Adding openldap + ldap user manager

2024-12-02 13:57:37 +01:00
parent 519fb80ee7
commit ba9a971964
38 changed files with 1984 additions and 29 deletions
--- a/opencloud/charts/openldap/values.yaml
+++ b/opencloud/charts/openldap/values.yaml
@@ -0,0 +1,179 @@
+# Default values for openldap.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 3
+# Define deployment strategy - IMPORTANT: use rollingUpdate: null when use Recreate strategy.
+# It prevents from merging with existing map keys which are forbidden.
+strategy: {}
+  # type: RollingUpdate
+  # rollingUpdate:
+  #   maxSurge: 1
+  #   maxUnavailable: 0
+  #
+  # or
+  #
+  # type: Recreate
+  # rollingUpdate: null
+image:
+  # From repository https://github.com/osixia/docker-openldap
+  repository: osixia/openldap
+  tag: 1.4.0
+  pullPolicy: Always
+  pullSecret: harbor
+
+# Set the container log level
+# Valid log levels: none, error, warning, info (default), debug, trace
+logLevel: info
+
+# Spcifies an existing secret to be used for admin and config user passwords
+existingSecret: ""
+# settings for enabling TLS with custom certificate
+tls:
+  enabled: true
+  secret: ""  # The name of a kubernetes.io/tls type secret to use for TLS
+  CA:
+    enabled: false
+    secret: ""  # The name of a generic secret to use for custom CA certificate (ca.crt)
+## Add additional labels to all resources
+extraLabels: {}
+## Add additional annotations to pods
+podAnnotations: {}
+service:
+  annotations: {}
+
+  ldapPort: 389
+  sslLdapPort: 636
+
+  ## If service type NodePort, define the value here
+  #ldapPortNodePort:
+  #sslLdapPortNodePort:
+  ## List of IP addresses at which the service is available
+  ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+  ##
+  externalIPs: []
+
+  #loadBalancerIP: 
+  #loadBalancerSourceRanges: []
+  type: ClusterIP
+
+# Default configuration for openldap as environment variables. These get injected directly in the container.
+# Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
+env:
+ LDAP_LOG_LEVEL: "256"
+ LDAP_ORGANISATION: "Example Inc."
+ LDAP_DOMAIN: "example.org"
+ LDAP_READONLY_USER: "false"
+ LDAP_READONLY_USER_USERNAME: "readonly"
+ LDAP_READONLY_USER_PASSWORD: "readonly"
+ LDAP_RFC2307BIS_SCHEMA: "false"
+ LDAP_BACKEND: "mdb"
+ LDAP_TLS: "true"
+ LDAP_TLS_CRT_FILENAME: "ldap.crt"
+ LDAP_TLS_KEY_FILENAME: "ldap.key"
+ LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
+ LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
+ LDAP_TLS_ENFORCE: "false"
+ CONTAINER_LOG_LEVEL: "4"
+ LDAP_TLS_REQCERT: "never"
+ KEEP_EXISTING_CONFIG: "false"
+ LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+ LDAP_SSL_HELPER_PREFIX: "ldap"
+ LDAP_TLS_VERIFY_CLIENT: "never"
+ LDAP_TLS_PROTOCOL_MIN: "3.0"
+ LDAP_TLS_CIPHER_SUITE: "NORMAL"
+
+  
+
+# Default Passwords to use, stored as a secret.
+# You can override these at install time with
+# helm install openldap --set openldap.adminPassword=<passwd>,openldap.configPassword=<passwd>
+adminPassword: Not@SecurePassw0rd
+configPassword: Not@SecurePassw0rd
+
+# Custom openldap configuration files used to override default settings
+# customLdifFiles:
+  # 01-default-users.ldif: |-
+    # Predefine users here
+replication:
+  enabled: true    
+  # Enter the name of your cluster, defaults to "cluster.local"
+  clusterName: "cluster.local"
+  retry: 60
+  timeout: 1
+  interval: 00:00:00:10
+  starttls: "critical"
+  tls_reqcert: "never"
+## Persist data to a persistent volume
+persistence:
+  enabled: true
+  ## database data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "standard-singlewriter"
+  accessModes:
+    - ReadWriteOnce
+  size: 8Gi
+
+resources: {}
+ # requests:
+ #   cpu: "100m"
+ #   memory: "256Mi"
+ # limits:
+ #   cpu: "500m"
+ #   memory: "512Mi"
+
+nodeSelector: {}
+
+tolerations: []
+
+
+## test container details
+test:
+  enabled: false
+  image:
+    repository: dduportal/bats
+    tag: 0.4.0
+ltb-passwd:
+  enabled : true
+  ingress:
+    enabled: true
+    annotations: {}
+    path: /
+    ## Ingress Host
+    hosts:
+    - "ssl-ldap2.example"
+  ldap:
+    server: ldap://openldap
+    searchBase: dc=example,dc=org
+    # existingSecret: openldaptest
+    bindDN: cn=admin,dc=example,dc=org
+    bindPWKey: LDAP_ADMIN_PASSWORD
+
+phpldapadmin:
+  enabled: true
+  ingress:
+    enabled: true
+    annotations: {}
+    path: /
+    ## Ingress Host
+    hosts:
+    - phpldapadmin.example
+  env:
+    PHPLDAPADMIN_LDAP_HOSTS: openldap
+ # TODO make it works
+ #     "#PYTHON2BASH:
+ #       [{'openldap.openldap': 
+ #         [{'server': [
+ #           {'tls': False},
+ #           {'port':636}
+ #         ]},
+ #           {'login': 
+ #             [{'bind_id': 'cn=admin,dc=example,dc=org'}]
+ #           }]
+ #       }]"
+