apiVersion: apps/v1
kind: Deployment
metadata:
name: ldap
namespace: ldap-server
labels:
app: ldap
spec:
selector:
matchLabels:
app: ldap
replicas: 1
template:
metadata:
labels:
app: ldap
spec:
containers:
- name: ldap
image: osixia/openldap:1.4.0
resources:
requests:
cpu: "100m"
memory: "100Mi"
limits:
cpu: "200m"
memory: "200Mi"
livenessProbe:
tcpSocket:
port: 389
initialDelaySeconds: 15
periodSeconds: 20
volumeMounts:
- name: ldap-data
mountPath: /var/lib/ldap
readOnly: false
- name: ldap-config
mountPath: /etc/ldap/slapd.d
readOnly: false
- name: ldap-certs
mountPath: /container/service/slapd/assets/certs
readOnly: false
ports:
- containerPort: 389
name: openldap
env:
- name: LDAP_LOG_LEVEL
value: "256"
- name: LDAP_ORGANISATION
value: "Example Inc."
- name: LDAP_DOMAIN
value: "example.org"
- name: LDAP_ADMIN_PASSWORD
value: "admin"
- name: LDAP_CONFIG_PASSWORD
value: "config"
- name: LDAP_READONLY_USER
value: "false"
- name: LDAP_READONLY_USER_USERNAME
value: "readonly"
- name: LDAP_READONLY_USER_PASSWORD
value: "readonly"
- name: LDAP_RFC2307BIS_SCHEMA
value: "false"
- name: LDAP_BACKEND
value: "mdb"
- name: LDAP_TLS
value: "true"
- name: LDAP_TLS_CRT_FILENAME
value: "ldap.crt"
- name: LDAP_TLS_KEY_FILENAME
value: "ldap.key"
- name: LDAP_TLS_DH_PARAM_FILENAME
value: "dhparam.pem"
- name: LDAP_TLS_CA_CRT_FILENAME
value: "ca.crt"
- name: LDAP_TLS_ENFORCE
value: "false"
- name: LDAP_TLS_CIPHER_SUITE
value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
- name: LDAP_TLS_VERIFY_CLIENT
value: "demand"
- name: LDAP_REPLICATION
value: "false"
- name: LDAP_REPLICATION_CONFIG_SYNCPROV
value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
- name: LDAP_REPLICATION_DB_SYNCPROV
value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
- name: LDAP_REPLICATION_HOSTS
value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
- name: KEEP_EXISTING_CONFIG
value: "false"
- name: LDAP_REMOVE_CONFIG_AFTER_SETUP
value: "true"
- name: LDAP_SSL_HELPER_PREFIX
value: "ldap"
volumes:
- name: ldap-data
persistentVolumeClaim:
claimName: ldapserver-db
# hostPath:
# path: "/data/ldap/db"
- name: ldap-config
persistentVolumeClaim:
claimName: ldapserver-config
#hostPath:
# path: "/data/ldap/config"
- name: ldap-certs
persistentVolumeClaim:
claimName: ldapserver-certs
# hostPath:
# path: "/data/ldap/certs"
