openldap docker k8s部署

1、docker部署

首先编写docker-compose.yml文件:

version: '2'

services:

openldap:

image: osixia/openldap:1.5.0

container_name: openldap

restart: always

environment:

LDAP_ORGANISATION: "gavin"

LDAP_DOMAIN: "auth.gavin.cn"

LDAP_BASE_DN: "dc=auth,dc=gavin,dc=cn"

LDAP_ADMIN_PASSWORD: "123456"

LDAP_CONFIG_PASSWORD: "123456"

volumes:

- /opt/openldap/ldap:/var/lib/ldap

- /opt/openldap/slapd.d:/etc/ldap/slapd.d

ports:

  • "389:389"

  • "636:636"

phpldapadmin:

image: osixia/phpldapadmin:latest

container_name: phpldapadmin

restart: always

environment:

PHPLDAPADMIN_LDAP_HOSTS: "openldap"

PHPLDAPADMIN_HTTPS: "false"

ports:

  • "50081:80"

depends_on:

  • openldap

然后通过docker-compose up启动成功。http://localhost:50081/.

用户名为cn=admin,dc=auth,dc=gavin,dc=cn, 密码为123456

2、k8s部署,

首先通过docker命令把镜像推送到harbor

编写openldap.yml,


apiVersion: apps/v1

kind: Deployment

metadata:

annotations: {}

labels:

k8s.kuboard.cn/layer: db

k8s.kuboard.cn/name: openldap

name: openldap

namespace: base-component

resourceVersion: '43043689'

spec:

progressDeadlineSeconds: 600

replicas: 1

revisionHistoryLimit: 10

selector:

matchLabels:

k8s.kuboard.cn/layer: db

k8s.kuboard.cn/name: openldap

strategy:

rollingUpdate:

maxSurge: 25%

maxUnavailable: 25%

type: RollingUpdate

template:

metadata:

creationTimestamp: null

labels:

k8s.kuboard.cn/layer: db

k8s.kuboard.cn/name: openldap

spec:

containers:

  • env:

  • name: LDAP_ORGANISATION

value: gavin

  • name: LDAP_DOMAIN

value: auth.gavin.cn

  • name: LDAP_BASE_DN

value: 'dc=auth,dc=gavin,dc=cn'

  • name: LDAP_ADMIN_PASSWORD

value: 123456

  • name: LDAP_CONFIG_PASSWORD

value: 123456

image: '192.168.20.4:8930/base-component/osixia/openldap:1.0.0'

imagePullPolicy: IfNotPresent

name: openldap

resources: {}

terminationMessagePath: /dev/termination-log

terminationMessagePolicy: File

volumeMounts:

  • mountPath: '/opt/openldap/ldap:/var/lib/ldap'

name: volume-hznp6

  • mountPath: '/opt/openldap/slapd.d:/etc/ldap/slapd.d'

name: volume-hznp6

dnsPolicy: ClusterFirst

restartPolicy: Always

schedulerName: default-scheduler

securityContext: {}

terminationGracePeriodSeconds: 30

volumes:

  • name: volume-hznp6

persistentVolumeClaim:

claimName: openldap

编写phpldapadmin.yml


apiVersion: apps/v1

kind: Deployment

metadata:

annotations: {}

labels:

k8s.kuboard.cn/layer: web

k8s.kuboard.cn/name: phpldapadmin

name: phpldapadmin

namespace: base-component

resourceVersion: '43046631'

spec:

progressDeadlineSeconds: 600

replicas: 1

revisionHistoryLimit: 10

selector:

matchLabels:

k8s.kuboard.cn/layer: web

k8s.kuboard.cn/name: phpldapadmin

strategy:

rollingUpdate:

maxSurge: 25%

maxUnavailable: 25%

type: RollingUpdate

template:

metadata:

creationTimestamp: null

labels:

k8s.kuboard.cn/layer: web

k8s.kuboard.cn/name: phpldapadmin

spec:

containers:

  • env:

  • name: PHPLDAPADMIN_LDAP_HOSTS

value: openldap-svc

  • name: PHPLDAPADMIN_HTTPS

value: 'false'

image: '192.168.20.4:8930/base-component/osixia/phpldapadmin:1.0.0'

imagePullPolicy: IfNotPresent

name: phpldapadmin

resources: {}

terminationMessagePath: /dev/termination-log

terminationMessagePolicy: File

dnsPolicy: ClusterFirst

restartPolicy: Always

schedulerName: default-scheduler

securityContext: {}

terminationGracePeriodSeconds: 30

status:

availableReplicas: 1

conditions:

  • lastTransitionTime: '2023-07-13T06:19:54Z'

lastUpdateTime: '2023-07-13T06:19:54Z'

message: Deployment has minimum availability.

reason: MinimumReplicasAvailable

status: 'True'

type: Available

  • lastTransitionTime: '2023-07-13T06:19:49Z'

lastUpdateTime: '2023-07-13T06:45:55Z'

message: ReplicaSet "phpldapadmin-7bf9f9957c" is progressing.

reason: ReplicaSetUpdated

status: 'True'

type: Progressing

observedGeneration: 6

readyReplicas: 1

replicas: 1

unavailableReplicas: 1

updatedReplicas: 1

编写服务openldap-svc.yml


apiVersion: v1

kind: Service

metadata:

name: openldap-svc

namespace: base-component

resourceVersion: '43043585'

spec:

clusterIP: 10.233.170.152

clusterIPs:

  • 10.233.170.152

externalTrafficPolicy: Cluster

internalTrafficPolicy: Cluster

ipFamilies:

  • IPv4

ipFamilyPolicy: SingleStack

ports:

  • name: r6pkcf

nodePort: 389

port: 389

protocol: TCP

targetPort: 389

  • name: fw8jjr

nodePort: 636

port: 636

protocol: TCP

targetPort: 636

selector:

k8s.kuboard.cn/layer: db

k8s.kuboard.cn/name: openldap

sessionAffinity: None

type: NodePort

编写 phpldapadmin-svc.yml


apiVersion: v1

kind: Service

metadata:

name: phpldapadmin-svc

namespace: base-component

resourceVersion: '43042798'

spec:

clusterIP: 10.233.214.176

clusterIPs:

  • 10.233.214.176

externalTrafficPolicy: Cluster

internalTrafficPolicy: Cluster

ipFamilies:

  • IPv4

ipFamilyPolicy: SingleStack

ports:

  • name: dbz2rn

nodePort: 5080

port: 80

protocol: TCP

targetPort: 80

selector:

k8s.kuboard.cn/layer: web

k8s.kuboard.cn/name: phpldapadmin

sessionAffinity: None

type: NodePort

然后启动,进入页面。

注意:在phpldapadmin.yml文件里的环境变量PHPLDAPADMIN_LDAP_HOSTS,之前用的是openldap,也就是工作负载的名称,但是页面会出现不能连接ldap服务。改成openldap-svc就可以了,可能是因为工作负载不对外。

相关推荐
saynaihe1 小时前
安全地使用 Docker 和 Systemctl 部署 Kafka 的综合指南
运维·安全·docker·容器·kafka
G_whang3 小时前
centos7下docker 容器实现redis主从同步
redis·docker·容器
认真学习的小雅兰.3 小时前
如何在Ubuntu上利用Docker和Cpolar实现Excalidraw公网访问高效绘图——“cpolar内网穿透”
linux·ubuntu·docker
the丶only4 小时前
单点登录平台Casdoor搭建与使用,集成gitlab同步创建删除账号
linux·运维·服务器·docker·gitlab
书生-w4 小时前
Docker部署GitLab服务器
服务器·docker·gitlab
塔克拉玛攻城狮4 小时前
私有网盘+在线文档:内网离线搭建NextCloud+OnlyOffice详细指南
docker·在线文档·网盘
ccubee4 小时前
docker 安装 ftp
运维·docker·容器
探索云原生5 小时前
在 K8S 中创建 Pod 是如何使用到 GPU 的: nvidia device plugin 源码分析
ai·云原生·kubernetes·go·gpu
启明真纳5 小时前
elasticache备份
运维·elasticsearch·云原生·kubernetes
TsengOnce6 小时前
Docker 安装 禅道-21.2版本-外部数据库模式
运维·docker·容器