LDAP.yaml

### LDAP Server -- Deployment ###
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: &name ldap
  namespace: boxed
  labels:
    app: *name
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: *name
        name: *name
    spec:
      terminationGracePeriodSeconds: 60
      nodeSelector:
        nodeApp: eos-mgm
      containers:
      - name: ldap
        image: gitlab-registry.cern.ch/cernbox/boxedhub/ldap:v0.2
        imagePullPolicy: IfNotPresent
        #ports:
        #- containerPort: 389
        #- containerPort: 636
        volumeMounts:
        - name: &vm_userdb ldap-userdb
          mountPath: /var/lib/ldap
        - name: &vm_config ldap-config
          mountPath: /etc/ldap/slapd.d
        env:
        ### PodInfo ###
        - name: PODINFO_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: PODINFO_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: PODINFO_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: PODINFO_NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: PODINFO_NODE_IP
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
        ###
        - name: THIS_CONTAINER
          value: "LDAP"
        - name: DEPLOYMENT_TYPE
          value: "kubernetes"
        - name: LDAP_ENDPOINT
          #value: "ldap.boxed.svc.cluster.local"
          value: "localhost"
        - name : LDAP_TLS_VERIFY_CLIENT
          value: "try"
        ##
        # Environment variables to configure new LDAP Server
        # NOTE: These variables are considered only at the first run of the LDAP server.
        # * LDAP_BASE_DN is inferred from LDAP_DOMAIN, if left empty.
        # * Admin user "admin" is created by default. Her password can be customized.
        # * A read-only user can be added by setting "LDAP_READONLY_USER" to True
        #   and specifing her username and password.
        - name: LDAP_ORGANISATION
          value: "Example Inc."
        - name: LDAP_DOMAIN
          value: "example.org"
        - name: LDAP_BASE_DN
          value: "dc=example,dc=org"
        - name: LDAP_ADMIN_PASSWORD
          value: "admin"
        - name: LDAP_READONLY_USER
          value: "true"
        - name: LDAP_READONLY_USER_USERNAME
          value: "readuser"
        - name: LDAP_READONLY_USER_PASSWORD
          value: "readuser"
        ##
        # Additional environment variables needed by the `adduser.sh` script
        # and by Custom Authenticators in CERNBox // SWAN.
        # Please consider using the same variable names for consistency.
        - name: LDAP_URI
          value: "ldap://127.0.0.1"
        - name: LDAP_PORT
          value: "389"
        - name: LDAP_ADMIN_BIND_DN
          value: "cn=admin,dc=example,dc=org"
        - name: LDAP_ADMIN_BIND_PASSWORD
          value: "admin"
        ##
      volumes:
      - name: *vm_userdb
        hostPath:
          path: /mnt/ldap/userdb
          type: Directory
      - name: *vm_config
        hostPath:
          path: /mnt/ldap/config
          type: Directory
---
### SERVICE ###
apiVersion: v1
kind: Service
metadata:
  name: &name ldap
  namespace: boxed
spec:
  selector:
    app: *name
  ports:
  - name: ldap
    protocol: TCP
    port: 389
    targetPort: 389
  - name: ldaps
    protocol: TCP
    port: 636
    targetPort: 636
  type: ClusterIP