k8s部署ldap配置cn,dc的问题
部署ladp时首先配置好需要使用的域名cn,dc等环境变量ldap-deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: openldapnamespace: zonelabels: #sevice需要识别标签来挂载app: openldapspec:replicas: 1selector:matchLabels:app:
·
部署ladp时首先配置好需要使用的域名cn,dc等环境变量
- ldap-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
namespace: zone
labels: #sevice需要识别标签来挂载
app: openldap
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
containers:
- name: openldap
image: osixia/openldap:1.2.1
volumeMounts:
- name: ldap-data
mountPath: /var/lib/ldap
- name: ldap-config
mountPath: /etc/ldap/slapd.d
- name: ldap-certs
mountPath: /container/service/slapd/assets/certs
ports:
- containerPort: 389
name: openldap
env:
- name: LDAP_LOG_LEVEL
value: "256"
- name: LDAP_ORGANISATION
value: "Exampl Inc."
- name: LDAP_DOMAIN
value: "xxx.xxx" #dc配置
- name: LDAP_ADMIN_PASSWORD
value: "123456" #密码设置
- name: LDAP_CONFIG_PASSWORD
value: "config"
- name: LDAP_READONLY_USER
value: "false"
- name: LDAP_READONLY_USER_USERNAME
value: "readonly"
- name: LDAP_READONLY_USER_PASSWORD
value: "readonly"
- name: LDAP_RFC2307BIS_SCHEMA
value: "false"
- name: LDAP_BACKEND
value: "mdb"
- name: LDAP_TLS
value: "true"
- name: LDAP_TLS_CRT_FILENAME
value: "ldap.crt"
- name: LDAP_TLS_KEY_FILENAME
value: "ldap.key"
- name: LDAP_TLS_CA_CRT_FILENAME
value: "ca.crt"
- name: LDAP_TLS_ENFORCE
value: "false"
- name: LDAP_TLS_CIPHER_SUITE
value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
- name: LDAP_TLS_VERIFY_CLIENT
value: "demand"
- name: LDAP_REPLICATION
value: "false"
- name: LDAP_REPLICATION_CONFIG_SYNCPROV
value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
- name: LDAP_REPLICATION_DB_SYNCPROV
value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
- name: LDAP_REPLICATION_HOSTS
value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
- name: KEEP_EXISTING_CONFIG
value: "false"
- name: LDAP_REMOVE_CONFIG_AFTER_SETUP
value: "true"
- name: LDAP_SSL_HELPER_PREFIX
value: "ldap"
- name: phpldapadmin
image: 'osixia/phpldapadmin:0.7.2'
ports:
- name: tcp-443
containerPort: 443
protocol: TCP
- name: tcp-80
containerPort: 80
protocol: TCP
env:
- name: PHPLDAPADMIN_HTTPS
value: 'false'
- name: PHPLDAPADMIN_LDAP_HOSTS
value: localhost
resources:
limits:
cpu: '1'
memory: 256Mi
volumes:
- name: ldap-data
hostPath:
path: "/data/ldap/db"
- name: ldap-config
hostPath:
path: "/data/ldap/config"
- name: ldap-certs
hostPath:
path: "/data/ldap/certs"
- ldap-server.yaml
kind: Service
apiVersion: v1
metadata:
name: openldap
namespace: zone
labels:
app: openldap
version: v1
spec:
ports:
- name: tcp-389
protocol: TCP
port: 389
targetPort: 389
- name: tcp-443
protocol: TCP
port: 443
targetPort: 443
- name: tcp-80
protocol: TCP
port: 80
targetPort: 80
nodePort: 31045
selector:
app: openldap
type: NodePort
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)