Kuberneters|Kuberneters 搭建openLDAP Kuberneters搭建openLDAP

背景：要安装一系列的工具，如：jenkins spinnaker gitlab。账号系统是一件烦人的事情。前两年自己也试过openladap这样的统一账号管理认证。现在就想再用一下.把几个软件的账户系统整合一下（主要是想上spinnaker了）。搭建方式基本参照：https://mutoulazy.github.io/2021/04/01/kubernetes/openLDAP/#%E5%9C%A8k8s%E4%B8%AD%E9%83%A8%E7%BD%B2。不过这个哥们写的配置文件也比较乱，起码的pv,pvc应该先创建吧？yaml顺序整的杂七乱八的都是创建了服务后导出的.....，另外还有这里两个的可以参考：Kubernetes - - k8s - v1.12.3 OpenLDAP统一认证kubernetes实战(十一)：k8s使用openLDAP统一认证
反正就结合这几个搞一下吧！
kubernetes 搭建openLDAP 1.创建pvc 默认存储cbs，直接使用了腾讯云的cbs块存储（最小10G的步长也是10G）

cat < pvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ldap-data-pvc namespace: kube-ops spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: cbs --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ldap-config-pvc namespace: kube-ops spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: cbs EOF kubectl apply -f pvc.yaml

文章图片

2. 创建ldap deployment svc服务

cat < ldap-deployment.yaml kind: Deployment apiVersion: apps/v1 metadata: name: openldap namespace: kube-ops labels: app: openldap annotations: app.kubernetes.io/alias-name: LDAP app.kubernetes.io/description: 认证中心 spec: replicas: 1 selector: matchLabels: app: openldap template: metadata: labels: app: openldap spec: containers: - name: openldap image: 'osixia/openldap:1.5.0' ports: - name: tcp-389 containerPort: 389 protocol: TCP - name: tcp-636 containerPort: 636 protocol: TCP env: - name: LDAP_ORGANISATION value: devops - name: LDAP_DOMAIN value: xxx.com - name: LDAP_ADMIN_PASSWORD value: xxxxxxxx - name: LDAP_CONFIG_PASSWORD value: xxxxxxx - name: LDAP_BACKEND value: mdb resources: limits: cpu: 500m memory: 500Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: ldap-config-pvc mountPath: /etc/ldap/slapd.d - name: ldap-data-pvc mountPath: /var/lib/ldap volumes: - name: ldap-config-pvc persistentVolumeClaim: claimName: ldap-config-pvc - name: ldap-data-pvc persistentVolumeClaim: claimName: ldap-data-pvc --- apiVersion: v1 kind: Service metadata: name: openldap-svc namespace: kube-ops labels: app: openldap-svc spec: ports: - name: tcp-389 port: 389 protocol: TCP targetPort: 389 - name: tcp-636 port: 636 protocol: TCP targetPort: 636 selector: app: openldap EOF kubectl apply -f ldap-deployment.yaml

文章图片

kubectl logs -f openldap-6d9859cdb-944pp -n kube-ops

文章图片

3.创建phpldap deployments svc服务

cat <ldap-phpldapadmin.yaml kind: Deployment apiVersion: apps/v1 metadata: name: ldap-phpldapadmin namespace: kube-ops labels: app: ldap-phpldapadmin annotations: app.kubernetes.io/alias-name: LDAP app.kubernetes.io/description: LDAP在线工具 spec: replicas: 1 selector: matchLabels: app: ldap-phpldapadmin template: metadata: labels: app: ldap-phpldapadmin spec: containers: - name: phpldapadmin image: 'osixia/phpldapadmin:stable' ports: - name: tcp-80 containerPort: 80 protocol: TCP env: - name: PHPLDAPADMIN_HTTPS value: 'false' - name: PHPLDAPADMIN_LDAP_HOSTS value: openldap-svc resources: limits: cpu: 500m memory: 500Mi requests: cpu: 10m memory: 10Mi --- apiVersion: v1 kind: Service metadata: name: ldap-phpldapadmin-svc namespace: kube-ops labels: app: ldap-phpldapadmin-svc spec: ports: - name: tcp-80 port: 80 protocol: TCP targetPort: 80 selector: app: ldap-phpldapadmin EOF kubectl apply -f ldap-phpldapadmin.yaml

文章图片

kubectl get svc -n kube-ops

文章图片

4. 创建ingress 代理

cat <traefik-ldap.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ldap-ui namespace: kube-ops annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: web spec: rules: - host: ldap.xxx.com http: paths: - pathType: Prefix path: / backend: service: name: ldap-phpldapadmin-svc port: number: 80 EOF kubectl apply -f traefik-ldap.yaml

5. 验证登陆 https://ldap.xxxx.com