部署ladp时首先配置好需要使用的域名cn,dc等环境变量
  • ldap-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openldap
  namespace: zone
  labels: #sevice需要识别标签来挂载
    app: openldap
spec:
  replicas: 1
  selector:
    matchLabels:
      app: openldap
  template:
    metadata:
      labels:
        app: openldap
    spec:
      containers:
        - name: openldap
          image: osixia/openldap:1.2.1
          volumeMounts:
            - name: ldap-data
              mountPath: /var/lib/ldap
            - name: ldap-config
              mountPath: /etc/ldap/slapd.d
            - name: ldap-certs
              mountPath: /container/service/slapd/assets/certs
          ports:
            - containerPort: 389
              name: openldap
          env:
            - name: LDAP_LOG_LEVEL
              value: "256"
            - name: LDAP_ORGANISATION
              value: "Exampl Inc."
            - name: LDAP_DOMAIN
              value: "xxx.xxx" #dc配置
            - name: LDAP_ADMIN_PASSWORD
              value: "123456" #密码设置
            - name: LDAP_CONFIG_PASSWORD
              value: "config"
            - name: LDAP_READONLY_USER
              value: "false"
            - name: LDAP_READONLY_USER_USERNAME
              value: "readonly"
            - name: LDAP_READONLY_USER_PASSWORD
              value: "readonly"
            - name: LDAP_RFC2307BIS_SCHEMA
              value: "false"
            - name: LDAP_BACKEND
              value: "mdb"
            - name: LDAP_TLS
              value: "true"
            - name: LDAP_TLS_CRT_FILENAME
              value: "ldap.crt"
            - name: LDAP_TLS_KEY_FILENAME
              value: "ldap.key"
            - name: LDAP_TLS_CA_CRT_FILENAME
              value: "ca.crt"
            - name: LDAP_TLS_ENFORCE
              value: "false"
            - name: LDAP_TLS_CIPHER_SUITE
              value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
            - name: LDAP_TLS_VERIFY_CLIENT
              value: "demand"
            - name: LDAP_REPLICATION
              value: "false"
            - name: LDAP_REPLICATION_CONFIG_SYNCPROV
              value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
            - name: LDAP_REPLICATION_DB_SYNCPROV
              value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
            - name: LDAP_REPLICATION_HOSTS
              value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
            - name: KEEP_EXISTING_CONFIG
              value: "false"
            - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
              value: "true"
            - name: LDAP_SSL_HELPER_PREFIX
              value: "ldap"
        - name: phpldapadmin
          image: 'osixia/phpldapadmin:0.7.2'
          ports:
            - name: tcp-443
              containerPort: 443
              protocol: TCP
            - name: tcp-80
              containerPort: 80
              protocol: TCP
          env:
            - name: PHPLDAPADMIN_HTTPS
              value: 'false'
            - name: PHPLDAPADMIN_LDAP_HOSTS
              value: localhost
          resources:
            limits:
              cpu: '1'
              memory: 256Mi
      volumes:
        - name: ldap-data
          hostPath:
            path: "/data/ldap/db"
        - name: ldap-config
          hostPath:
            path: "/data/ldap/config"
        - name: ldap-certs
          hostPath:
            path: "/data/ldap/certs"
  • ldap-server.yaml
kind: Service
apiVersion: v1
metadata:
  name: openldap
  namespace: zone
  labels:
    app: openldap
    version: v1
spec:
  ports:
    - name: tcp-389
      protocol: TCP
      port: 389
      targetPort: 389
    - name: tcp-443
      protocol: TCP
      port: 443
      targetPort: 443
    - name: tcp-80
      protocol: TCP
      port: 80
      targetPort: 80
      nodePort: 31045
  selector:
    app: openldap
  type: NodePort

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐