|
|
@@ -0,0 +1,102 @@
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: Deployment
|
|
|
+metadata:
|
|
|
+ name: ldap
|
|
|
+ labels:
|
|
|
+ app: ldap
|
|
|
+spec:
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ app: ldap
|
|
|
+ replicas: 1
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app: ldap
|
|
|
+ spec:
|
|
|
+ containers:
|
|
|
+ - name: ldap
|
|
|
+ image: osixia/openldap:1.4.0
|
|
|
+ args: ["--copy-service"]
|
|
|
+ volumeMounts:
|
|
|
+ - name: ldap-data
|
|
|
+ mountPath: /var/lib/ldap
|
|
|
+ - name: ldap-config
|
|
|
+ mountPath: /etc/ldap/slapd.d
|
|
|
+ - name: ldap-certs
|
|
|
+ mountPath: /container/service/slapd/assets/certs
|
|
|
+ - name: secret-volume
|
|
|
+ mountPath: /container/environment/01-custom
|
|
|
+ - name: container-run
|
|
|
+ mountPath: /container/run
|
|
|
+ ports:
|
|
|
+ - containerPort: 389
|
|
|
+ name: openldap
|
|
|
+ - containerPort: 636
|
|
|
+ name: openldapSSL
|
|
|
+ env:
|
|
|
+ - name: LDAP_LOG_LEVEL
|
|
|
+ value: "256"
|
|
|
+ - name: LDAP_ORGANISATION
|
|
|
+ value: "Example Inc."
|
|
|
+ - name: LDAP_DOMAIN
|
|
|
+ value: "example.org"
|
|
|
+ - name: LDAP_ADMIN_PASSWORD
|
|
|
+ value: "admin"
|
|
|
+ - name: LDAP_CONFIG_PASSWORD
|
|
|
+ value: "config"
|
|
|
+ - name: LDAP_READONLY_USER
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_READONLY_USER_USERNAME
|
|
|
+ value: "readonly"
|
|
|
+ - name: LDAP_READONLY_USER_PASSWORD
|
|
|
+ value: "readonly"
|
|
|
+ - name: LDAP_RFC2307BIS_SCHEMA
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_BACKEND
|
|
|
+ value: "mdb"
|
|
|
+ - name: LDAP_TLS
|
|
|
+ value: "true"
|
|
|
+ - name: LDAP_TLS_CRT_FILENAME
|
|
|
+ value: "ldap.crt"
|
|
|
+ - name: LDAP_TLS_KEY_FILENAME
|
|
|
+ value: "ldap.key"
|
|
|
+ - name: LDAP_TLS_DH_PARAM_FILENAME
|
|
|
+ value: "dhparam.pem"
|
|
|
+ - name: LDAP_TLS_CA_CRT_FILENAME
|
|
|
+ value: "ca.crt"
|
|
|
+ - name: LDAP_TLS_ENFORCE
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_TLS_CIPHER_SUITE
|
|
|
+ value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
|
|
|
+ - name: LDAP_TLS_VERIFY_CLIENT
|
|
|
+ value: "demand"
|
|
|
+ - name: LDAP_REPLICATION
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_REPLICATION_CONFIG_SYNCPROV
|
|
|
+ value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
|
|
|
+ - name: LDAP_REPLICATION_DB_SYNCPROV
|
|
|
+ value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
|
|
|
+ - name: LDAP_REPLICATION_HOSTS
|
|
|
+ value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
|
|
|
+ - name: KEEP_EXISTING_CONFIG
|
|
|
+ value: "false"
|
|
|
+ - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
|
|
|
+ value: "true"
|
|
|
+ - name: LDAP_SSL_HELPER_PREFIX
|
|
|
+ value: "ldap"
|
|
|
+ volumes:
|
|
|
+ - name: ldap-data
|
|
|
+ hostPath:
|
|
|
+ path: "/data/ldap/db"
|
|
|
+ - name: ldap-config
|
|
|
+ hostPath:
|
|
|
+ path: "/data/ldap/config"
|
|
|
+ - name: ldap-certs
|
|
|
+ hostPath:
|
|
|
+ path: "/data/ldap/certs"
|
|
|
+ - name: "secret-volume"
|
|
|
+ secret:
|
|
|
+ secretName: "ldap-secret"
|
|
|
+ - name: container-run
|
|
|
+ emptyDir: {}
|
Josh Cox