DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases Wiki Activity
92a024d744
ansible-role-eom/tasks/openldap.yaml
Eric Meehan 92a024d744 Misc. changes
2025-11-06 11:35:51 -05:00

145 lines
3.5 KiB
YAML
Raw Blame History

---
# Tasks file for OpenLDAP
- name: Create OpenLDAP namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: openldap
- name: Create PVC for OpenLDAP data
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: openldap
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create PVC for OpenLDAP configuration
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: config
namespace: openldap
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 32Gi
- name: Request a certificate for OpenLDAP
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: openldap
namespace: openldap
spec:
secretName: openldap
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
duration: 2160h # 90d
renewBefore: 360h # 15d
isCA: false
usages:
- server auth
- client auth
subject:
organizations:
- EOM
dnsNames:
- openldap.eom.dev
issuerRef:
name: ca-issuer
kind: ClusterIssuer
- name: Create Deployment for OpenLDAP
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: openldap
namespace: openldap
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
containers:
- name: openldap
image: osixia/openldap
env:
- name: LDAP_ORGANISATION
value: "EOM"
- name: LDAP_DOMAIN
value: "eom.dev"
- name: LDAP_ADMIN_PASSWORD
value: "{{ openldap_admin_password }}"
- name: LDAP_READONLY_USER
value: "true"
- name: LDAP_READONLY_USER_PASSWORD
value: "{{ openldap_readonly_password }}"
- name: LDAP_TLS_VERIFY_CLIENT
value: never
- name: LDAP_TLS_CRT_FILENAME
value: tls.crt
- name: LDAP_TLS_KEY_FILENAME
value: tls.key
volumeMounts:
- name: config
mountPath: /etc/ldap/slapd.d
- name: data
mountPath: /var/lib/ldap
ports:
- containerPort: 389
- containerPort: 636
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: config
persistentVolumeClaim:
claimName: config
- name: Create Service for OpenLDAP
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: openldap
namespace: openldap
spec:
selector:
app: openldap
ports:
- port: 389
name: ldap
- port: 636
name: ldaps
type: ClusterIP
Reference in New Issue View Git Blame Copy Permalink