mirror of
https://github.com/wheelybird/ldap-user-manager.git
synced 2025-01-18 15:32:54 +01:00
Adding helm support for deployment on K8s cluster (#17)
Added Helm support for deploying to a Kubernetes cluster (cheers to @Abhishek-Srivastava !)
This commit is contained in:
parent
57a6785c9d
commit
60f85f6125
9
helm/ldap-user-manager/Chart.yaml
Normal file
9
helm/ldap-user-manager/Chart.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
description: A helm chart for ldap-user-manager
|
||||||
|
name: ldap-user-manager
|
||||||
|
version: 0.0.1 # Will be replaced during build
|
||||||
|
sources:
|
||||||
|
- https://github.com/wheelybird/ldap-user-manager
|
||||||
|
maintainers:
|
||||||
|
- name: Abhishek Srivastava
|
||||||
|
email: abhishekguitarist@gmail.com
|
139
helm/ldap-user-manager/templates/deployment.yaml
Normal file
139
helm/ldap-user-manager/templates/deployment.yaml
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: ldap-user-manager
|
||||||
|
labels:
|
||||||
|
app: ldap-user-manager
|
||||||
|
chart: ldap-user-manager-v0.9.34
|
||||||
|
release: ldap-user-manager
|
||||||
|
heritage: Tiller
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: ldap-user-manager
|
||||||
|
release: ldap-user-manager
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: ldap-user-manager
|
||||||
|
release: ldap-user-manager
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: ldap-user-manager
|
||||||
|
image: {{ .Values.image.repository | quote }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: {{ .Values.service.httpPort }}
|
||||||
|
protocol: TCP
|
||||||
|
- name: https
|
||||||
|
containerPort: {{ .Values.service.httpsPort }}
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: {{ .Values.resources.limits.cpu | quote }}
|
||||||
|
memory: {{ .Values.resources.limits.memory | quote }}
|
||||||
|
requests:
|
||||||
|
cpu: {{ .Values.resources.requests.cpu | quote }}
|
||||||
|
memory: {{ .Values.resources.requests.memory | quote }}
|
||||||
|
env:
|
||||||
|
- name: LDAP_URI
|
||||||
|
value: {{ .Values.ldap.URI | quote }}
|
||||||
|
- name: LDAP_BASE_DN
|
||||||
|
value: {{ .Values.ldap.baseDN | quote }}
|
||||||
|
- name: LDAP_ADMIN_BIND_DN
|
||||||
|
value: {{ .Values.ldap.adminBindDN | quote }}
|
||||||
|
- name: LDAP_ADMIN_BIND_PWD
|
||||||
|
value: {{ .Values.ldap.adminBindPassword | quote }}
|
||||||
|
- name: LDAP_ADMINS_GROUP
|
||||||
|
value: {{ .Values.ldap.adminGroups | quote }}
|
||||||
|
{{- if .Values.ldap.userOU }}
|
||||||
|
- name: LDAP_USER_OU
|
||||||
|
value: {{ .Values.ldap.userOU | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.groupOU }}
|
||||||
|
- name: LDAP_GROUP_OU
|
||||||
|
value: {{ .Values.ldap.groupOU | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.groupMemAttr }}
|
||||||
|
- name: LDAP_GROUP_MEMBERSHIP_ATTRIBUTE
|
||||||
|
value: {{ .Values.ldap.groupMemAttr | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.groupMemUID }}
|
||||||
|
- name: LDAP_GROUP_MEMBERSHIP_USES_UID
|
||||||
|
value: {{ .Values.ldap.groupMemUID | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.defaultGroup }}
|
||||||
|
- name: DEFAULT_USER_GROUP
|
||||||
|
value: {{ .Values.ldap.defaultGroup | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.userShell }}
|
||||||
|
- name: DEFAULT_USER_SHELL
|
||||||
|
value: {{ .Values.ldap.userShell | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.emailDomain }}
|
||||||
|
- name: EMAIL_DOMAIN
|
||||||
|
value: {{ .Values.ldap.emailDomain | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.usernameFormat }}
|
||||||
|
- name: USERNAME_FORMAT
|
||||||
|
value: {{ .Values.ldap.usernameFormat | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.usernameRegex }}
|
||||||
|
- name: USERNAME_REGEX
|
||||||
|
value: {{ .Values.ldap.usernameRegex | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.loginTimeout }}
|
||||||
|
- name: LOGIN_TIMEOUT_MINS
|
||||||
|
value: {{ .Values.ldap.loginTimeout | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.nisSchema }}
|
||||||
|
- name: LDAP_USES_NIS_SCHEMA
|
||||||
|
value: {{ .Values.ldap.nisSchema | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.cert.startTLS }}
|
||||||
|
- name: LDAP_REQUIRE_STARTTLS
|
||||||
|
value: {{ .Values.cert.startTLS | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.cacert }}
|
||||||
|
- name: LDAP_TLS_CACERT
|
||||||
|
value: {{ .Values.cert.cacert | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.hostname }}
|
||||||
|
- name: SERVER_HOSTNAME
|
||||||
|
value: {{ .Values.service.hostname | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.noHttps }}
|
||||||
|
- name: NO_HTTPS
|
||||||
|
value: {{ .Values.service.noHttps | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.ldap.siteName }}
|
||||||
|
- name: SITE_NAME
|
||||||
|
value: {{ .Values.service.siteName | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.service.ldapDebug }}
|
||||||
|
- name: LDAP_DEBUG
|
||||||
|
value: {{ .Values.service.ldapDebug | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.service.sessionDebug }}
|
||||||
|
- name: SESSION_DEBUG
|
||||||
|
value: {{ .Values.service.sessionDebug | quote }}
|
||||||
|
{{- end }}
|
24
helm/ldap-user-manager/templates/service.yaml
Normal file
24
helm/ldap-user-manager/templates/service.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: ldap-user-manager
|
||||||
|
labels:
|
||||||
|
app: ldap-user-manager
|
||||||
|
chart: ldap-user-manager-v0.0.1
|
||||||
|
release: ldap-user-manager
|
||||||
|
heritage: Tiller
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.service.httpPort }}
|
||||||
|
targetPort: 80
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
- port: {{ .Values.service.httpsPort }}
|
||||||
|
targetPort: 443
|
||||||
|
protocol: TCP
|
||||||
|
name: https
|
||||||
|
type: {{ .Values.service.type }}
|
||||||
|
selector:
|
||||||
|
app: ldap-user-manager
|
||||||
|
release: ldap-user-manager
|
80
helm/ldap-user-manager/values.yaml
Normal file
80
helm/ldap-user-manager/values.yaml
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
image:
|
||||||
|
pullPolicy: "IfNotPresent"
|
||||||
|
repository: "wheelybird/ldap-user-manager:v1.0"
|
||||||
|
|
||||||
|
service:
|
||||||
|
httpPort: 5556
|
||||||
|
httpsPort: 5557
|
||||||
|
# Optional:
|
||||||
|
# The hostname that this interface will be served from.
|
||||||
|
hostname: "lum.mycompany.com"
|
||||||
|
ldapDebug: "TRUE"
|
||||||
|
sessionDebug: "TRUE"
|
||||||
|
|
||||||
|
# If you set this to TRUE then the server will run in HTTP mode, without any encryption. This is insecure and should only be used for testing.
|
||||||
|
noHttps: "FALSE"
|
||||||
|
# Change this to replace the title in the menu. e.g. "My Company"
|
||||||
|
siteName: "ldapusermanager.com"
|
||||||
|
type: LoadBalancer
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: "50m"
|
||||||
|
memory: "64Mi"
|
||||||
|
limits:
|
||||||
|
cpu: "50m"
|
||||||
|
memory: "64Mi"
|
||||||
|
|
||||||
|
ldap:
|
||||||
|
# The URI of the LDAP server. e.g. ldap://ldap.example.com or ldaps://ldap.example.com
|
||||||
|
URI: "ldap://my-openldap:389"
|
||||||
|
# The base DN for your organisation. e.g. *dc=example,dc=com`
|
||||||
|
baseDN: "dc=example,dc=org"
|
||||||
|
# The DN for the user with permission to modify all records under LDAP_BASE_DN. e.g. cn=admin,dc=example,dc=com
|
||||||
|
adminBindDN: "cn=admin,dc=example,dc=org"
|
||||||
|
# The password for LDAP_ADMIN_BIND_DN
|
||||||
|
adminBindPassword: "admin"
|
||||||
|
# The name of the group used to define accounts that can use this tool to manage LDAP accounts. e.g. admins
|
||||||
|
adminGroups: "admins"
|
||||||
|
|
||||||
|
# Optional params
|
||||||
|
# The name of the OU used to store user accounts (without the base DN appended).
|
||||||
|
# userOU: "people"
|
||||||
|
# The name of the OU used to store groups (without the base DN appended).
|
||||||
|
# groupOU: "groups"
|
||||||
|
|
||||||
|
# The attribute used when adding a user to a group.
|
||||||
|
# groupMemAttr: "memberUID"
|
||||||
|
|
||||||
|
# If TRUE then the entry for a member of a group will be just the username. Otherwise it's the member's full DN.
|
||||||
|
# groupMemUID: ""
|
||||||
|
# The group that new accounts are automatically added to when created.
|
||||||
|
# NOTE: If this group doesn't exist then a group is created with the same name as the username and the user is added to that group.
|
||||||
|
|
||||||
|
# defaultGroup: ""
|
||||||
|
# The shell that will be launched when the user logs into a server.
|
||||||
|
|
||||||
|
# userShell: ""
|
||||||
|
# If set then the email address field will be automatically populated in the form of username@email_domain).
|
||||||
|
# emailDomain: ""
|
||||||
|
# The template used to dynamically generate usernames. See the Usernames section below.
|
||||||
|
|
||||||
|
# usernameFormat: ""
|
||||||
|
# The regular expression used to ensure a username (and group name) is valid. See the Usernames section below.
|
||||||
|
|
||||||
|
# usernameRegex: ""
|
||||||
|
# How long before an idle session will be timed out.
|
||||||
|
|
||||||
|
loginTimeout: "30"
|
||||||
|
nisSchema: "TRUE"
|
||||||
|
|
||||||
|
cert:
|
||||||
|
# Optional
|
||||||
|
|
||||||
|
# If TRUE then a TLS connection is required for this interface to work.
|
||||||
|
# If set to FALSE then the interface will work without STARTTLS, but a warning will be displayed on the page.
|
||||||
|
startTLS: "FALSE"
|
||||||
|
# If you need to use a specific CA certificate for TLS connections to the LDAP server (when LDAP_REQUIRE_STARTTLS is set),
|
||||||
|
# then assign the contents of the CA certificate to this variable. e.g. -e LDAP_TLS_CERT=$(</path/to/ca.crt)
|
||||||
|
|
||||||
|
# cacert:
|
Loading…
x
Reference in New Issue
Block a user