example/kubernetes/using-secrets/environment/my-env.startup.yaml.example - airflow-openldap - Git at Google

 # This is the default image startup configuration file
 # this file define environment variables used during the container **first start** in **startup files**.

 # This file is deleted right after startup files are processed for the first time,
 # after that all these values will not be available in the container environment.
 # This helps to keep your container configuration secret.
 # more information : https://github.com/osixia/docker-light-baseimage

 # Required and used for new ldap server only
 LDAP_ORGANISATION: Example Inc.
 LDAP_DOMAIN: example.org
 LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN

 LDAP_ADMIN_PASSWORD: admin
 LDAP_CONFIG_PASSWORD: config

 LDAP_READONLY_USER: false
 LDAP_READONLY_USER_USERNAME: readonly
 LDAP_READONLY_USER_PASSWORD: readonly

 LDAP_RFC2307BIS_SCHEMA: false

 # Backend
 LDAP_BACKEND: mdb

 # Tls
 LDAP_TLS: true
 LDAP_TLS_CRT_FILENAME: ldap.crt
 LDAP_TLS_KEY_FILENAME: ldap.key
 LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
 LDAP_TLS_CA_CRT_FILENAME: ca.crt

 LDAP_TLS_ENFORCE: false
 LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
 LDAP_TLS_VERIFY_CLIENT: demand

 # Replication
 LDAP_REPLICATION: false
 # variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
 # are automaticaly replaced at run time

 # if you want to add replication to an existing ldap
 # adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
 # avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
 LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
 LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
 LDAP_REPLICATION_HOSTS:
   - ldap://ldap.example.org # The order must be the same on all ldap servers
   - ldap://ldap2.example.org


 # Do not change the ldap config
 # - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
 #   The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
 # - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
 KEEP_EXISTING_CONFIG: false

 # Remove config after setup
 LDAP_REMOVE_CONFIG_AFTER_SETUP: true

 # ssl-helper environment variables prefix
 LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
	# This is the default image startup configuration file
	# this file define environment variables used during the container first start in startup files.

	# This file is deleted right after startup files are processed for the first time,
	# after that all these values will not be available in the container environment.
	# This helps to keep your container configuration secret.
	# more information : https://github.com/osixia/docker-light-baseimage

	# Required and used for new ldap server only
	LDAP_ORGANISATION: Example Inc.
	LDAP_DOMAIN: example.org
	LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN

	LDAP_ADMIN_PASSWORD: admin
	LDAP_CONFIG_PASSWORD: config

	LDAP_READONLY_USER: false
	LDAP_READONLY_USER_USERNAME: readonly
	LDAP_READONLY_USER_PASSWORD: readonly

	LDAP_RFC2307BIS_SCHEMA: false

	# Backend
	LDAP_BACKEND: mdb

	# Tls
	LDAP_TLS: true
	LDAP_TLS_CRT_FILENAME: ldap.crt
	LDAP_TLS_KEY_FILENAME: ldap.key
	LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
	LDAP_TLS_CA_CRT_FILENAME: ca.crt

	LDAP_TLS_ENFORCE: false
	LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
	LDAP_TLS_VERIFY_CLIENT: demand

	# Replication
	LDAP_REPLICATION: false
	# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
	# are automaticaly replaced at run time

	# if you want to add replication to an existing ldap
	# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
	# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
	LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
	LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
	LDAP_REPLICATION_HOSTS:
	- ldap://ldap.example.org # The order must be the same on all ldap servers
	- ldap://ldap2.example.org


	# Do not change the ldap config
	# - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
	# The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
	# - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
	KEEP_EXISTING_CONFIG: false

	# Remove config after setup
	LDAP_REMOVE_CONFIG_AFTER_SETUP: true

	# ssl-helper environment variables prefix
	LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.