背景:
要安装一系列的工具 ,如:jenkins spinnaker gitlab。账号系统是一件烦人的事情。前两年自己也试过openladap这样的统一账号管理认证。现在就想再用一下.把几个软件的账户系统整合一下(主要是想上spinnaker了)。搭建方式基本参照:https://mutoulazy.github.io/2021/04/01/kubernetes/openLDAP/#%E5%9C%A8k8s%E4%B8%AD%E9%83%A8%E7%BD%B2。不过这个哥们写的配置文件也比较乱,起码的pv,pvc应该先创建吧?yaml顺序整的杂七乱八的都是创建了服务后导出的…..,另外还有这里两个的可以参考:Kubernetes - - k8s - v1.12.3 OpenLDAP统一认证kubernetes实战(十一):k8s使用openLDAP统一认证
反正就结合这几个搞一下吧!
kubernetes 搭建openLDAP
1.创建pvc
默认存储cbs,直接使用了腾讯云的cbs块存储(最小10G的步长也是10G)
cat <<EOF > pvc.yamlapiVersion: v1kind: PersistentVolumeClaimmetadata:name: ldap-data-pvcnamespace: kube-opsspec:accessModes:- ReadWriteOnceresources:requests:storage: 10GistorageClassName: cbs---apiVersion: v1kind: PersistentVolumeClaimmetadata:name: ldap-config-pvcnamespace: kube-opsspec:accessModes:- ReadWriteOnceresources:requests:storage: 10GistorageClassName: cbsEOFkubectl apply -f pvc.yaml
2. 创建ldap deployment svc服务
cat <<EOF > ldap-deployment.yamlkind: DeploymentapiVersion: apps/v1metadata:name: openldapnamespace: kube-opslabels:app: openldapannotations:app.kubernetes.io/alias-name: LDAPapp.kubernetes.io/description: 认证中心spec:replicas: 1selector:matchLabels:app: openldaptemplate:metadata:labels:app: openldapspec:containers:- name: openldapimage: 'osixia/openldap:1.5.0'ports:- name: tcp-389containerPort: 389protocol: TCP- name: tcp-636containerPort: 636protocol: TCPenv:- name: LDAP_ORGANISATIONvalue: devops- name: LDAP_DOMAINvalue: xxx.com- name: LDAP_ADMIN_PASSWORDvalue: xxxxxxxx- name: LDAP_CONFIG_PASSWORDvalue: xxxxxxx- name: LDAP_BACKENDvalue: mdbresources:limits:cpu: 500mmemory: 500Mirequests:cpu: 100mmemory: 100MivolumeMounts:- name: ldap-config-pvcmountPath: /etc/ldap/slapd.d- name: ldap-data-pvcmountPath: /var/lib/ldapvolumes:- name: ldap-config-pvcpersistentVolumeClaim:claimName: ldap-config-pvc- name: ldap-data-pvcpersistentVolumeClaim:claimName: ldap-data-pvc---apiVersion: v1kind: Servicemetadata:name: openldap-svcnamespace: kube-opslabels:app: openldap-svcspec:ports:- name: tcp-389port: 389protocol: TCPtargetPort: 389- name: tcp-636port: 636protocol: TCPtargetPort: 636selector:app: openldapEOFkubectl apply -f ldap-deployment.yaml
logs -f openldap-6d9859cdb-944pp -n kube-ops
3.创建phpldap deployments svc服务
cat <<EOF > ldap-phpldapadmin.yamlkind: DeploymentapiVersion: apps/v1metadata:name: ldap-phpldapadminnamespace: kube-opslabels:app: ldap-phpldapadminannotations:app.kubernetes.io/alias-name: LDAPapp.kubernetes.io/description: LDAP在线工具spec:replicas: 1selector:matchLabels:app: ldap-phpldapadmintemplate:metadata:labels:app: ldap-phpldapadminspec:containers:- name: phpldapadminimage: 'osixia/phpldapadmin:stable'ports:- name: tcp-80containerPort: 80protocol: TCPenv:- name: PHPLDAPADMIN_HTTPSvalue: 'false'- name: PHPLDAPADMIN_LDAP_HOSTSvalue: openldap-svcresources:limits:cpu: 500mmemory: 500Mirequests:cpu: 10mmemory: 10Mi---apiVersion: v1kind: Servicemetadata:name: ldap-phpldapadmin-svcnamespace: kube-opslabels:app: ldap-phpldapadmin-svcspec:ports:- name: tcp-80port: 80protocol: TCPtargetPort: 80selector:app: ldap-phpldapadminEOFkubectl apply -f ldap-phpldapadmin.yaml
kubectl get svc -n kube-ops
4. 创建ingress 代理
cat <<EOF > traefik-ldap.yamlapiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: ldap-uinamespace: kube-opsannotations:kubernetes.io/ingress.class: traefiktraefik.ingress.kubernetes.io/router.entrypoints: webspec:rules:- host: ldap.xxx.comhttp:paths:- pathType: Prefixpath: /backend:service:name: ldap-phpldapadmin-svcport:number: 80EOFkubectl apply -f traefik-ldap.yaml
5. 验证
| Login DN: |
|---|
cn=admin,dc=xxx,dc=com
Password:
系统变量中的:LDAP_ADMIN_PASSWORD
深深的感受到了远古页面的感觉:
先整到这里 ,然后测试一下spinnaker集成。快一年没有搞了,整通了一起测试写一下spinnaker jenkins等应用的集成!
若有收获,就点个赞吧
0 人点赞
