From 57e12675f0e955d11c63c76edb6a495e4dfa30a4 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Wed, 2 Aug 2023 09:32:24 +0200 Subject: Move lldap to its own namespace --- .../oolah/auth-system/lldap/deployment.yaml | 54 ++++++++++++++++++++++ .../oolah/auth-system/lldap/ingress.yaml | 32 +++++++++++++ .../oolah/auth-system/lldap/service.yaml | 53 +++++++++++++++++++++ .../k3s-master/manifests.d/oolah/namespaces.yaml | 6 +++ .../oolah/personal-services/lldap/deployment.yaml | 54 ---------------------- .../oolah/personal-services/lldap/ingress.yaml | 32 ------------- .../oolah/personal-services/lldap/service.yaml | 53 --------------------- 7 files changed, 145 insertions(+), 139 deletions(-) create mode 100644 data.d/k3s-master/manifests.d/oolah/auth-system/lldap/deployment.yaml create mode 100644 data.d/k3s-master/manifests.d/oolah/auth-system/lldap/ingress.yaml create mode 100644 data.d/k3s-master/manifests.d/oolah/auth-system/lldap/service.yaml delete mode 100644 data.d/k3s-master/manifests.d/oolah/personal-services/lldap/deployment.yaml delete mode 100644 data.d/k3s-master/manifests.d/oolah/personal-services/lldap/ingress.yaml delete mode 100644 data.d/k3s-master/manifests.d/oolah/personal-services/lldap/service.yaml diff --git a/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/deployment.yaml new file mode 100644 index 0000000..8952e69 --- /dev/null +++ b/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/deployment.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + spec: + nodeName: "oolah.tyil.net" + containers: + - env: + - name: GID + value: "1001" + - name: TZ + value: Europe/Amsterdam + - name: UID + value: "1001" + image: nitnelave/lldap:stable + name: lldap + ports: + - containerPort: 3890 + - containerPort: 6360 + - containerPort: 17170 + volumeMounts: + - mountPath: /data + name: data + restartPolicy: Always + volumes: + - name: data + hostPath: + path: /etc/lldap + type: DirectoryOrCreate +... diff --git a/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/ingress.yaml new file mode 100644 index 0000000..cc82eec --- /dev/null +++ b/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - ldap.tyil.nl + secretName: tls-nl.tyil.ldap + rules: + - host: ldap.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lldap-http-service + port: + number: 17170 +... diff --git a/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/service.yaml new file mode 100644 index 0000000..1520b3c --- /dev/null +++ b/data.d/k3s-master/manifests.d/oolah/auth-system/lldap/service.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lldap-http-service + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: http + port: 17170 + targetPort: 17170 +... +--- +apiVersion: v1 +kind: Service +metadata: + # This port may _not_ be named "lldap_ldap", as the application itself wants + # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the + # application can't handle. + name: lldap-ldap-service + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + type: NodePort + ports: + - name: ldap + port: 3890 + targetPort: 3890 + nodePort: 3890 + - name: ldaps + port: 6360 + targetPort: 6360 + nodePort: 6360 +... diff --git a/data.d/k3s-master/manifests.d/oolah/namespaces.yaml b/data.d/k3s-master/manifests.d/oolah/namespaces.yaml index 93a834f..42cc6a3 100644 --- a/data.d/k3s-master/manifests.d/oolah/namespaces.yaml +++ b/data.d/k3s-master/manifests.d/oolah/namespaces.yaml @@ -2,6 +2,12 @@ apiVersion: v1 kind: Namespace metadata: + name: auth-system +... +--- +apiVersion: v1 +kind: Namespace +metadata: name: base-system ... --- diff --git a/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/deployment.yaml deleted file mode 100644 index 005387d..0000000 --- a/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: lldap - namespace: personal-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services - spec: - nodeName: "oolah.tyil.net" - containers: - - env: - - name: GID - value: "1001" - - name: TZ - value: Europe/Amsterdam - - name: UID - value: "1001" - image: nitnelave/lldap:stable - name: lldap - ports: - - containerPort: 3890 - - containerPort: 6360 - - containerPort: 17170 - volumeMounts: - - mountPath: /data - name: data - restartPolicy: Always - volumes: - - name: data - hostPath: - path: /etc/lldap - type: DirectoryOrCreate -... diff --git a/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/ingress.yaml deleted file mode 100644 index f8d6487..0000000 --- a/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: lldap - namespace: personal-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-production" - traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd -spec: - ingressClassName: traefik - tls: - - hosts: - - ldap.tyil.nl - secretName: tls-nl.tyil.ldap - rules: - - host: ldap.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: lldap-http-service - port: - number: 17170 -... diff --git a/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/service.yaml b/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/service.yaml deleted file mode 100644 index 374a154..0000000 --- a/data.d/k3s-master/manifests.d/oolah/personal-services/lldap/service.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: lldap-http-service - namespace: personal-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services - ports: - - name: http - port: 17170 - targetPort: 17170 -... ---- -apiVersion: v1 -kind: Service -metadata: - # This port may _not_ be named "lldap_ldap", as the application itself wants - # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the - # application can't handle. - name: lldap-ldap-service - namespace: personal-services - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: lldap - app.kubernetes.io/part-of: personal-services - type: NodePort - ports: - - name: ldap - port: 3890 - targetPort: 3890 - nodePort: 3890 - - name: ldaps - port: 6360 - targetPort: 6360 - nodePort: 6360 -... -- cgit v1.1