
- app: openldap
- spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: openldap
- spec:
- containers:
- - name: openldap
- image: osixia/openldap:1.2.1
- volumeMounts:
- - name: ldap-data
- mountPath: /var/lib/ldap
- - name: ldap-config
- mountPath: /etc/ldap/slapd.d
- - name: ldap-certs
- mountPath: /container/service/slapd/assets/certs
- ports:
- - containerPort: 389
- name: openldap
- env:
- - name: LDAP_LOG_LEVEL
- value: "256"
- - name: LDAP_ORGANISATION
- value: "Example Inc."
- - name: LDAP_DOMAIN
- value: "example.org"
- - name: LDAP_ADMIN_PASSWORD
- value: "admin"
- - name: LDAP_CONFIG_PASSWORD
- value: "config"
- - name: LDAP_READONLY_USER
- value: "false"
- - name: LDAP_READONLY_USER_USERNAME
- value: "readonly"
- - name: LDAP_READONLY_USER_PASSWORD
- value: "readonly"
- - name: LDAP_RFC2307BIS_SCHEMA
- value: "false"
- - name: LDAP_BACKEND
- value: "mdb"
- - name: LDAP_TLS
- value: "true"
- - name: LDAP_TLS_CRT_FILENAME
- value: "ldap.crt"
- - name: LDAP_TLS_KEY_FILENAME
- value: "ldap.key"
- - name: LDAP_TLS_CA_CRT_FILENAME
- value: "ca.crt"
- - name: LDAP_TLS_ENFORCE
- value: "false"
- - name: LDAP_TLS_CIPHER_SUITE
- value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
- - name: LDAP_TLS_VERIFY_CLIENT
- value: "demand"
- - name: LDAP_REPLICATION
- value: "false"
- - name: LDAP_REPLICATION_CONFIG_SYNCPROV
- value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
- - name: LDAP_REPLICATION_DB_SYNCPROV
- value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
- - name: LDAP_REPLICATION_HOSTS
- value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
- - name: KEEP_EXISTING_CONFIG
- value: "false"
- - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
- value: "true"
- - name: LDAP_SSL_HELPER_PREFIX
- value: "ldap"
- volumes:
- - name: ldap-data
- persistentVolumeClaim:
- claimName: ldap-data
- - name: ldap-config
- persistentVolumeClaim:
- claimName: ldap-config
- - name: ldap-certs
- persistentVolumeClaim:
- claimName: ldap-certs
- ---
- kind: PersistentVolumeClaim
- apiVersion: v1
- metadata:
- namespace: public-service
- name: ldap-data
- spec:
- accessModes: [ "ReadWriteOnce" ]
- storageClassName: "gluster-heketi"
- resources:
- requests:
- storage: 100Mi
- ---
- kind: PersistentVolumeClaim
- apiVersion: v1
- metadata:
- namespace: public-service
- name: ldap-config
- spec:
- accessModes: [ "ReadWriteOnce" ]
- storageClassName: "gluster-heketi"
- resources:
- requests:
- storage: 10Mi
- ---
- kind: PersistentVolumeClaim
- apiVersion: v1
- metadata:
- namespace: public-service
- name: ldap-certs
- spec:
- accessModes: [ "ReadWriteOnce" ]
- storageClassName: "gluster-heketi"
- resources:
- requests:
- storage: 10Mi
|
