├── .gitignore ├── README.md ├── lldap-chart ├── .helmignore ├── Chart.yaml ├── README.md ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── hpa.yaml │ ├── ingress.yaml │ ├── pvc.yaml │ ├── secret.yaml │ └── service.yaml └── values.yaml ├── lldap-deployment.yaml ├── lldap-persistentvolumeclaim.yaml └── lldap-service.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Using the Light LDAP (LLDAP) implementation for authentication on Kubernetes 2 | 3 | LLDAP homepage: https://github.com/nitnelave/lldap 4 | 5 | ## About 6 | 7 | For testing purposes you can run the LLDAP container on Kubernetes and use the 8 | container as a LDAP authentication backend. 9 | 10 | Thanks to nitnelave for the changing LLDAP to get it authenticating with SUSE 11 | Rancher (see https://github.com/nitnelave/lldap/issues/432) 12 | 13 | ## Set the variables needed and create Kubernetes secret of it 14 | 15 | The LLDAP container will be using thes secrets, without creating these 16 | secrets, the pod will not be up and running 17 | 18 | ``` 19 | NAMESPACE=lldap # in which namespace the lldap container will be installed, always use lowercase 20 | LLDAP_JWT_SECRET= 21 | LLDAP_LDAP_USER_PASS=admin # change if wanted 22 | LLDAP_BASE_DN=dc=evantage,dc=nl # set your own is wanted 23 | 24 | kubectl create secret generic lldap-credentials \ 25 | --from-literal=lldap-jwt-secret=${LLDAP_JWT_SECRET} \ 26 | --from-literal=lldap-ldap-user-pass=${LLDAP_LDAP_USER_PASS} \ 27 | --from-literal=base-dn=${LLDAP_BASE_DN} \ 28 | -n ${NAMESPACE} 29 | ``` 30 | 31 | ## Apply the yaml files 32 | 33 | A PVC will be used to store the data persistant. It will use the local path provisioner, 34 | see https://github.com/rancher/local-path-provisioner. If it is not installed, please 35 | install this prior to applying the LLDAP yaml files. 36 | 37 | Apply the LLDAP deployment in the same namespace as where the secrets were created: 38 | 39 | ``` 40 | kubectl apply -f lldap-persistentvolumeclaim.yaml -n ${NAMESPACE} 41 | kubectl apply -f lldap-deployment.yaml -n ${NAMESPACE} 42 | kubectl apply -f lldap-service.yaml -n ${NAMESPACE} 43 | ``` 44 | 45 | It will take maybe a minute or so, after pulling the image it will be up and running. 46 | 47 | Your LLDAP container is then ready for accepting LDAP requests on port 3890. 48 | 49 | ## Accessing the UI 50 | 51 | To add user and groups to LLDAP, you can use the UI of LLDAP. You can use a kubectl 52 | port-forward on the service to get to this UI: 53 | ``` 54 | kubectl port-forward service/lldap-service 17170:17170 -n ${NAMESPACE} 55 | ``` 56 | 57 | And in your browser go to http://127.0.0.1:17170. Login with admin and the password set in variable above. 58 | 59 | For creating user and groups, please look at the LLDAP documentation at https://github.com/nitnelave/lldap 60 | 61 | Good luck! 62 | -------------------------------------------------------------------------------- /lldap-chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /lldap-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: lldap-chart 3 | description: lldap - Light LDAP implementation for authentication 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.3.4 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: 0.6.1 25 | -------------------------------------------------------------------------------- /lldap-chart/README.md: -------------------------------------------------------------------------------- 1 | # lldap Helm Chart 2 | 3 | A Helm chart for deploying [lldap](https://github.com/nitnelave/lldap) a lightweight LDAP server on Kubernetes. 4 | 5 | ## Table of Contents 6 | 7 | - [Prerequisites](#prerequisites) 8 | - [Installation](#installation) 9 | - [Uninstallation](#uninstallation) 10 | - [Configuration](#configuration) 11 | - [Parameters](#parameters) 12 | - [Examples](#examples) 13 | - [Contributing](#contributing) 14 | - [License](#license) 15 | 16 | ## Prerequisites 17 | 18 | - Kubernetes cluster 19 | - Helm 20 | 21 | ## Installation 22 | 23 | 1. **Add the Helm repository** (if hosted in a repository): 24 | 25 | ```bash 26 | echo "not available at the moment" 27 | ``` 28 | 29 | 2. **Install the chart**: 30 | 31 | ```bash 32 | helm install lldap ./lldap-chart --namespace lldap-namespace 33 | 34 | ``` 35 | 36 | ## Uninstallation 37 | 38 | To uninstall/delete the `lldap` deployment: 39 | 40 | ```bash 41 | helm uninstall lldap -n lldap-namespace 42 | ``` 43 | 44 | The command removes all Kubernetes components associated with the chart and deletes the release. 45 | 46 | ## Configuration 47 | 48 | The following table lists the configurable parameters of the lldap chart and their default values. 49 | 50 | ### Parameters 51 | 52 | | Parameter | Description | Default Value | 53 | | --------------------------------------- | ---------------------------------------------------------- | ------------------------------------------------ | 54 | | `replicaCount` | Number of replicas | `1` | 55 | | `image.repository` | Image repository | `"nitnelave/lldap"` | 56 | | `image.tag` | Image tag | `"latest"` | 57 | | `image.pullPolicy` | Image pull policy | `"IfNotPresent"` | 58 | | `env.TZ` | Timezone for the application | `"CET"` | 59 | | `env.GID` | Group ID | `"1001"` | 60 | | `env.UID` | User ID | `"1001"` | 61 | | `extraEnv` | Extra environment variables to be set on lldap container | `[]` | 62 | | `persistence.enabled` | Enable persistent storage | `true` | 63 | | `persistence.storageClassName` | Storage class name | `""` | 64 | | `persistence.storageSize` | Storage size | `"100Mi"` | 65 | | `persistence.accessMode` | Access mode for the PVC | `"ReadWriteOnce"` | 66 | | `persistence.localPath` | Local filesystem path for storage | `""` | 67 | | `persistence.manualProvision` | Manually provision a PersistentVolume | `false` | 68 | | `extraVolumes` | Extra list of additional volumes for lldap pod | `[]` | 69 | | `extraVolumeMounts` | Extra list of additional volume mounts for lldap container | `[]` | 70 | | `resources` | Resource limits and requests | `{}` | 71 | | `nodeSelector` | Node labels for pod assignment | `{}` | 72 | | `tolerations` | Tolerations for pod assignment | `[]` | 73 | | `affinity` | Affinity for pod assignment | `{}` | 74 | | `hpa.enabled` | Enable Horizontal Pod Autoscaler (HPA) | `true` | 75 | | `hpa.minReplicas` | Minimum number of replicas | `1` | 76 | | `hpa.maxReplicas` | Maximum number of replicas | `3` | 77 | | `hpa.targetCPUUtilizationPercentage` | Target CPU utilization percentage for HPA | `60` | 78 | | `hpa.targetMemoryUtilizationPercentage` | Target memory utilization percentage for HPA | `60` | 79 | | `service.name` | Name of the Kubernetes service | `"lldap-service"` | 80 | | `service.type` | Service type | `"ClusterIP"` | 81 | | `service.ports` | List of service ports | See `values.yaml` | 82 | | `ingress.enabled` | Enable Ingress | `false` | 83 | | `ingress.name` | Name of the Ingress resource | `"lldap-web-ingress"` | 84 | | `ingress.ingressClassName` | Ingress class name | `"nginx"` | 85 | | `ingress.annotations` | Annotations for the Ingress | `{}` | 86 | | `ingress.labels` | Labels for the Ingress | `{}` | 87 | | `ingress.hosts` | List of host configurations | See `values.yaml` | 88 | | `ingress.tls` | TLS configuration for the Ingress | See `values.yaml` | 89 | | `secret.create` | Create a new secret for credentials | `true` | 90 | | `secret.name` | Name of the secret | `"lldap-credentials"` | 91 | | `secret.lldapJwtSecret` | JWT secret for LLDAP | `"wobY6RK/Dc0vL21zFiIZs9iyVy0NQ3ldijYPQ4HLWTc="` | 92 | | `secret.lldapUserName` | Username for the LDAP user | `"admin"` | 93 | | `secret.lldapUserPass` | Password for the LDAP user | `"admiistrator123456"` | 94 | | `secret.lldapBaseDn` | Base DN for LDAP | `"dc=homelab,dc=es"` | 95 | | `secret.useExisting` | Use an existing secret | `false` | 96 | | `secret.existingSecretName` | Name of the existing secret | `""` | 97 | 98 | ### How to Configure 99 | 100 | You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: 101 | 102 | ```bash 103 | helm install my-ldapp ./lldap-chart \ 104 | --set replicaCount=2 \ 105 | --set image.tag=latest \ 106 | --set persistence.enabled=false 107 | ``` 108 | 109 | Alternatively, you can provide a YAML file with custom values: 110 | 111 | ```bash 112 | helm install my-ldapp ./lldap-chart -f custom-values.yaml 113 | ``` 114 | 115 | Thanks for taking your time to reading! 116 | -------------------------------------------------------------------------------- /lldap-chart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "lldap-chart.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "lldap-chart.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "lldap-chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "lldap-chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /lldap-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "lldap-chart.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "lldap-chart.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "lldap-chart.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "lldap-chart.labels" -}} 37 | helm.sh/chart: {{ include "lldap-chart.chart" . }} 38 | {{ include "lldap-chart.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "lldap-chart.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "lldap-chart.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "lldap-chart.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "lldap-chart.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /lldap-chart/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: lldap 5 | namespace: {{ .Values.namespace }} 6 | labels: 7 | app: lldap 8 | annotations: 9 | lldap: https://github.com/nitnelave/lldap 10 | k8s: https://github.com/Evantage-WS/lldap-kubernetes 11 | spec: 12 | replicas: {{ .Values.replicaCount }} 13 | selector: 14 | matchLabels: 15 | app: lldap 16 | strategy: 17 | type: Recreate 18 | template: 19 | metadata: 20 | labels: 21 | app: lldap 22 | annotations: 23 | lldap: https://github.com/nitnelave/lldap 24 | k8s: https://github.com/Evantage-WS/lldap-kubernetes 25 | spec: 26 | containers: 27 | - name: lldap 28 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 29 | imagePullPolicy: {{ .Values.image.pullPolicy }} 30 | 31 | {{- with .Values.resources }} 32 | resources: 33 | {{- toYaml . | nindent 12 }} 34 | {{- end }} 35 | 36 | env: 37 | - name: GID 38 | value: "{{ .Values.env.GID }}" 39 | - name: LLDAP_JWT_SECRET 40 | valueFrom: 41 | secretKeyRef: 42 | name: {{ .Values.secret.name }} 43 | key: lldap-jwt-secret 44 | - name: LLDAP_LDAP_BASE_DN 45 | valueFrom: 46 | secretKeyRef: 47 | name: {{ .Values.secret.name }} 48 | key: base-dn 49 | - name: LLDAP_LDAP_USER_DN 50 | valueFrom: 51 | secretKeyRef: 52 | name: {{ .Values.secret.name }} 53 | key: lldap-ldap-user-name 54 | - name: LLDAP_LDAP_USER_PASS 55 | valueFrom: 56 | secretKeyRef: 57 | name: {{ .Values.secret.name }} 58 | key: lldap-ldap-user-pass 59 | - name: TZ 60 | value: "{{ .Values.env.TZ }}" 61 | - name: UID 62 | value: "{{ .Values.env.UID }}" 63 | {{- if .Values.extraEnv}} 64 | {{- toYaml .Values.extraEnv | nindent 12}} 65 | {{- end }} 66 | ports: 67 | - containerPort: 3890 68 | - containerPort: 6360 69 | - containerPort: 17170 70 | volumeMounts: 71 | {{- if .Values.persistence.enabled }} 72 | - mountPath: /data 73 | name: lldap-data 74 | {{- end }} 75 | 76 | {{- if .Values.extraVolumeMounts}} 77 | {{- toYaml .Values.extraVolumeMounts | nindent 12}} 78 | {{- end }} 79 | volumes: 80 | {{- if .Values.persistence.enabled}} 81 | - name: lldap-data 82 | persistentVolumeClaim: 83 | claimName: lldap-data 84 | {{- end }} 85 | 86 | {{- if .Values.extraVolumes}} 87 | {{- toYaml .Values.extraVolumes | nindent 8}} 88 | {{- end }} 89 | 90 | {{- with .Values.nodeSelector }} 91 | nodeSelector: 92 | {{- toYaml . | nindent 8 }} 93 | {{- end }} 94 | 95 | {{- with .Values.tolerations }} 96 | tolerations: 97 | {{- toYaml . | nindent 8 }} 98 | {{- end }} 99 | 100 | {{- with .Values.affinity }} 101 | affinity: 102 | {{- toYaml . | nindent 8 }} 103 | {{- end }} 104 | -------------------------------------------------------------------------------- /lldap-chart/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.hpa.enabled }} 2 | apiVersion: autoscaling/v2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ .Release.Name }}-hpa 6 | namespace: {{ .Values.namespace }} 7 | spec: 8 | scaleTargetRef: 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | name: {{ .Release.Name }} 12 | minReplicas: {{ .Values.hpa.minReplicas }} 13 | maxReplicas: {{ .Values.hpa.maxReplicas }} 14 | metrics: 15 | - type: Resource 16 | resource: 17 | name: cpu 18 | target: 19 | type: Utilization 20 | averageUtilization: {{ .Values.hpa.targetCPUUtilizationPercentage }} 21 | - type: Resource 22 | resource: 23 | name: memory 24 | target: 25 | type: Utilization 26 | averageUtilization: {{ .Values.hpa.targetMemoryUtilizationPercentage }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /lldap-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ .Values.ingress.name }} 6 | namespace: {{ .Values.namespace }} 7 | annotations: 8 | {{ toYaml .Values.ingress.annotations | indent 4 }} 9 | {{- if .Values.ingress.labels }} 10 | labels: 11 | {{ toYaml .Values.ingress.labels | indent 4 }} 12 | {{- end }} 13 | spec: 14 | ingressClassName: {{ .Values.ingress.ingressClassName }} 15 | rules: 16 | {{- range .Values.ingress.hosts }} 17 | - host: {{ .host }} 18 | http: 19 | paths: 20 | {{- range .paths }} 21 | - path: {{ .path }} 22 | pathType: {{ .pathType }} 23 | backend: 24 | service: 25 | name: {{ $.Values.service.name }} 26 | port: 27 | number: 17170 28 | {{- end }} 29 | {{- end }} 30 | tls: 31 | {{- range .Values.ingress.tls }} 32 | - hosts: 33 | {{- range .hosts }} 34 | - {{ . }} 35 | {{- end }} 36 | secretName: {{ .secretName }} 37 | {{- end }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /lldap-chart/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: lldap-data 6 | namespace: {{ .Values.namespace }} 7 | labels: 8 | app: lldap 9 | spec: 10 | {{- if .Values.persistence.storageClassName }} 11 | storageClassName: {{ .Values.persistence.storageClassName }} 12 | {{- end }} 13 | accessModes: 14 | - {{ .Values.persistence.accessMode }} 15 | resources: 16 | requests: 17 | storage: {{ .Values.persistence.storageSize }} 18 | {{- end }} 19 | {{- if and .Values.persistence.enabled .Values.persistence.manualProvision }} 20 | --- 21 | apiVersion: v1 22 | kind: PersistentVolume 23 | metadata: 24 | name: lldap-data-pv 25 | namespace: {{ .Values.namespace }} 26 | labels: 27 | app: lldap 28 | spec: 29 | capacity: 30 | storage: {{ .Values.persistence.storageSize }} 31 | accessModes: 32 | - {{ .Values.persistence.accessMode }} 33 | {{- if .Values.persistence.storageClassName }} 34 | storageClassName: {{ .Values.persistence.storageClassName }} 35 | {{- end }} 36 | {{- if .Values.persistence.localPath }} 37 | hostPath: 38 | path: {{ .Values.persistence.localPath }} 39 | {{- end }} 40 | {{- end }} -------------------------------------------------------------------------------- /lldap-chart/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secret.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.secret.name }} 6 | namespace: {{ .Values.namespace }} 7 | type: Opaque 8 | data: 9 | lldap-jwt-secret: {{ .Values.secret.lldapJwtSecret | b64enc }} 10 | lldap-ldap-user-name: {{ .Values.secret.lldapUserName | b64enc }} 11 | lldap-ldap-user-pass: {{ .Values.secret.lldapUserPass | b64enc }} 12 | base-dn: {{ .Values.secret.lldapBaseDn | b64enc }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /lldap-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.service.name }} 5 | namespace: {{ .Values.namespace }} 6 | labels: 7 | app: lldap 8 | annotations: 9 | lldap: https://github.com/nitnelave/lldap 10 | k8s: https://github.com/Evantage-WS/lldap-kubernetes 11 | spec: 12 | type: {{ .Values.service.type }} 13 | ports: 14 | {{ toYaml .Values.service.ports | indent 4 }} 15 | selector: 16 | app: lldap 17 | -------------------------------------------------------------------------------- /lldap-chart/values.yaml: -------------------------------------------------------------------------------- 1 | ##### secret creation 2 | secret: 3 | create: true 4 | name: lldap-credentials 5 | lldapJwtSecret: "wobY6RK/Dc0vL21zFiIZs9iyVy0NQ3ldijYPQ4HLWTc=" 6 | lldapUserName: "admin" 7 | lldapUserPass: "admiistrator123456" 8 | lldapBaseDn: "dc=homelab,dc=es" 9 | 10 | 11 | ##### pvc 12 | persistence: 13 | enabled: true 14 | storageClassName: "" 15 | storageSize: "100Mi" 16 | accessMode: "ReadWriteOnce" 17 | 18 | # in case the StorageClass used does not automatically provision volumes, 19 | # you can specify a local path for manual mounting here like for example /mnt/data/lldap 20 | # if the StorageClass supports automatic provisioning, leave this field empty. 21 | localPath: "" # Local filesystem path for storage, used if 'local-path' is the SC. 22 | 23 | # if manualProvision is set to true, a persistentVolume is created with helm 24 | # if the StorageClass used supports automatic provisioning, this should be set to false. 25 | # and if it does not supports automatic provisioning, set to true. Default is false 26 | manualProvision: false 27 | 28 | extraVolumes: [] 29 | 30 | extraVolumeMounts: [] 31 | 32 | ##### deployment 33 | # hour zone 34 | env: 35 | TZ: "CET" 36 | GID: "1001" 37 | UID: "1001" 38 | 39 | extraEnv: [] 40 | 41 | resources: {} 42 | # limits: 43 | # cpu: 100m 44 | # memory: 100Mi 45 | # requests: 46 | # cpu: 50m 47 | # memory: 50M 48 | 49 | nodeSelector: {} 50 | 51 | tolerations: [] 52 | 53 | affinity: {} 54 | 55 | replicaCount: 1 56 | 57 | image: 58 | repository: "nitnelave/lldap" 59 | tag: "v0.6.1" 60 | pullPolicy: "IfNotPresent" 61 | 62 | 63 | # HPA configuration 64 | # make sure to use RWX storage class, if use 1 replica and not hpa 65 | hpa: 66 | enabled: true 67 | minReplicas: 1 68 | maxReplicas: 3 69 | targetCPUUtilizationPercentage: 60 70 | targetMemoryUtilizationPercentage: 60 71 | 72 | 73 | 74 | #### service this is unique service, so no enabled is added as if not it wont work 75 | service: 76 | name: lldap-service 77 | type: ClusterIP 78 | ports: 79 | - name: "3890" 80 | port: 3890 81 | targetPort: 3890 82 | - name: "17170" 83 | port: 17170 84 | targetPort: 17170 85 | 86 | 87 | #####ingress 88 | ingress: 89 | enabled: false 90 | name: lldap-web-ingress 91 | ingressClassName: nginx 92 | annotations: {} 93 | labels: {} 94 | hosts: 95 | - host: "lldap.test.com" 96 | paths: 97 | - path: "/" 98 | pathType: "Prefix" 99 | tls: 100 | - secretName: "lldap-secret-tls" 101 | hosts: 102 | - "lldap.test.com" 103 | 104 | 105 | -------------------------------------------------------------------------------- /lldap-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | annotations: 5 | lldap: https://github.com/nitnelave/lldap 6 | k8s: https://github.com/Evantage-WS/lldap-kubernetes 7 | labels: 8 | app: lldap 9 | name: lldap 10 | spec: 11 | replicas: 1 12 | selector: 13 | matchLabels: 14 | app: lldap 15 | strategy: 16 | type: Recreate 17 | template: 18 | metadata: 19 | annotations: 20 | lldap: https://github.com/nitnelave/lldap 21 | k8s: https://github.com/Evantage-WS/lldap-kubernetes 22 | labels: 23 | app: lldap 24 | spec: 25 | containers: 26 | - env: 27 | - name: GID 28 | value: "1001" 29 | - name: LLDAP_JWT_SECRET 30 | valueFrom: 31 | secretKeyRef: 32 | name: lldap-credentials 33 | key: lldap-jwt-secret 34 | - name: LLDAP_LDAP_BASE_DN 35 | valueFrom: 36 | secretKeyRef: 37 | name: lldap-credentials 38 | key: base-dn 39 | - name: LLDAP_LDAP_USER_PASS 40 | valueFrom: 41 | secretKeyRef: 42 | name: lldap-credentials 43 | key: lldap-ldap-user-pass 44 | - name: TZ 45 | value: CET 46 | - name: UID 47 | value: "1001" 48 | image: nitnelave/lldap:latest 49 | name: lldap 50 | ports: 51 | - containerPort: 3890 52 | - containerPort: 17170 53 | volumeMounts: 54 | - mountPath: /data 55 | name: lldap-data 56 | restartPolicy: Always 57 | volumes: 58 | - name: lldap-data 59 | persistentVolumeClaim: 60 | claimName: lldap-data 61 | 62 | -------------------------------------------------------------------------------- /lldap-persistentvolumeclaim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | labels: 5 | app: lldap 6 | name: lldap-data 7 | spec: 8 | storageClassName: local-path 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 100Mi 14 | -------------------------------------------------------------------------------- /lldap-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | lldap: https://github.com/nitnelave/lldap 6 | k8s: https://github.com/Evantage-WS/lldap-kubernetes 7 | labels: 8 | app: lldap-service 9 | name: lldap-service 10 | spec: 11 | ports: 12 | - name: "3890" 13 | port: 3890 14 | targetPort: 3890 15 | - name: "17170" 16 | port: 17170 17 | targetPort: 17170 18 | selector: 19 | app: lldap 20 | 21 | --------------------------------------------------------------------------------