k8s 1.23.1 部署LDAP admin 之jenkins接入
部署service启动登录 用户cn=admin,dc=test,dc=test 密码:123456jenkins部署https://blog.csdn.net/weixin_43606975/article/details/119944602?spm=1001.2014.3001.5502jienkins接入LDAP admin 和权限配置安装插件:LDAP ,Role-based Author
·
可以接入的系统:
Jenkins
jumpserver
jira、confluence、禅道、redmine
Nightingale
gitlab
Grafana
Archery
sentry
vpn
- 部署deployment
#cat ldap-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
namespace: demon
labels:
app: openldap
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
containers:
- name: openldap
image: osixia/openldap:1.2.1
volumeMounts:
- name: ldap-data
mountPath: /var/lib/ldap
- name: ldap-config
mountPath: /etc/ldap/slapd.d
- name: ldap-certs
mountPath: /container/service/slapd/assets/certs
ports:
- containerPort: 389
name: openldap
env:
- name: LDAP_LOG_LEVEL
value: "256"
- name: LDAP_ORGANISATION
value: "Exampl Inc."
- name: LDAP_DOMAIN
value: "test.test" #dc配置
- name: LDAP_ADMIN_PASSWORD
value: "123456" #密码设置
- name: LDAP_CONFIG_PASSWORD
value: "config"
- name: LDAP_READONLY_USER
value: "false"
- name: LDAP_READONLY_USER_USERNAME
value: "readonly"
- name: LDAP_READONLY_USER_PASSWORD
value: "readonly"
- name: LDAP_RFC2307BIS_SCHEMA
value: "false"
- name: LDAP_BACKEND
value: "mdb"
- name: LDAP_TLS
value: "true"
- name: LDAP_TLS_CRT_FILENAME
value: "ldap.crt"
- name: LDAP_TLS_KEY_FILENAME
value: "ldap.key"
- name: LDAP_TLS_CA_CRT_FILENAME
value: "ca.crt"
- name: LDAP_TLS_ENFORCE
value: "false"
- name: LDAP_TLS_CIPHER_SUITE
value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
- name: LDAP_TLS_VERIFY_CLIENT
value: "demand"
- name: LDAP_REPLICATION
value: "false"
- name: LDAP_REPLICATION_CONFIG_SYNCPROV
value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials= searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
- name: LDAP_REPLICATION_DB_SYNCPROV
value: "binddn=\"cn=admin,\" bindmethod=simple credentials= searchbase=\"\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
- name: LDAP_REPLICATION_HOSTS
value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
- name: KEEP_EXISTING_CONFIG
value: "false"
- name: LDAP_REMOVE_CONFIG_AFTER_SETUP
value: "true"
- name: LDAP_SSL_HELPER_PREFIX
value: "ldap"
- name: phpldapadmin
image: 'osixia/phpldapadmin:0.7.2'
ports:
- name: tcp-443
containerPort: 443
protocol: TCP
- name: tcp-80
containerPort: 80
protocol: TCP
env:
- name: PHPLDAPADMIN_HTTPS
value: 'false'
- name: PHPLDAPADMIN_LDAP_HOSTS
value: localhost
resources:
limits:
cpu: '1'
memory: 256Mi
volumes:
- name: ldap-data
hostPath:
path: "/data/ldap/db"
- name: ldap-config
hostPath:
path: "/data/ldap/config"
- name: ldap-certs
hostPath:
path: "/data/ldap/certs"
- 部署service
#cat ldap-server.yaml
kind: Service
apiVersion: v1
metadata:
name: openldap
namespace: demon
labels:
app: openldap
version: v1
spec:
ports:
- name: tcp-389
protocol: TCP
port: 389
targetPort: 389
- name: tcp-443
protocol: TCP
port: 443
targetPort: 443
- name: tcp-80
protocol: TCP
port: 80
targetPort: 80
nodePort: 31045
selector:
app: openldap
type: NodePort
- 启动
kubectl apply -f ./
-
登录 用户cn=admin,dc=test,dc=test 密码:123456
-
jenkins部署
https://blog.csdn.net/weixin_43606975/article/details/119944602?spm=1001.2014.3001.5502 -
jienkins接入LDAP admin 和权限配置
安装插件:LDAP ,Role-based Authorization Strategy
-
jenkins配置
测试用户需要使用组下面创建的用户,不要用管理员测试。
权限管理:
这个jenkins-user必须和LDAP admin的组名字一样,不然会找不到。然后这个组的权限就可以选择到对应的权限。
失败的例子: 因为LDAP admin上压根就没有这个名字
- LDAP admin 配置
jenkins-user里面的用户就可以在jenkins上登录了
- 错误收集
遇到权限丢失
修改jenkins配置文件如下:
vim config.xml
...
<permission>hudson.model.Hudson.Administer:anonymous</permission>
<permission>hudson.model.Hudson.ConfigureUpdateCenter:anonymous</permission>
<permission>hudson.model.Hudson.Read:anonymous</permission>
<permission>hudson.model.Hudson.RunScripts:anonymous</permission>
<permission>hudson.model.Hudson.UploadPlugins:anonymous</permission>
...
重启jenkins解决
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献14条内容
所有评论(0)