-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from lsdopen/feature/001-rbac
Merge RBAC Worker
- Loading branch information
Showing
42 changed files
with
1,089 additions
and
172 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
# LSD MESP Charts | ||
|
||
LSD Managed Event Streaming Platform (MESP) Charts for Confluent (CfK) and Strimzi | ||
# LSD MESP Charts | ||
|
||
LSD Managed Event Streaming Platform (MESP) Charts for Confluent (CfK) and Strimzi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
|
||
## Create the secret files and cert files | ||
|
||
### For the mds pem key pair: | ||
|
||
- https://docs.confluent.io/platform/current/kafka/configure-mds/index.html | ||
|
||
``` | ||
openssl genrsa -out ./credentials/mds-tokenkeypair.pem 2048 | ||
openssl rsa -in ./credentials/mds-tokenkeypair.pem -outform PEM -pubout -out ./credentials/mds-publickey.pem | ||
``` | ||
|
||
### For the ca-key.pem and ca.pem files: | ||
|
||
``` | ||
openssl genrsa -out ./credentials/ca-key.pem 2048 | ||
openssl req -new -key ./credentials/ca-key.pem -x509 \ | ||
-days 3650 \ | ||
-out ./credentials/ca.pem \ | ||
-subj "/C=US/ST=CA/L=MountainView/O=Confluent/OU=Operator/CN=LocalCA" | ||
``` | ||
|
||
### For others | ||
|
||
For all these: | ||
|
||
connect.txt | ||
controlcenter.txt | ||
kafka.txt | ||
kafkarestclass.txt | ||
kafkarestproxy.txt | ||
ksqldb.txt | ||
ldap-user.txt | ||
schemaregistry.txt | ||
|
||
Generate a fresh password and replace the password in the file and in the ldap values.yaml | ||
|
||
## Create the secrets from the generated password and cert files | ||
|
||
``` | ||
kubectl create secret tls ca-pair-sslcerts \ | ||
--cert=./credentials/ca.pem \ | ||
--key=./credentials/ca-key.pem \ | ||
--dry-run=client -oyaml >./templates/000.ca-pair-sslcerts.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic mds-token \ | ||
--from-file=mdsPublicKey.pem=./credentials/mds-publickey.pem \ | ||
--from-file=mdsTokenKeyPair.pem=./credentials/mds-tokenkeypair.pem \ | ||
--dry-run=client -oyaml >./templates/000.mds-token.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic mds-login \ | ||
--from-file=ldap.txt=./credentials/ldap-user.txt \ | ||
--dry-run=client -oyaml >./templates/000.mds-login.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic connect-login \ | ||
--from-file=bearer.txt=./credentials/connect.txt \ | ||
--from-file=basic.txt=./credentials/connect.txt \ | ||
--dry-run=client -oyaml >./templates/000.connect-login.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic controlcenter-login \ | ||
--from-file=bearer.txt=./credentials/controlcenter.txt \ | ||
--dry-run=client -oyaml >./templates/000.controlcenter-login.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic kafka-login \ | ||
--from-file=bearer.txt=./credentials/kafka.txt \ | ||
--dry-run=client -oyaml >./templates/000.kafka-login.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic kafkarestclass-login \ | ||
--from-file=basic.txt=./credentials/kafkarestclass.txt \ | ||
--from-file=bearer.txt=./credentials/kafkarestclass.txt \ | ||
--dry-run=client -oyaml >./templates/000.kafkarestclass-login.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic kafkarestproxy-login \ | ||
--from-file=bearer.txt=./credentials/kafkarestproxy.txt \ | ||
--dry-run=client -oyaml >./templates/000.kafkarestproxy-login.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic ksqldb-login \ | ||
--from-file=bearer.txt=./credentials/ksqldb.txt \ | ||
--from-file=basic.txt=./credentials/ksqldb.txt \ | ||
--dry-run=client -oyaml >./templates/000.ksqldb-login.yaml | ||
``` | ||
|
||
``` | ||
kubectl create secret generic schemaregistry-login \ | ||
--from-file=bearer.txt=./credentials/schemaregistry.txt \ | ||
--from-file=basic.txt=./credentials/schemaregistry.txt \ | ||
--dry-run=client -oyaml >./templates/000.schemaregistry-login.yaml | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEpQIBAAKCAQEA1n/zPx4fsQ2yUu3Uxu/XNGPmX/CCmO78gL3kqKoK+yGjjoue | ||
nK0yZk7yY5SpQQCLKNK0xAmaF72gI2kOjoVAJP+KSZI+IjVPhWZkYsSulV6H+Rdr | ||
rtGFLaHJBpnssh3VVuBjdSQxFuvZKV6gmsHpBSTgBwTkxc939m+A0N39DY5ybPWa | ||
xhEFKR3DUzeMD58QCdCsvfbz3m47Ow4pK4iBDsEcS4NqXZQa82lQlGTUj+SM3fqR | ||
cxkI77C+fhkbwU1r6xfwcSLiBUKtToFM5R8mkvqj73TLOK2LqJoexHtHll3SfUsg | ||
nksq5sXdipNRjv2RYVm9UhJM0VeXgpMQ+GaqlwIDAQABAoIBAExgsxS+fTpmTiEJ | ||
XsKXlGGrUNTIpzgdoPuWol0Mb2yMxdh0Dr5rTY7wfY7H2Jy0vNiEbql/YcciVmtF | ||
dVF6USTbeTpJQKadpPszQnuI3UGCr5gaptVQ9cMR4KrhFE84IEcXD1Me1/v5bxI0 | ||
B6wTcA3M25ikPXHSNj0h5xR4dyrj7wkGPtRYpgSB/aUmaY6pkaNKNfsHU+h0Mlgh | ||
6cGKMXy1ZawQq99iyM8BeQlv+oCVp8ITimoDlp7ZMtAllfZZaJUNHeksZPIDYPHN | ||
vAYeahn9EuZOhSNAn2t5pG3HAvjl/puia1G3lWfFx8/sCvcDxYedCKc0g2hmSYnA | ||
/f0xwgECgYEA842qKqoH7KJp3tbmKqby0xQz5WzTxxqIKJgtJ2B2rKU1ldY4vqCf | ||
HM/Lmz7D3TU1Zi4wJ8ImfPUyf4nD+PvvQ1j/Mq7G5f1GyaYfWvize7tkSovC1cw4 | ||
r117rLbEC7vyAsGX8rIlIh7UqJWE5L5EDYWOKb9EIt3VO66arnqFNHcCgYEA4XYv | ||
tPlJqYoJnJ5TJmCm+BnnRimWJ2oHp5uMS+nrGAAn49H8Y2wORBC46fWbTmhJFLLT | ||
faPOHmzvnYvkYhdufmsRbK+6hi9ioBzEycY3tc7R+Sp1ioLFv0mHDuO6Yo6Vrdbl | ||
ChIHlzmO6yzUjwI8Z7zgBZ3k9AMGPioJU1QyYuECgYEA6FSKMFq0ZnpkDevn8mYB | ||
m3NZMhEHUJYxrq/D2x089+I9ZKrOxKHKRpy+eGB+TOU2BDwpObQOLQNl4Z3UsQ37 | ||
Jr6d6oYpPDnIrhFnNcuqw2x19lquSG6g4ECH+rD6AMuPyCtOvHhNzeelKxA+jkol | ||
9tQhUhefcrc0ctNTwP8lVG8CgYEA1+6obExg92ZEJGMiQdxJrc6pSPJlY+RR5n28 | ||
Vax4Q6lKixA/CD2iQCA/6ZsYHnUUoSVQFsG+lDdDGoGzvxqv8ZW7v3tiSkexzqUe | ||
+BzGmHK3eUrn/juXBsh1+JW0mdXzluX8wLNZ38T5k1WBUmIS1kv3xoldkTIgVYNP | ||
ISa/hyECgYEAhYwdqItVJb8OlA4pOCHrbvz3L5Sbl0mheFizlcDgNny48NWnE5+V | ||
+SvxoYTf6P9a7Ib/HYLcJKvxfK4zBZFD+s2h6adeRBHcomLUvawyISPk3VyxXR0x | ||
RnIUPg5l3RQFf2U/kaoCv1OmX3ow8bbRHpJxzGRfNub4/p9cgYtFs3s= | ||
-----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIDszCCApugAwIBAgIURKf14IbdFgMjlkU+UhTqUWR3asgwDQYJKoZIhvcNAQEL | ||
BQAwaTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRUwEwYDVQQHDAxNb3VudGFp | ||
blZpZXcxEjAQBgNVBAoMCUNvbmZsdWVudDERMA8GA1UECwwIT3BlcmF0b3IxDzAN | ||
BgNVBAMMBlRlc3RDQTAeFw0yMzEwMDYxMjAxNDZaFw0yNjA3MDIxMjAxNDZaMGkx | ||
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UEBwwMTW91bnRhaW5WaWV3 | ||
MRIwEAYDVQQKDAlDb25mbHVlbnQxETAPBgNVBAsMCE9wZXJhdG9yMQ8wDQYDVQQD | ||
DAZUZXN0Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWf/M/Hh+x | ||
DbJS7dTG79c0Y+Zf8IKY7vyAveSoqgr7IaOOi56crTJmTvJjlKlBAIso0rTECZoX | ||
vaAjaQ6OhUAk/4pJkj4iNU+FZmRixK6VXof5F2uu0YUtockGmeyyHdVW4GN1JDEW | ||
69kpXqCawekFJOAHBOTFz3f2b4DQ3f0NjnJs9ZrGEQUpHcNTN4wPnxAJ0Ky99vPe | ||
bjs7DikriIEOwRxLg2pdlBrzaVCUZNSP5Izd+pFzGQjvsL5+GRvBTWvrF/BxIuIF | ||
Qq1OgUzlHyaS+qPvdMs4rYuomh7Ee0eWXdJ9SyCeSyrmxd2Kk1GO/ZFhWb1SEkzR | ||
V5eCkxD4ZqqXAgMBAAGjUzBRMB0GA1UdDgQWBBR2VhZUSw0OvlDpSCMJru8g8OO9 | ||
4zAfBgNVHSMEGDAWgBR2VhZUSw0OvlDpSCMJru8g8OO94zAPBgNVHRMBAf8EBTAD | ||
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB4aENWTNuAUfBPB8wiMwNVV/74vkk82BRA | ||
DZ61s6Eh9oK0HbnLWfU1qcWNiQLi2KItNLPs8+FFo44fegaxV2viCxtIxerzkuN0 | ||
YaIHO+tPML+YstrO0yk2n4/7bSi6I52uPFbp//ktJUS1PG/nwYdymMz3MEzNgQ5F | ||
aBJpd5s1nZtIDZvy0FzbqilxWyB7sW8aNM56BL4LcZPB8Ld7J3rD7gGBVBe4HVuq | ||
nV1VlTgB81MsWs2+M91yVV2oxz4RcC2yerIDe49+2YxIoWbgP4lHCRPa6mmyln7I | ||
UJs6Mrhigo2HmjLpIXeXa+OOM96zpxgXUILjet8PJ7q79I1WkqNw | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cf_connect | ||
password=y3ACj694swkZ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cf_controlcenter | ||
password=PqKfw3HMDn4C |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cf_kafka | ||
password=uiGQ8i6gHvGt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cf_kafka | ||
password=uiGQ8i6gHvGt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cf_restproxy | ||
password=MZGknPvdL6ye |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cf_ksqldb | ||
password=pF5Gw5fdYtPi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cn=mds,dc=test,dc=com | ||
password=Developer! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
-----BEGIN PUBLIC KEY----- | ||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMyjnP4qfdTKhCS5sPbV | ||
qiXVyQ15wreVAsEqEsnMFt2JtML13ELOQ2szWn57Wzu782byEtYFlF3ToVW3cl4d | ||
OJRzaSEQ6xe10R/i7TneItEQfpJr/2L4bubuQRGNe/KrLME0ivr9u4IEbbRS+ltu | ||
6A9ggzGcaDSxV/eyKMNPadHQ/AN4BZijAeKZcDTjz6bHjJ6EQ3YNgqyn846reQk9 | ||
ToHZl8bGHOhz5C7yoIfsxZgYHlnx6JGsiUZ5P36WGc38ZIB/m45o8cv4ifUVPUB0 | ||
IQQ9AhYI5ZuMrxDsRPDX2GG6E5bW2vqDWyqXOY7cSoI7AikFdwATW4Rv7euEJUyz | ||
NwIDAQAB | ||
-----END PUBLIC KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEpAIBAAKCAQEAwMyjnP4qfdTKhCS5sPbVqiXVyQ15wreVAsEqEsnMFt2JtML1 | ||
3ELOQ2szWn57Wzu782byEtYFlF3ToVW3cl4dOJRzaSEQ6xe10R/i7TneItEQfpJr | ||
/2L4bubuQRGNe/KrLME0ivr9u4IEbbRS+ltu6A9ggzGcaDSxV/eyKMNPadHQ/AN4 | ||
BZijAeKZcDTjz6bHjJ6EQ3YNgqyn846reQk9ToHZl8bGHOhz5C7yoIfsxZgYHlnx | ||
6JGsiUZ5P36WGc38ZIB/m45o8cv4ifUVPUB0IQQ9AhYI5ZuMrxDsRPDX2GG6E5bW | ||
2vqDWyqXOY7cSoI7AikFdwATW4Rv7euEJUyzNwIDAQABAoIBAQCKzIhZhI14q1Hk | ||
kj/wy7ME3FotdPscmGe5ZPDyN78rEvCJZvXzTVELLkj5NCeAhd+ImqtZriS0LFwo | ||
QPphZqnoys7Pd5OjfB1T4X3QRSHLtPEH/kerw0eRJ8WMqKNQAWMERE+cYpd6f17K | ||
z9ARFvQgMrnLmVK9nnmyF8t2Fy27wqUVBmYXX/m+ne/+2S4PO8ZsPd3wY2Y9R8LV | ||
ufbHC+H2ExA8nE4ztefg9zPyn1wMi/GMUg1WiCT3B2u3CZsWaZJzVItT6t7qnAZJ | ||
XzkgNpIHn9mWuwh8kxgMd6sxDRAOD5iPd6a9i0oLSaS3/0LDezULC0VhTPy3G2oR | ||
A0AJeOnRAoGBAPV1uz1pPJAtemr8wLiKhQOe8jAsxtnSzV8Fqd11qJYgnihwai+Y | ||
k44hOJ/02/6wyq49FhMGmkyFWv5dUDERGV7McXP6bEfY5c1P+PdRUAm5H5nef37z | ||
NR9f7oifV3j+49uy2VfUQCr/h+T+ywzAoc0iZyYGaI1wjKXQr3+1o55vAoGBAMkU | ||
Bq2IaIDwomBgQCKQjCy/ANjQ32yMAGHf/mE32RTFpu5SZELe9yrGQr3xHFtQ9aQL | ||
Vv5P09wZfb4IOdp/3wwHMqFjNjNdG8sw7RyNS+wfQGu8v1GfYssuBuXi9v0XGXFH | ||
WenNQEUPbibRbocJ92OJTJK4P/s5vv132HDR/pu5AoGBAJ+Y8Sm45zwHlfVCajyT | ||
NHFqQ6a3NoQi4I3MLOplujwC8VLx5NkVp7teNmcq2m/7m403AsdUH7dpbgS9v4pn | ||
x8svuwTh6s28ZY7dVM/Z+uSXjciKNvPgRsYjpgEHOeTeNmF/JHpK834Br+ZhFL0x | ||
8wJiQBclS43LhGe8DKBJBh3ZAoGAN5bHudXKPktIOKijUmrvtbcgPtCP0+xodqZ8 | ||
JthPtURnP9+bRDlrz3F8JhKwKjaZkj5oUGo1QdXyQ0T26YcMXMDoqGFLLKwC8QuX | ||
oZsWcDK7lo1ZvvD3WQBie89hRNrL99sn6lEKAY2ggC7KBZ8lu2jLuIwjdAqk2GH3 | ||
fkkvwFECgYAyXj5z6COPIDJ1E1VLrJiw1YBXaa7ZLk5Epw3QvCM7hTKSFbuSNwsp | ||
EuLmM7g8wMPZAbzs/RQOaf9IhE/x53dO2Imk5PARaoEsSFjND4dpVHaKem2cBomt | ||
x5q0SqUVq6xv42213glBQMDJ4qQXTrsEBdpNynv7oVeXXwcaOTUaBw== | ||
-----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
username=cf_schemaregistry | ||
password=KqUP8PyDd8ge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: v1 | ||
name: openldap | ||
home: https://www.openldap.org | ||
version: 1.0.0 | ||
appVersion: 1.0.0 | ||
keywords: | ||
- ldap | ||
- openldap | ||
maintainers: | ||
- name: Confluent Cloud | ||
email: [email protected] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
OpenLdap Helm charts based on the osixia/openldap | ||
|
||
{{- if .Values.tls.enabled }} | ||
TLS Address: ldaps://{{ .Values.name }}.{{ .Release.Namespace }}.svc.cluster.local:636 | ||
{{- end }} | ||
Address: ldap://{{ .Values.name}}.{{ .Release.Namespace }}.svc.cluster.local:389 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{{- if .Values.ldifs }} | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ .Values.name }}-ldifs | ||
data: | ||
{{- range $key, $val := .Values.ldifs }} | ||
{{ $key }}: |- | ||
{{ $val | indent 4 }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: ldap | ||
labels: | ||
app: ldap | ||
namespace: {{ .Release.Namespace }} | ||
spec: | ||
ports: | ||
- port: 389 | ||
name: ldap | ||
- port: 636 | ||
name: ldaps | ||
clusterIP: None | ||
selector: | ||
app: ldap | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
apiVersion: apps/v1 | ||
kind: StatefulSet | ||
metadata: | ||
name: ldap | ||
namespace: {{ .Release.Namespace }} | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: ldap | ||
serviceName: "ldap" | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
app: ldap | ||
spec: | ||
containers: | ||
- name: ldap | ||
args: | ||
- --copy-service | ||
- --loglevel=debug | ||
imagePullPolicy: IfNotPresent | ||
image: {{ .Values.image }} | ||
ports: | ||
- containerPort: 389 | ||
name: ldap | ||
- containerPort: 636 | ||
name: ldaps | ||
env: | ||
{{- if .Values.tls.enabled }} | ||
- name: LDAP_TLS_VERIFY_CLIENT | ||
value: try | ||
- name: LDAP_TLS_CRT_FILENAME | ||
value: tls.crt | ||
- name: LDAP_TLS_KEY_FILENAME | ||
value: tls.key | ||
- name: LDAP_TLS_CA_CRT_FILENAME | ||
value: ca.crt | ||
- name: LDAP_TLS | ||
value: "true" | ||
{{- end }} | ||
{{- range $key, $val := .Values.env }} | ||
{{ printf "- name: %s" $key }} | ||
{{ printf " value: \"%s\"" $val }} | ||
{{- end }} | ||
volumeMounts: | ||
{{- if .Values.tls.enabled }} | ||
- mountPath: /container/service/slapd/assets/certs | ||
name: sslcerts-volume | ||
{{- end }} | ||
- mountPath: /var/lib/ldap | ||
name: ldap-data | ||
- mountPath: /etc/ldap/slapd.d | ||
name: ldap-config | ||
{{- if .Values.ldifs }} | ||
- mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom | ||
name: customldif | ||
{{- end }} | ||
volumes: | ||
{{- if .Values.tls.enabled }} | ||
- name: sslcerts-volume | ||
secret: | ||
defaultMode: 420 | ||
secretName: {{ .Values.name }}-sslcerts | ||
{{- end }} | ||
{{- if .Values.ldifs }} | ||
- name: customldif | ||
configMap: | ||
defaultMode: 420 | ||
name: {{ .Values.name }}-ldifs | ||
{{- end }} | ||
volumeClaimTemplates: | ||
- metadata: | ||
name: ldap-data | ||
spec: | ||
accessModes: ["ReadWriteOnce"] | ||
resources: | ||
requests: | ||
storage: 500Mi | ||
- metadata: | ||
name: ldap-config | ||
spec: | ||
accessModes: ["ReadWriteOnce"] | ||
resources: | ||
requests: | ||
storage: 500Mi |
Oops, something went wrong.