179 lines
4.6 KiB
YAML
179 lines
4.6 KiB
YAML
|
# Default values for openldap.
|
||
|
# This is a YAML-formatted file.
|
||
|
# Declare variables to be passed into your templates.
|
||
|
|
||
|
replicaCount: 3
|
||
|
# Define deployment strategy - IMPORTANT: use rollingUpdate: null when use Recreate strategy.
|
||
|
# It prevents from merging with existing map keys which are forbidden.
|
||
|
strategy: {}
|
||
|
# type: RollingUpdate
|
||
|
# rollingUpdate:
|
||
|
# maxSurge: 1
|
||
|
# maxUnavailable: 0
|
||
|
#
|
||
|
# or
|
||
|
#
|
||
|
# type: Recreate
|
||
|
# rollingUpdate: null
|
||
|
image:
|
||
|
# From repository https://github.com/osixia/docker-openldap
|
||
|
repository: osixia/openldap
|
||
|
tag: 1.4.0
|
||
|
pullPolicy: Always
|
||
|
pullSecret: harbor
|
||
|
|
||
|
# Set the container log level
|
||
|
# Valid log levels: none, error, warning, info (default), debug, trace
|
||
|
logLevel: info
|
||
|
|
||
|
# Spcifies an existing secret to be used for admin and config user passwords
|
||
|
existingSecret: ""
|
||
|
# settings for enabling TLS with custom certificate
|
||
|
tls:
|
||
|
enabled: true
|
||
|
secret: "" # The name of a kubernetes.io/tls type secret to use for TLS
|
||
|
CA:
|
||
|
enabled: false
|
||
|
secret: "" # The name of a generic secret to use for custom CA certificate (ca.crt)
|
||
|
## Add additional labels to all resources
|
||
|
extraLabels: {}
|
||
|
## Add additional annotations to pods
|
||
|
podAnnotations: {}
|
||
|
service:
|
||
|
annotations: {}
|
||
|
|
||
|
ldapPort: 389
|
||
|
sslLdapPort: 636
|
||
|
|
||
|
## If service type NodePort, define the value here
|
||
|
#ldapPortNodePort:
|
||
|
#sslLdapPortNodePort:
|
||
|
## List of IP addresses at which the service is available
|
||
|
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
|
||
|
##
|
||
|
externalIPs: []
|
||
|
|
||
|
#loadBalancerIP:
|
||
|
#loadBalancerSourceRanges: []
|
||
|
type: ClusterIP
|
||
|
|
||
|
# Default configuration for openldap as environment variables. These get injected directly in the container.
|
||
|
# Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
|
||
|
env:
|
||
|
LDAP_LOG_LEVEL: "256"
|
||
|
LDAP_ORGANISATION: "Example Inc."
|
||
|
LDAP_DOMAIN: "example.org"
|
||
|
LDAP_READONLY_USER: "false"
|
||
|
LDAP_READONLY_USER_USERNAME: "readonly"
|
||
|
LDAP_READONLY_USER_PASSWORD: "readonly"
|
||
|
LDAP_RFC2307BIS_SCHEMA: "false"
|
||
|
LDAP_BACKEND: "mdb"
|
||
|
LDAP_TLS: "true"
|
||
|
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
||
|
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
||
|
LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
|
||
|
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
||
|
LDAP_TLS_ENFORCE: "false"
|
||
|
CONTAINER_LOG_LEVEL: "4"
|
||
|
LDAP_TLS_REQCERT: "never"
|
||
|
KEEP_EXISTING_CONFIG: "false"
|
||
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||
|
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||
|
LDAP_TLS_VERIFY_CLIENT: "never"
|
||
|
LDAP_TLS_PROTOCOL_MIN: "3.0"
|
||
|
LDAP_TLS_CIPHER_SUITE: "NORMAL"
|
||
|
|
||
|
|
||
|
|
||
|
# Default Passwords to use, stored as a secret.
|
||
|
# You can override these at install time with
|
||
|
# helm install openldap --set openldap.adminPassword=<passwd>,openldap.configPassword=<passwd>
|
||
|
adminPassword: Not@SecurePassw0rd
|
||
|
configPassword: Not@SecurePassw0rd
|
||
|
|
||
|
# Custom openldap configuration files used to override default settings
|
||
|
# customLdifFiles:
|
||
|
# 01-default-users.ldif: |-
|
||
|
# Predefine users here
|
||
|
replication:
|
||
|
enabled: true
|
||
|
# Enter the name of your cluster, defaults to "cluster.local"
|
||
|
clusterName: "cluster.local"
|
||
|
retry: 60
|
||
|
timeout: 1
|
||
|
interval: 00:00:00:10
|
||
|
starttls: "critical"
|
||
|
tls_reqcert: "never"
|
||
|
## Persist data to a persistent volume
|
||
|
persistence:
|
||
|
enabled: true
|
||
|
## database data Persistent Volume Storage Class
|
||
|
## If defined, storageClassName: <storageClass>
|
||
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||
|
## If undefined (the default) or set to null, no storageClassName spec is
|
||
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||
|
## GKE, AWS & OpenStack)
|
||
|
##
|
||
|
# storageClass: "standard-singlewriter"
|
||
|
accessModes:
|
||
|
- ReadWriteOnce
|
||
|
size: 8Gi
|
||
|
|
||
|
resources: {}
|
||
|
# requests:
|
||
|
# cpu: "100m"
|
||
|
# memory: "256Mi"
|
||
|
# limits:
|
||
|
# cpu: "500m"
|
||
|
# memory: "512Mi"
|
||
|
|
||
|
nodeSelector: {}
|
||
|
|
||
|
tolerations: []
|
||
|
|
||
|
|
||
|
## test container details
|
||
|
test:
|
||
|
enabled: false
|
||
|
image:
|
||
|
repository: dduportal/bats
|
||
|
tag: 0.4.0
|
||
|
ltb-passwd:
|
||
|
enabled : true
|
||
|
ingress:
|
||
|
enabled: true
|
||
|
annotations: {}
|
||
|
path: /
|
||
|
## Ingress Host
|
||
|
hosts:
|
||
|
- "ssl-ldap2.example"
|
||
|
ldap:
|
||
|
server: ldap://openldap
|
||
|
searchBase: dc=example,dc=org
|
||
|
# existingSecret: openldaptest
|
||
|
bindDN: cn=admin,dc=example,dc=org
|
||
|
bindPWKey: LDAP_ADMIN_PASSWORD
|
||
|
|
||
|
phpldapadmin:
|
||
|
enabled: true
|
||
|
ingress:
|
||
|
enabled: true
|
||
|
annotations: {}
|
||
|
path: /
|
||
|
## Ingress Host
|
||
|
hosts:
|
||
|
- phpldapadmin.example
|
||
|
env:
|
||
|
PHPLDAPADMIN_LDAP_HOSTS: openldap
|
||
|
# TODO make it works
|
||
|
# "#PYTHON2BASH:
|
||
|
# [{'openldap.openldap':
|
||
|
# [{'server': [
|
||
|
# {'tls': False},
|
||
|
# {'port':636}
|
||
|
# ]},
|
||
|
# {'login':
|
||
|
# [{'bind_id': 'cn=admin,dc=example,dc=org'}]
|
||
|
# }]
|
||
|
# }]"
|
||
|
|