1.搭建openLDAP
kubectl create namespace kube-ops1.2.创建pvc
存储使用的是nfs方式挂载,为默认,所以可写可不写。
mkdir -p ~/ldap ; cd ~/ldap
cat > pvc.yaml << EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ldap-data-pvc
namespace: kube-ops
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: nfs-storage
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ldap-config-pvc
namespace: kube-ops
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: nfs-storage
EOF
kubectl apply -f pvc.yamlcat > ldap-deployment.yaml <<EOF
kind: Deployment
apiVersion: apps/v1
metadata:
name: openldap
namespace: kube-ops
labels:
app: openldap
annotations:
app.kubernetes.io/alias-name: LDAP
app.kubernetes.io/description: 认证中心
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
containers:
- name: openldap
image: 'osixia/openldap:1.5.0'
ports:
- name: tcp-389
containerPort: 389
protocol: TCP
- name: tcp-636
containerPort: 636
protocol: TCP
env:
- name: LDAP_ORGANISATION
value: admin
- name: LDAP_DOMAIN
value: default.com
- name: LDAP_ADMIN_PASSWORD
value: g0hbSRZJovaqjsA
- name: LDAP_CONFIG_PASSWORD
value: C!DUwyUFZqqQj2&!
- name: LDAP_BACKEND
value: mdb
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: ldap-config-pvc
mountPath: /etc/ldap/slapd.d
- name: ldap-data-pvc
mountPath: /var/lib/ldap
volumes:
- name: ldap-config-pvc
persistentVolumeClaim:
claimName: ldap-config-pvc
- name: ldap-data-pvc
persistentVolumeClaim:
claimName: ldap-data-pvc
---
apiVersion: v1
kind: Service
metadata:
name: openldap-svc
namespace: kube-ops
labels:
app: openldap-svc
spec:
ports:
- name: tcp-389
port: 389
protocol: TCP
targetPort: 389
- name: tcp-636
port: 636
protocol: TCP
targetPort: 636
selector:
app: openldap
EOF
kubectl apply -f ldap-deployment.yamlcat > ldap-phpldapadmin.yaml << EOF
kind: Deployment
apiVersion: apps/v1
metadata:
name: ldap-phpldapadmin
namespace: kube-ops
labels:
app: ldap-phpldapadmin
annotations:
app.kubernetes.io/alias-name: LDAP
app.kubernetes.io/description: LDAP在线工具
spec:
replicas: 1
selector:
matchLabels:
app: ldap-phpldapadmin
template:
metadata:
labels:
app: ldap-phpldapadmin
spec:
containers:
- name: phpldapadmin
image: 'osixia/phpldapadmin:stable'
ports:
- name: tcp-80
containerPort: 80
protocol: TCP
env:
- name: PHPLDAPADMIN_HTTPS
value: 'false'
- name: PHPLDAPADMIN_LDAP_HOSTS
value: openldap-svc
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 10m
memory: 10Mi
---
apiVersion: v1
kind: Service
metadata:
name: ldap-phpldapadmin-svc
namespace: kube-ops
labels:
app: ldap-phpldapadmin-svc
spec:
ports:
- name: tcp-80
port: 80
protocol: TCP
targetPort: 80
selector:
app: ldap-phpldapadmin
EOF
kubectl apply -f ldap-phpldapadmin.yamlcat > ingress-ldap.yaml << EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ldap-ui
namespace: kube-ops
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: ldap.cloud.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: ldap-phpldapadmin-svc
port:
number: 80
EOF
kubectl apply -f traefik-ldap.yaml1.5. 验证
cn=admin,dc=default,dc=com
