begin ldap

2021-11-29 23:50:56 +01:00 · 2021-11-29 23:50:56 +01:00 · 0ce6836d8a
commit 0ce6836d8a
parent d1116bb664
8 changed files with 194 additions and 0 deletions
--- a/ldap/.helmignore
+++ b/ldap/.helmignore
@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/ldap/Chart.yaml
+++ b/ldap/Chart.yaml
@ -0,0 +1,8 @@
 apiVersion: v2
 name: ungleich-ldap
 description: ungleich ldap servers based on osixia/phpldapadmin:0.9.0
 type: application
 version: 0.1.0
 appVersion: "1.5.0"
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@ -0,0 +1,5 @@
 FROM alpine:3.14
 # ungleich certbot for https
 RUN apk update && apk add openldap openldap-back-mdb
--- a/ldap/manifest
+++ b/ldap/manifest
@ -0,0 +1,21 @@
 sixia/openldap:1.5.0
 389
 636
 LDAP_ORGANISATION="My Company" \
 	--env LDAP_DOMAIN="my-company.com" \
 	--env LDAP_ADMIN_PASSWORD="JonSn0w" \
 vol
 /var/lib/ldap (LDAP database files) and /etc/ldap/slapd.d
 Do not edit slapd.conf it's not used. To modify your server
 configuration use ldap utils: ldapmodify / ldapadd / ldapdelete
 LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/cert.pem"
    LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/key.pem"
    LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/ca/ca.pem"
    LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE: "${CI_PROJECT_DIR}/certificates/dhparam.pem"
--- a/ldap/templates/deployment.yaml
+++ b/ldap/templates/deployment.yaml
@ -0,0 +1,102 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-openldap
 spec:
  selector:
    matchLabels:
      instance: {{ .Release.Name }}-openldap
  replicas: 1
  template:
    metadata:
      labels:
        app: openldap
        instance: {{ .Release.Name }}-openldap
    spec:
      containers:
        - name: openldap
          image: osixia/openldap:1.5.0
          ports:
            - containerPort: 389
            - containerPort: 636
          volumeMounts:
            - name: openldap-data
              mountPath: "/var/lib/ldap"
          resources:
            requests:
              memory: "64Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "400m"
        - name: phpldapadmin
          image: osixia/phpldapadmin:0.9.0
          ports:
            - containerPort: 80
            - containerPort: 443
          env:
            - key: PHPLDAPADMIN_LDAP_HOSTS
              value: {{ .Release.Name }}-openldap
          resources:
            requests:
              memory: "64Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "400m"
      volumes:
        - name: openldap-data
          persistentVolumeClaim:
            claimName: {{ tpl .Values.identifier . }}-openldap-data
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Release.Name }}-openldap
  labels:
    instance: {{ .Release.Name }}-openldap
    app: openldap
 spec:
  type: ClusterIP
  ports:
   - port: 389
     name: openldap
   - port: 636
     name: openldap-ssl
  selector:
   instance: {{ .Release.Name }}-openldap
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ tpl .Values.identifier . }}-letsencrypt-certs
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Mi
  storageClassName: rook-ceph-block
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ tpl .Values.identifier . }}-openldap-data
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.dbsizeingb }}Gi
  storageClassName: rook-ceph-block
 # ---
 # apiVersion: v1
 # kind: Secret
 # metadata:
 #   name: {{ tpl .Values.identifier . }}-openldap-config
 #   annotations:
 #     secret-generator.v1.mittwald.de/autogenerate: OPENLDAP_PASSWORD
 # stringData:
 #   OPENLDAP_USER: "openldap"
 #   OPENLDAP_DB: "zammad"
--- a/ldap/templates/nginxconf.yaml
+++ b/ldap/templates/nginxconf.yaml
@ -0,0 +1,7 @@
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ tpl .Values.identifier . }}-nginx-config
 data:
 {{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }}
--- a/ldap/templates/tests/test-connection.yaml
+++ b/ldap/templates/tests/test-connection.yaml
@ -0,0 +1,13 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ tpl .Values.identifier . }}-test-connection"
  annotations:
    "helm.sh/hook": test
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['https://{{ tpl .Values.fqdn . }}']
  restartPolicy: Never
--- a/ldap/values.yaml
+++ b/ldap/values.yaml
@ -0,0 +1,15 @@
 clusterDomain: c2.k8s.ooo
 email: technik@ungleich.ch
 letsencryptStaging: "yes"
 # This is how the service and the data volumes are named - i.e. the
 # persistent thing
 identifier: "{{ .Release.Name }}"
 fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 storage:
  data:
    size: 1Gi
 datasizeingb: 1
 dbsizeingb: 0.5