Add ldap example to demo data

2026-06-11 17:12:51 +00:00 · 2018-05-03 13:21:39 -07:00
parent bc12f602dd
commit 332624bce3
10 changed files with 239 additions and 0 deletions
--- a/demos/data/ldap/base/deployment.yaml
+++ b/demos/data/ldap/base/deployment.yaml
@@ -0,0 +1,46 @@
 apiVersion: apps/v1beta2
 kind: Deployment
 metadata:
  name: ldap
  labels:
    app: ldap
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: ldap
  template:
    metadata:
      labels:
        app: ldap
    spec:
      containers:
        - name: ldap
          image: osixia/openldap:1.1.11
          args: ["--copy-service"]
          volumeMounts:
            - name: ldap-data
              mountPath: /var/lib/ldap
            - name: ldap-config
              mountPath: /etc/ldap/slapd.d
            - name: ldap-certs
              mountPath: /container/service/slapd/assets/certs
            - name: configmap-volume
              mountPath: /container/environment/01-custom
            - name: container-run
              mountPath: /container/run
          ports:
            - containerPort: 389
              name: openldap
      volumes:
        - name: ldap-data
          emptyDir: {}
        - name: ldap-config
          emptyDir: {}
        - name: ldap-certs
          emptyDir: {}
        - name: "configmap-volume"
          configMap:
            name: "ldap-configmap"
        - name: container-run
          emptyDir: {}
--- a/demos/data/ldap/base/env.startup.txt
+++ b/demos/data/ldap/base/env.startup.txt
@@ -0,0 +1,61 @@
 # This is the default image startup configuration file
 # this file define environment variables used during the container **first start** in **startup files**.
 # This file is deleted right after startup files are processed for the first time,
 # after that all these values will not be available in the container environment.
 # This helps to keep your container configuration secret.
 # more information : https://github.com/osixia/docker-light-baseimage
 # Required and used for new ldap server only
 LDAP_ORGANISATION: Example Inc.
 LDAP_DOMAIN: example.org
 LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
 LDAP_ADMIN_PASSWORD: admin
 LDAP_CONFIG_PASSWORD: config
 LDAP_READONLY_USER: false
 LDAP_READONLY_USER_USERNAME: readonly
 LDAP_READONLY_USER_PASSWORD: readonly
 LDAP_RFC2307BIS_SCHEMA: false
 # Backend
 LDAP_BACKEND: hdb
 # Tls
 LDAP_TLS: true
 LDAP_TLS_CRT_FILENAME: ldap.crt
 LDAP_TLS_KEY_FILENAME: ldap.key
 LDAP_TLS_CA_CRT_FILENAME: ca.crt
 LDAP_TLS_ENFORCE: false
 LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
 LDAP_TLS_VERIFY_CLIENT: demand
 # Replication
 LDAP_REPLICATION: false
 # variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
 # are automaticaly replaced at run time
 # if you want to add replication to an existing ldap
 # adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
 # avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
 LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
 LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
 LDAP_REPLICATION_HOSTS:
  - ldap://ldap.example.org # The order must be the same on all ldap servers
  - ldap://ldap2.example.org
 # Do not change the ldap config
 # - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
 #   The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
 # - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
 KEEP_EXISTING_CONFIG: false
 # Remove config after setup
 LDAP_REMOVE_CONFIG_AFTER_SETUP: true
 # ssl-helper environment variables prefix
 LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
--- a/demos/data/ldap/base/kustomization.yaml
+++ b/demos/data/ldap/base/kustomization.yaml
@@ -0,0 +1,7 @@
 resources:
 - deployment.yaml
 - service.yaml
 configMapGenerator:
 - name: ldap-configmap
  files:
    - env.startup.txt
--- a/demos/data/ldap/base/service.yaml
+++ b/demos/data/ldap/base/service.yaml
@@ -0,0 +1,11 @@
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app: ldap
  name: ldap-service
 spec:
  ports:
    - port: 389
  selector:
    app: ldap
--- a/demos/data/ldap/base/tests/test.sh
+++ b/demos/data/ldap/base/tests/test.sh
@@ -0,0 +1,78 @@
 #!/bin/bash
 # This script validates that this package works as expected with kustomize.
 # The validation makes sure following steps are correctly executed and the output is as expected
 # - deploy a ldap server by the output of kustomize
 # - add a user
 # - query a user
 # - delete a user
 #
 # This script should be called as
 # test.sh <path to directory of Kube-manifest.yaml>
 #
 # Testing passes if exit code is 0
 # Tesging fails if exit code is 1
 set -x
 function exit_with {
  local msg=$1
  echo >&2 ${msg}
  exit 1
 }
 # make sure kustomize and kubectl are available
 command -v kustomize >/dev/null 2>&1 || { exit_with "Require kustomize but it's not installed.  Aborting."; }
 command -v kubectl >/dev/null 2>&1 || { exit_with "Require kubectl but it's not installed.  Aborting."; }
 # set namespace to default
 kubectl config set-context $(kubectl config current-context) --namespace=default
 # run kustomize
 # kustomize build $1 | kubectl apply -f - || { exit_with "Failed to run kubectl apply"; }
 echo Kustomizing \"$1\"
 ls $1
 kustomize build $1 > generatedResources.yaml
 [[ $? -eq 0 ]] || { exit_with "Failed to kustomize build"; }
 cat generatedResources.yaml
 kubectl apply -f generatedResources.yaml
 [[ $? -eq 0 ]] || { exit_with "Failed to run kubectl apply"; }
 sleep 20
 # get the pod and namespace
 pod=$(kubectl get pods -l app=ldap  -o jsonpath='{.items[0].metadata.name}')
 namespace=$(kubectl get pods -l app=ldap  -o jsonpath='{.items[0].metadata.namespace}')
 container="ldap"
 [[ -z ${pod} ]] && { exit_with "Pod is not started successfully"; }
 [[ -z ${namespace} ]] && { exit_with "Couldn't get namespace for Pod ${pod}"; }
 # create a user ldif file locally
 ldiffile="user.ldif"
 cat <<EOF >$ldiffile
 dn: cn=The Postmaster,dc=example,dc=org
 objectClass: organizationalRole
 cn: The Postmaster
 EOF
 [[ -f ${ldiffile} ]] || { exit_with "Failed to create ldif file locally"; }
 # add a user
 pod_ldiffile="/tmp/user.ldif"
 kubectl cp $ldiffile  ${namespace}/${pod}:${pod_ldiffile} || { exit_with "Failed to copy ldif file to Pod ${pod}"; }
 kubectl exec ${pod} -c ${container} -- ldapadd -x -H ldap://localhost -D "cn=admin,dc=example,dc=org" -w admin \
 -f ${pod_ldiffile} || { exit_with "Failed to add a user"; }
 # query the added user
 r=$(kubectl exec ${pod} -c ${container} -- ldapsearch -x -H ldap://localhost -b dc=example,dc=org \
 -D "cn=admin,dc=example,dc=org" -w admin)
 user_count=$(echo ${r} | grep "cn: The Postmaster" | wc -l)
 [[ ${user_count} -eq 0 ]] && { exit_with "Couldn't find the new added user"; }
 # delete the added user
 kubectl exec ${pod} -c ${container} -- ldapdelete -v -x -H ldap://localhost "cn=The Postmaster,dc=example,dc=org" \
 -D "cn=admin,dc=example,dc=org" -w admin || {  exit_with "Failed to delete the user"; }
 r=$(kubectl exec ${pod} -c ${container} -- ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin)
 user_count=$(echo ${r} | grep "cn: The Postmaster" | wc -l)
 [[ ${user_count} -ne 0 ]] && { exit_with "The user hasn't been deleted."; }
 # kubectl delete
 kubectl delete -f generatedResources.yaml
 rm $ldiffile
--- a/demos/data/ldap/overlays/production/deployment.yaml
+++ b/demos/data/ldap/overlays/production/deployment.yaml
@@ -0,0 +1,13 @@
 apiVersion: apps/v1beta2
 kind: Deployment
 metadata:
  name: ldap
 spec:
  replicas: 6
  template:
    spec:
      volumes:
        - name: ldap-data
          emptyDir: null
          gcePersistentDisk:
            pdName: ldap-persistent-storage
--- a/demos/data/ldap/overlays/production/kustomization.yaml
+++ b/demos/data/ldap/overlays/production/kustomization.yaml
@@ -0,0 +1,5 @@
 bases:
  - ../../base
 patches:
  - deployment.yaml
 namePrefix: production-
--- a/demos/data/ldap/overlays/staging/config.env
+++ b/demos/data/ldap/overlays/staging/config.env
@@ -0,0 +1,2 @@
 DB_USERNAME=admin
 DB_PASSWORD=somepw
--- a/demos/data/ldap/overlays/staging/deployment.yaml
+++ b/demos/data/ldap/overlays/staging/deployment.yaml
@@ -0,0 +1,7 @@
 apiVersion: apps/v1beta2
 kind: Deployment
 metadata:
  name: ldap
 spec:
  replicas: 2
--- a/demos/data/ldap/overlays/staging/kustomization.yaml
+++ b/demos/data/ldap/overlays/staging/kustomization.yaml
@@ -0,0 +1,9 @@
 bases:
  - ../../base
 patches:
  - deployment.yaml
 nameprefix: staging-
 configMapGenerator:
  - name: env-config
    files:
      - config.env