diff --git a/helm/ldap-user-manager/Chart.yaml b/helm/ldap-user-manager/Chart.yaml new file mode 100644 index 0000000..f77bee8 --- /dev/null +++ b/helm/ldap-user-manager/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +description: A helm chart for ldap-user-manager +name: ldap-user-manager +version: 0.0.1 # Will be replaced during build +sources: +- https://github.com/wheelybird/ldap-user-manager +maintainers: +- name: Abhishek Srivastava + email: abhishekguitarist@gmail.com diff --git a/helm/ldap-user-manager/templates/deployment.yaml b/helm/ldap-user-manager/templates/deployment.yaml new file mode 100644 index 0000000..ca25143 --- /dev/null +++ b/helm/ldap-user-manager/templates/deployment.yaml @@ -0,0 +1,139 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ldap-user-manager + labels: + app: ldap-user-manager + chart: ldap-user-manager-v0.9.34 + release: ldap-user-manager + heritage: Tiller +spec: + selector: + matchLabels: + app: ldap-user-manager + release: ldap-user-manager + template: + metadata: + labels: + app: ldap-user-manager + release: ldap-user-manager + spec: + containers: + - name: ldap-user-manager + image: {{ .Values.image.repository | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + ports: + - name: http + containerPort: {{ .Values.service.httpPort }} + protocol: TCP + - name: https + containerPort: {{ .Values.service.httpsPort }} + protocol: TCP + resources: + limits: + cpu: {{ .Values.resources.limits.cpu | quote }} + memory: {{ .Values.resources.limits.memory | quote }} + requests: + cpu: {{ .Values.resources.requests.cpu | quote }} + memory: {{ .Values.resources.requests.memory | quote }} + env: + - name: LDAP_URI + value: {{ .Values.ldap.URI | quote }} + - name: LDAP_BASE_DN + value: {{ .Values.ldap.baseDN | quote }} + - name: LDAP_ADMIN_BIND_DN + value: {{ .Values.ldap.adminBindDN | quote }} + - name: LDAP_ADMIN_BIND_PWD + value: {{ .Values.ldap.adminBindPassword | quote }} + - name: LDAP_ADMINS_GROUP + value: {{ .Values.ldap.adminGroups | quote }} + {{- if .Values.ldap.userOU }} + - name: LDAP_USER_OU + value: {{ .Values.ldap.userOU | quote }} + {{- end }} + + {{- if .Values.ldap.groupOU }} + - name: LDAP_GROUP_OU + value: {{ .Values.ldap.groupOU | quote }} + {{- end }} + + {{- if .Values.ldap.groupMemAttr }} + - name: LDAP_GROUP_MEMBERSHIP_ATTRIBUTE + value: {{ .Values.ldap.groupMemAttr | quote }} + {{- end }} + + {{- if .Values.ldap.groupMemUID }} + - name: LDAP_GROUP_MEMBERSHIP_USES_UID + value: {{ .Values.ldap.groupMemUID | quote }} + {{- end }} + + {{- if .Values.ldap.defaultGroup }} + - name: DEFAULT_USER_GROUP + value: {{ .Values.ldap.defaultGroup | quote }} + {{- end }} + + {{- if .Values.ldap.userShell }} + - name: DEFAULT_USER_SHELL + value: {{ .Values.ldap.userShell | quote }} + {{- end }} + + {{- if .Values.ldap.emailDomain }} + - name: EMAIL_DOMAIN + value: {{ .Values.ldap.emailDomain | quote }} + {{- end }} + + {{- if .Values.ldap.usernameFormat }} + - name: USERNAME_FORMAT + value: {{ .Values.ldap.usernameFormat | quote }} + {{- end }} + + {{- if .Values.ldap.usernameRegex }} + - name: USERNAME_REGEX + value: {{ .Values.ldap.usernameRegex | quote }} + {{- end }} + + {{- if .Values.ldap.loginTimeout }} + - name: LOGIN_TIMEOUT_MINS + value: {{ .Values.ldap.loginTimeout | quote }} + {{- end }} + + {{- if .Values.ldap.nisSchema }} + - name: LDAP_USES_NIS_SCHEMA + value: {{ .Values.ldap.nisSchema | quote }} + {{- end }} + + {{- if .Values.cert.startTLS }} + - name: LDAP_REQUIRE_STARTTLS + value: {{ .Values.cert.startTLS | quote }} + {{- end }} + + {{- if .Values.ldap.cacert }} + - name: LDAP_TLS_CACERT + value: {{ .Values.cert.cacert | quote }} + {{- end }} + + {{- if .Values.ldap.hostname }} + - name: SERVER_HOSTNAME + value: {{ .Values.service.hostname | quote }} + {{- end }} + + {{- if .Values.ldap.noHttps }} + - name: NO_HTTPS + value: {{ .Values.service.noHttps | quote }} + {{- end }} + + {{- if .Values.ldap.siteName }} + - name: SITE_NAME + value: {{ .Values.service.siteName | quote }} + {{- end }} + + {{- if .Values.service.ldapDebug }} + - name: LDAP_DEBUG + value: {{ .Values.service.ldapDebug | quote }} + {{- end }} + + {{- if .Values.service.sessionDebug }} + - name: SESSION_DEBUG + value: {{ .Values.service.sessionDebug | quote }} + {{- end }} diff --git a/helm/ldap-user-manager/templates/service.yaml b/helm/ldap-user-manager/templates/service.yaml new file mode 100644 index 0000000..88e9dfc --- /dev/null +++ b/helm/ldap-user-manager/templates/service.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: ldap-user-manager + labels: + app: ldap-user-manager + chart: ldap-user-manager-v0.0.1 + release: ldap-user-manager + heritage: Tiller +spec: + ports: + - port: {{ .Values.service.httpPort }} + targetPort: 80 + protocol: TCP + name: http + - port: {{ .Values.service.httpsPort }} + targetPort: 443 + protocol: TCP + name: https + type: {{ .Values.service.type }} + selector: + app: ldap-user-manager + release: ldap-user-manager diff --git a/helm/ldap-user-manager/values.yaml b/helm/ldap-user-manager/values.yaml new file mode 100644 index 0000000..7a4cb0b --- /dev/null +++ b/helm/ldap-user-manager/values.yaml @@ -0,0 +1,80 @@ +image: + pullPolicy: "IfNotPresent" + repository: "wheelybird/ldap-user-manager:v1.0" + +service: + httpPort: 5556 + httpsPort: 5557 + # Optional: + # The hostname that this interface will be served from. + hostname: "lum.mycompany.com" + ldapDebug: "TRUE" + sessionDebug: "TRUE" + + # If you set this to TRUE then the server will run in HTTP mode, without any encryption. This is insecure and should only be used for testing. + noHttps: "FALSE" + # Change this to replace the title in the menu. e.g. "My Company" + siteName: "ldapusermanager.com" + type: LoadBalancer + +resources: + requests: + cpu: "50m" + memory: "64Mi" + limits: + cpu: "50m" + memory: "64Mi" + +ldap: + # The URI of the LDAP server. e.g. ldap://ldap.example.com or ldaps://ldap.example.com + URI: "ldap://my-openldap:389" + # The base DN for your organisation. e.g. *dc=example,dc=com` + baseDN: "dc=example,dc=org" + # The DN for the user with permission to modify all records under LDAP_BASE_DN. e.g. cn=admin,dc=example,dc=com + adminBindDN: "cn=admin,dc=example,dc=org" + # The password for LDAP_ADMIN_BIND_DN + adminBindPassword: "admin" + # The name of the group used to define accounts that can use this tool to manage LDAP accounts. e.g. admins + adminGroups: "admins" + + # Optional params + # The name of the OU used to store user accounts (without the base DN appended). + # userOU: "people" + # The name of the OU used to store groups (without the base DN appended). + # groupOU: "groups" + + # The attribute used when adding a user to a group. + # groupMemAttr: "memberUID" + + # If TRUE then the entry for a member of a group will be just the username. Otherwise it's the member's full DN. + # groupMemUID: "" + # The group that new accounts are automatically added to when created. + # NOTE: If this group doesn't exist then a group is created with the same name as the username and the user is added to that group. + + # defaultGroup: "" + # The shell that will be launched when the user logs into a server. + + # userShell: "" + # If set then the email address field will be automatically populated in the form of username@email_domain). + # emailDomain: "" + # The template used to dynamically generate usernames. See the Usernames section below. + + # usernameFormat: "" + # The regular expression used to ensure a username (and group name) is valid. See the Usernames section below. + + # usernameRegex: "" + # How long before an idle session will be timed out. + + loginTimeout: "30" + nisSchema: "TRUE" + +cert: + # Optional + + # If TRUE then a TLS connection is required for this interface to work. + # If set to FALSE then the interface will work without STARTTLS, but a warning will be displayed on the page. + startTLS: "FALSE" + # If you need to use a specific CA certificate for TLS connections to the LDAP server (when LDAP_REQUIRE_STARTTLS is set), + # then assign the contents of the CA certificate to this variable. e.g. -e LDAP_TLS_CERT=$(