diff --git a/README.md b/README.md index 95fa256..2cb747b 100644 --- a/README.md +++ b/README.md @@ -239,6 +239,15 @@ Once you have completed the above steps you can complete the file values.yaml to | security.dexClientScope | Yes | Use "email openid profile offline_access groups" | | security.gcpCredentials | No | JSON Credentials for Google Identity Authentication | | security.caCerts | No | Custom CA certificates to be added at runtime | +| openldap.adminUser | Yes | LDAP deployment admin user | +| openldap.adminPass | Yes | LDAP deployment admin password | +| openldap.baseRoot | Yes | LDAP baseDN (or suffix) of the LDAP tree | +| openldap.image | Yes | LDAP deployment image repository | +| openldap.version | Yes | LDAP deployment image tag | +| openldap.imagePullSecrets | No | Secret used to pull images from private repository | +| openldap.podLabels | No | Pod labels for LDAP deployment | +| openldap.securityContext | No | Security context for LDAP deployment | +| openldap.containerSecurityContext | No | Container security context for LDAP deployment | | storage.defaultStorage | No | Enable default storage using minio helm chart | | storage.gcp.projectId | No | GCP Project Id for the storage | | storage.gcp.bucketName | No | GCP Bucket name for the storage | diff --git a/charts/terrakube/Chart.yaml b/charts/terrakube/Chart.yaml index 0109916..b8466c4 100644 --- a/charts/terrakube/Chart.yaml +++ b/charts/terrakube/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.17.4 +version: 3.17.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/terrakube/templates/deployment-openldap.yaml b/charts/terrakube/templates/deployment-openldap.yaml index a203be6..cdaf6fd 100644 --- a/charts/terrakube/templates/deployment-openldap.yaml +++ b/charts/terrakube/templates/deployment-openldap.yaml @@ -29,11 +29,11 @@ spec: image: {{ .Values.openldap.image }}:{{ .Values.openldap.version }} env: - name: LDAP_ADMIN_USERNAME - value: "admin" + value: {{ .Values.openldap.adminUser }} - name: LDAP_ADMIN_PASSWORD - value: "admin" + value: {{ .Values.openldap.adminPass }} - name: LDAP_ROOT - value: "dc=example,dc=org" + value: {{ .Values.openldap.baseRoot }} - name: LDAP_CUSTOM_LDIF_DIR value: "/ldifs" ports: diff --git a/charts/terrakube/templates/secret-openldap.yaml b/charts/terrakube/templates/secret-openldap.yaml index 5ebf36f..6b6e0b4 100644 --- a/charts/terrakube/templates/secret-openldap.yaml +++ b/charts/terrakube/templates/secret-openldap.yaml @@ -6,38 +6,38 @@ metadata: type: Opaque stringData: config-ldap.ldif: | - dn: dc=example,dc=org + dn: {{ .Values.openldap.baseRoot }} dc: example objectClass: dcObject objectClass: organization o: Example, Inc - dn: ou=users,dc=example,dc=org + dn: ou=users,{{ .Values.openldap.baseRoot }} ou: users objectClass: organizationalunit - dn: cn=lester,ou=users,dc=example,dc=org + dn: cn={{ .Values.openldap.adminUser }},ou=users,{{ .Values.openldap.baseRoot }} objectClass: inetOrgPerson - sn: Parkinson - cn: Lester + sn: Admin + cn: Admin mail: admin@example.com - userpassword: admin + userpassword: {{ .Values.openldap.adminPass }} - dn: cn=grady,ou=users,dc=example,dc=org + dn: cn=grady,ou=users,{{ .Values.openldap.baseRoot }} objectClass: inetOrgPerson sn: Chambers cn: Grady mail: aws@example.com - userpassword: azure + userpassword: aws - dn: cn=saarah,ou=users,dc=example,dc=org + dn: cn=saarah,ou=users,{{ .Values.openldap.baseRoot }} objectClass: inetOrgPerson sn: Lott cn: Saarah mail: azure@example.com - userpassword: aws + userpassword: azure - dn: cn=eugene,ou=users,dc=example,dc=org + dn: cn=eugene,ou=users,{{ .Values.openldap.baseRoot }} objectClass: inetOrgPerson sn: Monaghan cn: Eugene @@ -46,33 +46,33 @@ stringData: # Group definitions. - dn: ou=Groups,dc=example,dc=org + dn: ou=Groups,{{ .Values.openldap.baseRoot }} objectClass: organizationalUnit ou: Groups - dn: cn=TERRAKUBE_ADMIN,ou=Groups,dc=example,dc=org + dn: cn=TERRAKUBE_ADMIN,ou=Groups,{{ .Values.openldap.baseRoot }} objectClass: groupOfNames cn: TERRAKUBE_ADMIN - member: cn=lester,ou=users,dc=example,dc=org + member: cn={{ .Values.openldap.adminUser }},ou=users,{{ .Values.openldap.baseRoot }} - dn: cn=TERRAKUBE_DEVELOPERS,ou=Groups,dc=example,dc=org + dn: cn=TERRAKUBE_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }} objectClass: groupOfNames cn: TERRAKUBE_DEVELOPERS - member: cn=lester,ou=users,dc=example,dc=org + member: cn={{ .Values.openldap.adminUser }},ou=users,{{ .Values.openldap.baseRoot }} - dn: cn=AZURE_DEVELOPERS,ou=Groups,dc=example,dc=org + dn: cn=AZURE_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }} objectClass: groupOfNames cn: AZURE_DEVELOPERS - member: cn=saarah,ou=users,dc=example,dc=org + member: cn=saarah,ou=users,{{ .Values.openldap.baseRoot }} - dn: cn=AWS_DEVELOPERS,ou=Groups,dc=example,dc=org + dn: cn=AWS_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }} objectClass: groupOfNames cn: AWS_DEVELOPERS - member: cn=grady,ou=users,dc=example,dc=org + member: cn=grady,ou=users,{{ .Values.openldap.baseRoot }} - dn: cn=GCP_DEVELOPERS,ou=Groups,dc=example,dc=org + dn: cn=GCP_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }} objectClass: groupOfNames cn: GCP_DEVELOPERS - member: cn=eugene,ou=users,dc=example,dc=org + member: cn=eugene,ou=users,{{ .Values.openldap.baseRoot }} {{ end }} diff --git a/charts/terrakube/values.yaml b/charts/terrakube/values.yaml index db2f656..ffe4595 100644 --- a/charts/terrakube/values.yaml +++ b/charts/terrakube/values.yaml @@ -18,9 +18,12 @@ security: ## OpenLdap openldap: - imagePullSecrets: [] + adminUser: "admin" + adminPass: "admin" + baseRoot: "dc=example,dc=org" image: "bitnami/openldap" version: "2.6.4-debian-11-r4" + imagePullSecrets: [] podLabels: {} securityContext: {} containerSecurityContext: {}