diff options
Diffstat (limited to 'data.d/k3s-master/manifests.d/auth-system/lldap')
4 files changed, 163 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml new file mode 100644 index 0000000..6eeccc0 --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/deployment.yaml @@ -0,0 +1,65 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + spec: + containers: + - env: + - name: GID + value: "1001" + - name: TZ + value: Europe/Amsterdam + - name: UID + value: "1001" + image: nitnelave/lldap:latest + name: lldap + ports: + - name: ldap + containerPort: 3890 + - name: ldaps + containerPort: 6360 + - name: http + containerPort: 8080 + volumeMounts: + - mountPath: /data + name: data + - mountPath: /etc/tls + name: tls + resources: + requests: + memory: 32Mi + limits: + memory: 128Mi + restartPolicy: Always + volumes: + - name: data + persistentVolumeClaim: + claimName: lldap + - name: tls + secret: + secretName: tls-nl.tyil.lldap +... diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml new file mode 100644 index 0000000..95b63bb --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" +spec: + ingressClassName: nginx + tls: + - hosts: + - lldap.tyil.nl + secretName: tls-nl.tyil.lldap + rules: + - host: lldap.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lldap + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml new file mode 100644 index 0000000..666a465 --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/pvc.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lldap + namespace: auth-system +spec: + storageClassName: seaweedfs + volumeName: etc-lldap + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +... diff --git a/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml new file mode 100644 index 0000000..6539352 --- /dev/null +++ b/data.d/k3s-master/manifests.d/auth-system/lldap/service.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: http + port: 80 + targetPort: 8080 +... +--- +apiVersion: v1 +kind: Service +metadata: + # This port may _not_ be named "lldap_ldap", as the application itself wants + # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the + # application can't handle. + name: ldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + ipFamilyPolicy: PreferDualStack + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: ldap + port: 389 + targetPort: 3890 + - name: ldaps + port: 636 + targetPort: 6360 +... |