Como desplegar un LDAP en Kubernetes

Todas las nubes orefecen su propio servicio de gestion de usuario y on premise siempre va a ver un departamento de Active Directory. A pesar de todo siempre nos puede tocar montar un systema de gestion de permisos y usarios y LDAP nos saca de muchas. Aqui os dejo el yaml de despliege de un openldap con phpldapadmin

Creamos el namespace

kubectl create namespace openldap

Creamos y ejecutamos el yaml

Codificamos el seecreto en base64 los argumentos de este ejemplo son myorgnization, mydomin y password

vi openldap.yaml

apiVersion: v1
kind: Secret
metadata:
  name: openldap-secrets
  namespace: openldap
type: Opaque
data:
  organizatation: "bXlvcmdhbml6YXRpb24=" #myorganization
  domain: "bXlkb21haW4=" #mydomain
  password: "bXlwYXNzd29yZA==" #mypassword
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: openldap-data-disk
  namespace: openldap
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openldap-deployment
  namespace: openldap
  labels:
    app: openldap
spec:
  replicas: 1
  selector:
    matchLabels:
      app: openldap
  template:
    metadata:
      labels:
        app: openldap
    spec:
      containers:
        - name: openldap
          image: osixia/openldap:1.3.0
          ports:
            - containerPort: 389
            - containerPort: 636
          env:
            - name: LDAP_ORGANISATION
              valueFrom:
                secretKeyRef:
                  name: openldap-secrets
                  key: organizatation
            - name: LDAP_DOMAIN
              valueFrom:
                secretKeyRef:
                  name: openldap-secrets
                  key: domain
            - name: LDAP_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: openldap-secrets
                  key: password
          volumeMounts:
            - name: openldap-volume
              mountPath: "/var/lib/ldap"
              subPath: database
            - name: openldap-volume
              mountPath: "/etc/ldap/slapd.d"
              subPath: config
      volumes:
        - name: openldap-volume
          persistentVolumeClaim:
            claimName: openldap-data-disk
---
apiVersion: v1
kind: Service
metadata:
  name: openldap-service
  namespace: openldap
spec:
  selector:
    app: openldap
  ports:
  - name: openldap1
    protocol: TCP
    port: 389
    targetPort: 389
  - name: openldap2
    protocol: TCP
    port: 636
    targetPort: 636
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: phpldapadmin-deployment
  namespace: openldap
  labels:
    app: phpldapadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpldapadmin
  template:
    metadata:
      labels:
        app: phpldapadmin
    spec:
      containers:
        - name: phpldapadmin
          image: osixia/phpldapadmin:0.9.0
          ports:
            - containerPort: 443
          env:
            - name: PHPLDAPADMIN_LDAP_HOSTS
              value: openldap-service
---
apiVersion: v1
kind: Service
metadata:
  name: phpldapadmin-service
  namespace: openldap
spec:
  type: LoadBalancer
  selector:
    app: phpldapadmin
  ports:
  - protocol: TCP
    port: 9943
    targetPort: 443

kubectl create -f openldap.yaml

Ahora ya podemos loguearnos en la ip que no haya asignado el LoadBalancer con https://ip-asignada::9943

Para loguearnos:

user: cn=admin,dc=mydomain
pass: mypassword