example/kubernetes/simple/ldap-deployment.yaml - airflow-openldap - Git at Google

 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: ldap
   labels:
     app: ldap
 spec:
   replicas: 1
   template:
     metadata:
       labels:
         app: ldap
     spec:
       containers:
         - name: ldap
           image: osixia/openldap:1.4.0
           volumeMounts:
             - name: ldap-data
               mountPath: /var/lib/ldap
             - name: ldap-config
               mountPath: /etc/ldap/slapd.d
             - name: ldap-certs
               mountPath: /container/service/slapd/assets/certs
           ports:
             - containerPort: 389
               name: openldap
           env:
             - name: LDAP_LOG_LEVEL
               value: "256"
             - name: LDAP_ORGANISATION
               value: "Example Inc."
             - name: LDAP_DOMAIN
               value: "example.org"
             - name: LDAP_ADMIN_PASSWORD
               value: "admin"
             - name: LDAP_CONFIG_PASSWORD
               value: "config"
             - name: LDAP_READONLY_USER
               value: "false"
             - name: LDAP_READONLY_USER_USERNAME
               value: "readonly"
             - name: LDAP_READONLY_USER_PASSWORD
               value: "readonly"
             - name: LDAP_RFC2307BIS_SCHEMA
               value: "false"
             - name: LDAP_BACKEND
               value: "mdb"
             - name: LDAP_TLS
               value: "true"
             - name: LDAP_TLS_CRT_FILENAME
               value: "ldap.crt"
             - name: LDAP_TLS_KEY_FILENAME
               value: "ldap.key"
             - name: LDAP_TLS_DH_PARAM_FILENAME
               value: "dhparam.pem"
             - name: LDAP_TLS_CA_CRT_FILENAME
               value: "ca.crt"
             - name: LDAP_TLS_ENFORCE
               value: "false"
             - name: LDAP_TLS_CIPHER_SUITE
               value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
             - name: LDAP_TLS_VERIFY_CLIENT
               value: "demand"
             - name: LDAP_REPLICATION
               value: "false"
             - name: LDAP_REPLICATION_CONFIG_SYNCPROV
               value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
             - name: LDAP_REPLICATION_DB_SYNCPROV
               value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
             - name: LDAP_REPLICATION_HOSTS
               value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
             - name: KEEP_EXISTING_CONFIG
               value: "false"
             - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
               value: "true"
             - name: LDAP_SSL_HELPER_PREFIX
               value: "ldap"
       volumes:
         - name: ldap-data
           hostPath:
             path: "/data/ldap/db"
         - name: ldap-config
           hostPath:
             path: "/data/ldap/config"
         - name: ldap-certs
           hostPath:
             path: "/data/ldap/certs"
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: ldap
	labels:
	app: ldap
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: ldap
	spec:
	containers:
	- name: ldap
	image: osixia/openldap:1.4.0
	volumeMounts:
	- name: ldap-data
	mountPath: /var/lib/ldap
	- name: ldap-config
	mountPath: /etc/ldap/slapd.d
	- name: ldap-certs
	mountPath: /container/service/slapd/assets/certs
	ports:
	- containerPort: 389
	name: openldap
	env:
	- name: LDAP_LOG_LEVEL
	value: "256"
	- name: LDAP_ORGANISATION
	value: "Example Inc."
	- name: LDAP_DOMAIN
	value: "example.org"
	- name: LDAP_ADMIN_PASSWORD
	value: "admin"
	- name: LDAP_CONFIG_PASSWORD
	value: "config"
	- name: LDAP_READONLY_USER
	value: "false"
	- name: LDAP_READONLY_USER_USERNAME
	value: "readonly"
	- name: LDAP_READONLY_USER_PASSWORD
	value: "readonly"
	- name: LDAP_RFC2307BIS_SCHEMA
	value: "false"
	- name: LDAP_BACKEND
	value: "mdb"
	- name: LDAP_TLS
	value: "true"
	- name: LDAP_TLS_CRT_FILENAME
	value: "ldap.crt"
	- name: LDAP_TLS_KEY_FILENAME
	value: "ldap.key"
	- name: LDAP_TLS_DH_PARAM_FILENAME
	value: "dhparam.pem"
	- name: LDAP_TLS_CA_CRT_FILENAME
	value: "ca.crt"
	- name: LDAP_TLS_ENFORCE
	value: "false"
	- name: LDAP_TLS_CIPHER_SUITE
	value: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
	- name: LDAP_TLS_VERIFY_CLIENT
	value: "demand"
	- name: LDAP_REPLICATION
	value: "false"
	- name: LDAP_REPLICATION_CONFIG_SYNCPROV
	value: "binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical"
	- name: LDAP_REPLICATION_DB_SYNCPROV
	value: "binddn=\"cn=admin,$LDAP_BASE_DN\" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase=\"$LDAP_BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"60 +\" timeout=1 starttls=critical"
	- name: LDAP_REPLICATION_HOSTS
	value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
	- name: KEEP_EXISTING_CONFIG
	value: "false"
	- name: LDAP_REMOVE_CONFIG_AFTER_SETUP
	value: "true"
	- name: LDAP_SSL_HELPER_PREFIX
	value: "ldap"
	volumes:
	- name: ldap-data
	hostPath:
	path: "/data/ldap/db"
	- name: ldap-config
	hostPath:
	path: "/data/ldap/config"
	- name: ldap-certs
	hostPath:
	path: "/data/ldap/certs"