kubernetes下配置openldap

创建openLDAP PVC:

#vim openladp-pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
annotations:
pv.kubernetes.io/bind-completed: ‘yes’
pv.kubernetes.io/bound-by-controller: ‘yes’
volume.beta.kubernetes.io/storage-provisioner: nfs-aliyun-storage
finalizers:
– kubernetes.io/pvc-protection
name: openldap-storage
spec:
accessModes:
– ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: aliyun-storage

注: 大家根据个人情况创建PVC配置,上述PVC配置复制可能会报错

openLDAP服务配置:
#vim ldap_deloyment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
k8s.kuboard.cn/service: ClusterIP
k8s.kuboard.cn/workload: ldap-server
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: ldap-server
name: ldap-server
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: ldap-server
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: ldap-server
spec:
containers:
– env:
– name: LDAP_ORGANISATION
value: meisfuture
– name: LDAP_DOMAIN
value: meisfuture.com
– name: LDAP_ADMIN_PASSWORD
value: p3dpniINO0IxFTECX40
image: osixia/openldap
imagePullPolicy: Always
name: ldap-server
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
– mountPath: /var/lib/ldap
name: ldap-storage
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
– hostPath:
path: /data/openldap_data
type: Directory
name: ldap-storage


apiVersion: v1
kind: Service
metadata:
annotations:
k8s.kuboard.cn/workload: ldap-server
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: ldap-server
name: ldap-server
namespace: gbs-group
spec:
ports:
– name: 2idtjc
port: 389
protocol: TCP
targetPort: 389
selector:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: ldap-server
sessionAffinity: None
type: ClusterIP

创建ldap管理服务

#vim phpldapadmin.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
k8s.kuboard.cn/ingress: ‘true’
k8s.kuboard.cn/service: ClusterIP
k8s.kuboard.cn/workload: phpldapadmin
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: phpldapadmin
name: phpldapadmin
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: phpldapadmin
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: phpldapadmin
spec:
containers:
– env:
– name: PHPLDAPADMIN_HTTPS
value: ‘false’
– name: PHPLDAPADMIN_LDAP_HOSTS
value: ldap-server
image: osixia/phpldapadmin
imagePullPolicy: Always
name: phpldapadmin
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30


apiVersion: v1
kind: Service
metadata:
annotations:
k8s.kuboard.cn/workload: phpldapadmin
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: phpldapadmin
name: phpldapadmin
spec:
ports:
– name: ntcyxe
port: 80
protocol: TCP
targetPort: 80
selector:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: phpldapadmin
sessionAffinity: None
type: ClusterIP


apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
k8s.kuboard.cn/workload: phpldapadmin
labels:
k8s.kuboard.cn/layer: svc
k8s.kuboard.cn/name: phpldapadmin
name: phpldapadmin
spec:
rules:
– host: ldap.meisfuture.com
http:
paths:
– backend:
serviceName: phpldapadmin
servicePort: ntcyxe
path: /

启动配置文件
kubectl apply -f ./

如有不对的地方请大家指出并告知,感谢。

发表评论