| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: ldap |
| labels: |
| app: ldap |
| spec: |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: ldap |
| spec: |
| containers: |
| - name: ldap |
| image: osixia/openldap:1.4.0 |
| volumeMounts: |
| - name: ldap-data |
| mountPath: /var/lib/ldap |
| - name: ldap-config |
| mountPath: /etc/ldap/slapd.d |
| - name: ldap-certs |
| mountPath: /container/service/slapd/assets/certs |
| ports: |
| - containerPort: 389 |
| name: openldap |
| env: |
| - name: LDAP_LOG_LEVEL |
| value: "256" |
| - name: LDAP_ORGANISATION |
| value: "Example Inc." |
| - name: LDAP_DOMAIN |
| value: "example.org" |
| - name: LDAP_ADMIN_PASSWORD |
| value: "admin" |
| - name: LDAP_CONFIG_PASSWORD |
| value: "config" |
| - name: LDAP_READONLY_USER |
| value: "false" |
| - name: LDAP_READONLY_USER_USERNAME |
| value: "readonly" |
| - name: LDAP_READONLY_USER_PASSWORD |
| value: "readonly" |
| - name: LDAP_RFC2307BIS_SCHEMA |
| value: "false" |
| - name: LDAP_BACKEND |
| value: "mdb" |
| - name: LDAP_TLS |
| value: "true" |
| - name: LDAP_TLS_CRT_FILENAME |
| value: "ldap.crt" |
| - name: LDAP_TLS_KEY_FILENAME |
| value: "ldap.key" |
| - name: LDAP_TLS_DH_PARAM_FILENAME |
| value: "dhparam.pem" |
| - name: LDAP_TLS_CA_CRT_FILENAME |
| value: "ca.crt" |
| - name: LDAP_TLS_ENFORCE |
| value: "false" |
| - name: LDAP_TLS_CIPHER_SUITE |
| value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC" |
| - name: LDAP_TLS_VERIFY_CLIENT |
| value: "demand" |
| - name: LDAP_REPLICATION |
| value: "false" |
| - name: LDAP_REPLICATION_CONFIG_SYNCPROV |
| value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical" |
| - name: LDAP_REPLICATION_DB_SYNCPROV |
| value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical" |
| - name: LDAP_REPLICATION_HOSTS |
| value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']" |
| - name: KEEP_EXISTING_CONFIG |
| value: "false" |
| - name: LDAP_REMOVE_CONFIG_AFTER_SETUP |
| value: "true" |
| - name: LDAP_SSL_HELPER_PREFIX |
| value: "ldap" |
| volumes: |
| - name: ldap-data |
| hostPath: |
| path: "/data/ldap/db" |
| - name: ldap-config |
| hostPath: |
| path: "/data/ldap/config" |
| - name: ldap-certs |
| hostPath: |
| path: "/data/ldap/certs" |