Adding helm support for deployment on K8s cluster (#17)

Added Helm support for deploying to a Kubernetes cluster (cheers to @Abhishek-Srivastava !)
2025-01-18 15:32:54 +01:00 · 2020-05-15 13:42:24 +05:30 · 2020-05-15 13:42:24 +05:30 · 60f85f6125
commit 60f85f6125
parent 57a6785c9d
4 changed files with 252 additions and 0 deletions
--- a/helm/ldap-user-manager/Chart.yaml
+++ b/helm/ldap-user-manager/Chart.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+description: A helm chart for ldap-user-manager
+name: ldap-user-manager
+version: 0.0.1 # Will be replaced during build
+sources:
+- https://github.com/wheelybird/ldap-user-manager
+maintainers:
+- name: Abhishek Srivastava
+  email: abhishekguitarist@gmail.com
--- a/helm/ldap-user-manager/templates/deployment.yaml
+++ b/helm/ldap-user-manager/templates/deployment.yaml
@ -0,0 +1,139 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ldap-user-manager
+  labels:
+    app: ldap-user-manager
+    chart: ldap-user-manager-v0.9.34
+    release: ldap-user-manager
+    heritage: Tiller
+spec:
+  selector:
+    matchLabels:
+      app: ldap-user-manager
+      release: ldap-user-manager
+  template:
+    metadata:
+      labels:
+        app: ldap-user-manager
+        release: ldap-user-manager
+    spec:
+      containers:
+        - name: ldap-user-manager
+          image: {{ .Values.image.repository | quote }}
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.httpPort }}
+              protocol: TCP
+            - name: https
+              containerPort: {{ .Values.service.httpsPort }}
+              protocol: TCP
+          resources:
+            limits:
+              cpu: {{ .Values.resources.limits.cpu | quote }}
+              memory: {{ .Values.resources.limits.memory | quote }}
+            requests:
+              cpu: {{ .Values.resources.requests.cpu | quote }}
+              memory: {{ .Values.resources.requests.memory | quote }}
+          env:
+            - name: LDAP_URI
+              value: {{ .Values.ldap.URI | quote }}
+            - name: LDAP_BASE_DN
+              value: {{ .Values.ldap.baseDN | quote }}
+            - name: LDAP_ADMIN_BIND_DN
+              value: {{ .Values.ldap.adminBindDN | quote }}
+            - name: LDAP_ADMIN_BIND_PWD
+              value: {{ .Values.ldap.adminBindPassword | quote }}
+            - name: LDAP_ADMINS_GROUP
+              value: {{ .Values.ldap.adminGroups | quote }}
+            {{- if .Values.ldap.userOU }}
+            - name: LDAP_USER_OU
+              value: {{ .Values.ldap.userOU | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.groupOU }}
+            - name: LDAP_GROUP_OU
+              value: {{ .Values.ldap.groupOU | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.groupMemAttr }}
+            - name: LDAP_GROUP_MEMBERSHIP_ATTRIBUTE
+              value: {{ .Values.ldap.groupMemAttr | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.groupMemUID }}
+            - name: LDAP_GROUP_MEMBERSHIP_USES_UID
+              value: {{ .Values.ldap.groupMemUID | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.defaultGroup }}
+            - name: DEFAULT_USER_GROUP
+              value: {{ .Values.ldap.defaultGroup | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.userShell }}
+            - name: DEFAULT_USER_SHELL
+              value: {{ .Values.ldap.userShell | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.emailDomain }}
+            - name: EMAIL_DOMAIN
+              value: {{ .Values.ldap.emailDomain | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.usernameFormat }}
+            - name: USERNAME_FORMAT
+              value: {{ .Values.ldap.usernameFormat | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.usernameRegex }}
+            - name: USERNAME_REGEX
+              value: {{ .Values.ldap.usernameRegex | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.loginTimeout }}
+            - name: LOGIN_TIMEOUT_MINS
+              value: {{ .Values.ldap.loginTimeout | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.nisSchema }}
+            - name: LDAP_USES_NIS_SCHEMA
+              value: {{ .Values.ldap.nisSchema | quote }}
+            {{- end }}
+
+            {{- if .Values.cert.startTLS }}
+            - name: LDAP_REQUIRE_STARTTLS
+              value: {{ .Values.cert.startTLS | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.cacert }}
+            - name: LDAP_TLS_CACERT
+              value: {{ .Values.cert.cacert | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.hostname }}
+            - name: SERVER_HOSTNAME
+              value: {{ .Values.service.hostname | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.noHttps }}
+            - name: NO_HTTPS
+              value: {{ .Values.service.noHttps | quote }}
+            {{- end }}
+
+            {{- if .Values.ldap.siteName }}
+            - name: SITE_NAME
+              value: {{ .Values.service.siteName | quote }}
+            {{- end }}
+
+            {{- if .Values.service.ldapDebug }}
+            - name: LDAP_DEBUG
+              value: {{ .Values.service.ldapDebug | quote }}
+            {{- end }}
+
+            {{- if .Values.service.sessionDebug }}
+            - name: SESSION_DEBUG
+              value: {{ .Values.service.sessionDebug | quote }}
+            {{- end }}
--- a/helm/ldap-user-manager/templates/service.yaml
+++ b/helm/ldap-user-manager/templates/service.yaml
@ -0,0 +1,24 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ldap-user-manager
+  labels:
+    app: ldap-user-manager
+    chart: ldap-user-manager-v0.0.1
+    release: ldap-user-manager
+    heritage: Tiller
+spec:
+  ports:
+    - port: {{ .Values.service.httpPort }}
+      targetPort: 80
+      protocol: TCP
+      name: http
+    - port: {{ .Values.service.httpsPort }}
+      targetPort: 443
+      protocol: TCP
+      name: https
+  type: {{ .Values.service.type }}
+  selector:
+    app: ldap-user-manager
+    release: ldap-user-manager
--- a/helm/ldap-user-manager/values.yaml
+++ b/helm/ldap-user-manager/values.yaml
@ -0,0 +1,80 @@
+image:
+  pullPolicy: "IfNotPresent"
+  repository: "wheelybird/ldap-user-manager:v1.0"
+
+service:
+  httpPort: 5556
+  httpsPort: 5557
+  # Optional:
+  # The hostname that this interface will be served from.
+  hostname: "lum.mycompany.com"
+  ldapDebug: "TRUE"
+  sessionDebug: "TRUE"
+
+  # If you set this to TRUE then the server will run in HTTP mode, without any encryption. This is insecure and should only be used for testing.
+  noHttps: "FALSE"
+  # Change this to replace the title in the menu. e.g. "My Company"
+  siteName: "ldapusermanager.com"
+  type: LoadBalancer
+
+resources:
+  requests:
+    cpu: "50m"
+    memory: "64Mi"
+  limits:
+    cpu: "50m"
+    memory: "64Mi"
+
+ldap:
+  # The URI of the LDAP server. e.g. ldap://ldap.example.com or ldaps://ldap.example.com
+  URI: "ldap://my-openldap:389"
+  # The base DN for your organisation. e.g. *dc=example,dc=com`
+  baseDN: "dc=example,dc=org"
+  # The DN for the user with permission to modify all records under LDAP_BASE_DN. e.g. cn=admin,dc=example,dc=com
+  adminBindDN: "cn=admin,dc=example,dc=org"
+  # The password for LDAP_ADMIN_BIND_DN
+  adminBindPassword: "admin"
+  # The name of the group used to define accounts that can use this tool to manage LDAP accounts. e.g. admins
+  adminGroups: "admins"
+
+  # Optional params
+  # The name of the OU used to store user accounts (without the base DN appended).
+  # userOU: "people"
+  #  The name of the OU used to store groups (without the base DN appended).
+  # groupOU: "groups"
+
+  # The attribute used when adding a user to a group.
+  # groupMemAttr: "memberUID"
+
+  # If TRUE then the entry for a member of a group will be just the username. Otherwise it's the member's full DN.
+  # groupMemUID: ""
+  # The group that new accounts are automatically added to when created. 
+  # NOTE: If this group doesn't exist then a group is created with the same name as the username and the user is added to that group.
+
+  # defaultGroup: ""
+  # The shell that will be launched when the user logs into a server.
+
+  # userShell: ""
+  # If set then the email address field will be automatically populated in the form of username@email_domain).
+  # emailDomain: ""
+  # The template used to dynamically generate usernames. See the Usernames section below.
+
+  # usernameFormat: ""
+  # The regular expression used to ensure a username (and group name) is valid. See the Usernames section below.
+
+  # usernameRegex: ""
+  # How long before an idle session will be timed out.
+
+  loginTimeout: "30"
+  nisSchema: "TRUE"
+
+cert:
+  # Optional
+
+  # If TRUE then a TLS connection is required for this interface to work. 
+  # If set to FALSE then the interface will work without STARTTLS, but a warning will be displayed on the page.
+  startTLS: "FALSE"
+  # If you need to use a specific CA certificate for TLS connections to the LDAP server (when LDAP_REQUIRE_STARTTLS is set),
+  # then assign the contents of the CA certificate to this variable. e.g. -e LDAP_TLS_CERT=$(</path/to/ca.crt)
+
+  # cacert: