|
|
@@ -1,99 +0,0 @@
|
|
|
-apiVersion: apps/v1
|
|
|
-kind: Deployment
|
|
|
-metadata:
|
|
|
- name: ldap
|
|
|
- labels:
|
|
|
- app: ldap
|
|
|
-spec:
|
|
|
- selector:
|
|
|
- matchLabels:
|
|
|
- app: ldap
|
|
|
- replicas: 1
|
|
|
- template:
|
|
|
- metadata:
|
|
|
- labels:
|
|
|
- app: ldap
|
|
|
- spec:
|
|
|
- containers:
|
|
|
- - name: ldap
|
|
|
- image: osixia/openldap:1.4.0
|
|
|
- volumeMounts:
|
|
|
- - name: ldap-data
|
|
|
- mountPath: /var/lib/ldap
|
|
|
- - name: ldap-config
|
|
|
- mountPath: /etc/ldap/slapd.d
|
|
|
- - name: ldap-certs
|
|
|
- mountPath: /container/service/slapd/assets/certs
|
|
|
- - name: secret-volume
|
|
|
- mountPath: /container/environment/01-custom
|
|
|
- - name: container-run
|
|
|
- mountPath: /container/run
|
|
|
- ports:
|
|
|
- - containerPort: 389
|
|
|
- name: openldap
|
|
|
- env:
|
|
|
- - name: LDAP_LOG_LEVEL
|
|
|
- value: "256"
|
|
|
- - name: LDAP_ORGANISATION
|
|
|
- value: "Example Inc."
|
|
|
- - name: LDAP_DOMAIN
|
|
|
- value: "example.org"
|
|
|
- - name: LDAP_ADMIN_PASSWORD
|
|
|
- value: "admin"
|
|
|
- - name: LDAP_CONFIG_PASSWORD
|
|
|
- value: "config"
|
|
|
- - name: LDAP_READONLY_USER
|
|
|
- value: "false"
|
|
|
- - name: LDAP_READONLY_USER_USERNAME
|
|
|
- value: "readonly"
|
|
|
- - name: LDAP_READONLY_USER_PASSWORD
|
|
|
- value: "readonly"
|
|
|
- - name: LDAP_RFC2307BIS_SCHEMA
|
|
|
- value: "false"
|
|
|
- - name: LDAP_BACKEND
|
|
|
- value: "mdb"
|
|
|
- - name: LDAP_TLS
|
|
|
- value: "true"
|
|
|
- - name: LDAP_TLS_CRT_FILENAME
|
|
|
- value: "ldap.crt"
|
|
|
- - name: LDAP_TLS_KEY_FILENAME
|
|
|
- value: "ldap.key"
|
|
|
- - name: LDAP_TLS_DH_PARAM_FILENAME
|
|
|
- value: "dhparam.pem"
|
|
|
- - name: LDAP_TLS_CA_CRT_FILENAME
|
|
|
- value: "ca.crt"
|
|
|
- - name: LDAP_TLS_ENFORCE
|
|
|
- value: "false"
|
|
|
- - name: LDAP_TLS_CIPHER_SUITE
|
|
|
- value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
|
|
|
- - name: LDAP_TLS_VERIFY_CLIENT
|
|
|
- value: "demand"
|
|
|
- - name: LDAP_REPLICATION
|
|
|
- value: "false"
|
|
|
- - name: LDAP_REPLICATION_CONFIG_SYNCPROV
|
|
|
- value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
|
|
|
- - name: LDAP_REPLICATION_DB_SYNCPROV
|
|
|
- value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
|
|
|
- - name: LDAP_REPLICATION_HOSTS
|
|
|
- value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
|
|
|
- - name: KEEP_EXISTING_CONFIG
|
|
|
- value: "false"
|
|
|
- - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
|
|
|
- value: "true"
|
|
|
- - name: LDAP_SSL_HELPER_PREFIX
|
|
|
- value: "ldap"
|
|
|
- volumes:
|
|
|
- - name: ldap-data
|
|
|
- hostPath:
|
|
|
- path: "/data/ldap/db"
|
|
|
- - name: ldap-config
|
|
|
- hostPath:
|
|
|
- path: "/data/ldap/config"
|
|
|
- - name: ldap-certs
|
|
|
- hostPath:
|
|
|
- path: "/data/ldap/certs"
|
|
|
- - name: "secret-volume"
|
|
|
- secret:
|
|
|
- secretName: "ldap-secret"
|
|
|
- - name: container-run
|
|
|
- emptyDir: {}
|
Josh Cox