diff --git a/cmd/oc-k8s b/cmd/oc-k8s index c6438aa..40dae85 100755 Binary files a/cmd/oc-k8s and b/cmd/oc-k8s differ diff --git a/cmd/test-values.yaml b/cmd/test-values.yaml index cbd774f..c96c9d5 100755 --- a/cmd/test-values.yaml +++ b/cmd/test-values.yaml @@ -1,9 +1,9 @@ env: test # For storage class provisioning -clusterName: opencloud2 +clusterName: opencloud hostNetwork: true host: beta.opencloud.com +hostPort: 80 registryHost: oc -hostPort: 9000 scheme: http mongo-express: @@ -42,7 +42,7 @@ mongodb: storageClassName: "standard" accessModes: - ReadWriteOnce - size: 5000Mi + size: 5Gi persistentVolumeClaimRetentionPolicy: enabled: true whenDeleted: Retain @@ -96,9 +96,9 @@ openldap: LDAP_BACKEND: "mdb" LDAP_TLS: "false" LDAP_TLS_ENFORCE: "false" - LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" - adminPassword: admin - configPassword: "config" + LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" + adminPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE" + configPassword: "{SSHA}gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI" phpldapadmin: enabled: false persistence: @@ -113,33 +113,33 @@ openldap: externalLDAP: enabled: false url: ${OC_LDAP_EXTERNAL_ENDPOINT} - bindDN: cn=admin,dc=example,dc=com - bindPassword: admin + bindDN: cn=admin,dc=opencloud,dc=com + bindPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE" customLdifFiles: 01-schema.ldif: |- - dn: ou=groups,dc=example,dc=com + dn: ou=groups,dc=opencloud,dc=com objectClass: organizationalUnit ou: groups - dn: ou=users,dc=example,dc=com + dn: ou=users,dc=opencloud,dc=com objectClass: organizationalUnit ou: users - dn: cn=lastGID,dc=example,dc=com + dn: cn=lastGID,dc=opencloud,dc=com objectClass: device objectClass: top description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group. cn: lastGID serialNumber: 2001 - dn: cn=lastUID,dc=example,dc=com + dn: cn=lastUID,dc=opencloud,dc=com objectClass: device objectClass: top serialNumber: 2001 description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account. cn: lastUID - dn: cn=everybody,ou=groups,dc=example,dc=com + dn: cn=everybody,ou=groups,dc=opencloud,dc=com objectClass: top objectClass: posixGroup cn: everybody @@ -147,14 +147,14 @@ openldap: gidNumber: 2003 02-ldapadmin.ldif : |- - dn: cn=ldapadmin,ou=groups,dc=example,dc=com + dn: cn=ldapadmin,ou=groups,dc=opencloud,dc=com objectClass: top objectClass: posixGroup cn: ldapadmin memberUid: ldapadmin gidNumber: 2001 - dn: uid=ldapadmin,ou=users,dc=example,dc=com + dn: uid=ldapadmin,ou=users,dc=opencloud,dc=com givenName: ldap sn: admin uid: ldapadmin @@ -170,21 +170,21 @@ openldap: homeDirectory: /home/ldapadmin 03-opencloudadmin.ldif : |- - dn: uid=admin,ou=users,dc=example,dc=com + dn: uid=admin,ou=users,dc=opencloud,dc=com objectClass: inetOrgPerson cn: Admin sn: Istrator uid: admin - userPassword: admin + userPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE" mail: admin@example.com ou: users - dn: ou=AppRoles,dc=example,dc=com + dn: ou=AppRoles,dc=opencloud,dc=com objectClass: organizationalunit ou: AppRoles description: AppRoles - dn: ou=App1,ou=AppRoles,dc=example,dc=com + dn: ou=App1,ou=AppRoles,dc=opencloud,dc=com objectClass: organizationalunit ou: App1 description: App1 @@ -210,12 +210,12 @@ prometheus: ldapUserManager: enabled: true env: - SERVER_HOSTNAME: ldap.exemple.com - LDAP_BASE_DN: dc=example,dc=com + SERVER_HOSTNAME: ldap.opencloud.com + LDAP_BASE_DN: dc=opencloud,dc=com LDAP_REQUIRE_STARTTLS: "false" LDAP_ADMINS_GROUP: ldapadmin - LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com - LDAP_ADMIN_BIND_PWD: admin + LDAP_ADMIN_BIND_DN: cn=admin,dc=opencloud,dc=com + LDAP_ADMIN_BIND_PWD: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE" LDAP_IGNORE_CERT_ERRORS: "true" EMAIL_DOMAIN: "" NO_HTTPS: "true" @@ -426,10 +426,10 @@ ocAuth: hydra: openCloudOauth2ClientSecretName: oc-oauth2-client-secret ldap: - bindDn: cn=admin,dc=example,dc=com + bindDn: cn=admin,ou=users,dc=opencloud,dc=com binPwd: admin - baseDn: dc=example,dc=com - roleBaseDn: ou=AppRoles,dc=example,dc=com + baseDn: dc=opencloud,dc=com + roleBaseDn: ou=AppRoles,dc=opencloud,dc=com resources: limits: cpu: 128m diff --git a/internal/values.go b/internal/values.go index 38423f0..3a1f7f2 100644 --- a/internal/values.go +++ b/internal/values.go @@ -90,7 +90,7 @@ func loadEnvFile(path string) (map[string]string, error) { } func renderTemplate(input string, envs map[string]string) string { - return varPattern.ReplaceAllStringFunc(input, func(match string) string { + s := varPattern.ReplaceAllStringFunc(input, func(match string) string { sub := varPattern.FindStringSubmatch(match) varName := sub[1] defaultVal := sub[2][1:] @@ -100,4 +100,5 @@ func renderTemplate(input string, envs map[string]string) string { } return defaultVal }) + return s } diff --git a/utils/assets/values.yaml.template b/utils/assets/values.yaml.template index da04f0a..0896269 100644 --- a/utils/assets/values.yaml.template +++ b/utils/assets/values.yaml.template @@ -96,9 +96,9 @@ openldap: LDAP_BACKEND: "mdb" LDAP_TLS: "${OC_LDAP_TLS:-false}" LDAP_TLS_ENFORCE: "${OC_LDAP_TLS:-false}" - LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" - adminPassword: ${OC_LDAP_ADMIN_PWD:-admin} - configPassword: "${OC_LDAP_CONFIG_PWD:-config}" + LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" + adminPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}" + configPassword: "{SSHA}${OC_LDAP_CONFIG_PWD:-gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI}" phpldapadmin: enabled: false persistence: @@ -113,33 +113,33 @@ openldap: externalLDAP: enabled: ${OC_LDAP_EXTERNAL:-false} url: ${OC_LDAP_EXTERNAL_ENDPOINT} - bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=example,dc=com} - bindPassword: ${OC_LDAP_EXTERNAL_PWD:-admin} + bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=opencloud,dc=com} + bindPassword: "{SSHA}${OC_LDAP_EXTERNAL_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}" customLdifFiles: 01-schema.ldif: |- - dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: organizationalUnit ou: ${OC_LDAP_GROUPS_OU:-groups} - dn: ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: organizationalUnit ou: ${OC_LDAP_USERS_OU:-users} - dn: cn=lastGID,${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: cn=lastGID,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: device objectClass: top description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group. cn: lastGID serialNumber: 2001 - dn: cn=lastUID,${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: cn=lastUID,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: device objectClass: top serialNumber: 2001 description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account. cn: lastUID - dn: cn=everybody,ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: cn=everybody,ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: top objectClass: posixGroup cn: everybody @@ -147,14 +147,14 @@ openldap: gidNumber: 2003 02-ldapadmin.ldif : |- - dn: cn=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: cn=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: top objectClass: posixGroup cn: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} memberUid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} gidNumber: 2001 - dn: uid=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: uid=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} givenName: ldap sn: admin uid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} @@ -170,21 +170,21 @@ openldap: homeDirectory: /home/ldapadmin 03-opencloudadmin.ldif : |- - dn: uid=admin,ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: uid=admin,ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: inetOrgPerson cn: Admin sn: Istrator uid: ${OC_LDAP_ADMIN_USER:-admin} - userPassword: ${OC_LDAP_ADMIN_PWD:-admin} + userPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}" mail: admin@example.com ou: ${OC_LDAP_USERS_OU:-users} - dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: organizationalunit ou: AppRoles description: AppRoles - dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=example,dc=com} + dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: organizationalunit ou: App1 description: App1 @@ -210,12 +210,12 @@ prometheus: ldapUserManager: enabled: true env: - SERVER_HOSTNAME: ${OC_LDAP_MNGT_HOST:-ldap.exemple.com} - LDAP_BASE_DN: ${OC_LDAP_MNGT_DN:-dc=example,dc=com} + SERVER_HOSTNAME: ${OC_LDAP_MNGT_HOST:-ldap.opencloud.com} + LDAP_BASE_DN: ${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} LDAP_REQUIRE_STARTTLS: "${OC_LDAP_MNGT_REQUIRE_TLS:-false}" LDAP_ADMINS_GROUP: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} - LDAP_ADMIN_BIND_DN: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=example,dc=com} - LDAP_ADMIN_BIND_PWD: ${OC_LDAP_MNGT_ADMIN_PWD:-admin} + LDAP_ADMIN_BIND_DN: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=opencloud,dc=com} + LDAP_ADMIN_BIND_PWD: "{SSHA}${OC_LDAP_MNGT_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}" LDAP_IGNORE_CERT_ERRORS: "${OC_LDAP_MNGT_IGNORE_CERTS_ERRORS:-true}" EMAIL_DOMAIN: ${OC_LDAP_MNGT_EMAIL_DOMAIN:-""} NO_HTTPS: "${OC_LDAP_MNGT_NO_HTTPS:-true}" @@ -426,10 +426,10 @@ ocAuth: hydra: openCloudOauth2ClientSecretName: oc-oauth2-client-secret ldap: - bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=example,dc=com} + bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,ou=users,dc=opencloud,dc=com} binPwd: ${OC_LDAP_ADMIN_PWD:-admin} - baseDn: ${OC_LDAP_MNGT_DN:-dc=example,dc=com} - roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=example,dc=com} + baseDn: ${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} + roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=opencloud,dc=com} resources: limits: cpu: ${OC_AUTH_LIMITS_CPU:-128m}