1、docker部署
首先编写docker-compose.yml文件:
version: '2'
services:
openldap:
image: osixia/openldap:1.5.0
container_name: openldap
restart: always
environment:
LDAP_ORGANISATION: "gavin"
LDAP_DOMAIN: "auth.gavin.cn"
LDAP_BASE_DN: "dc=auth,dc=gavin,dc=cn"
LDAP_ADMIN_PASSWORD: "123456"
LDAP_CONFIG_PASSWORD: "123456"
volumes:
- /opt/openldap/ldap:/var/lib/ldap
- /opt/openldap/slapd.d:/etc/ldap/slapd.d
ports:
-
"389:389"
-
"636:636"
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
restart: always
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "50081:80"
depends_on:
- openldap
然后通过docker-compose up启动成功。http://localhost:50081/.
用户名为cn=admin,dc=auth,dc=gavin,dc=cn, 密码为123456
2、k8s部署,
首先通过docker命令把镜像推送到harbor
编写openldap.yml,
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
k8s.kuboard.cn/name: openldap
name: openldap
namespace: base-component
resourceVersion: '43043689'
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/name: openldap
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
k8s.kuboard.cn/name: openldap
spec:
containers:
-
env:
-
name: LDAP_ORGANISATION
value: gavin
- name: LDAP_DOMAIN
value: auth.gavin.cn
- name: LDAP_BASE_DN
value: 'dc=auth,dc=gavin,dc=cn'
- name: LDAP_ADMIN_PASSWORD
value: 123456
- name: LDAP_CONFIG_PASSWORD
value: 123456
image: '192.168.20.4:8930/base-component/osixia/openldap:1.0.0'
imagePullPolicy: IfNotPresent
name: openldap
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: '/opt/openldap/ldap:/var/lib/ldap'
name: volume-hznp6
- mountPath: '/opt/openldap/slapd.d:/etc/ldap/slapd.d'
name: volume-hznp6
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: volume-hznp6
persistentVolumeClaim:
claimName: openldap
编写phpldapadmin.yml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
k8s.kuboard.cn/name: phpldapadmin
name: phpldapadmin
namespace: base-component
resourceVersion: '43046631'
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/name: phpldapadmin
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
k8s.kuboard.cn/name: phpldapadmin
spec:
containers:
-
env:
-
name: PHPLDAPADMIN_LDAP_HOSTS
value: openldap-svc
- name: PHPLDAPADMIN_HTTPS
value: 'false'
image: '192.168.20.4:8930/base-component/osixia/phpldapadmin:1.0.0'
imagePullPolicy: IfNotPresent
name: phpldapadmin
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
status:
availableReplicas: 1
conditions:
- lastTransitionTime: '2023-07-13T06:19:54Z'
lastUpdateTime: '2023-07-13T06:19:54Z'
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: 'True'
type: Available
- lastTransitionTime: '2023-07-13T06:19:49Z'
lastUpdateTime: '2023-07-13T06:45:55Z'
message: ReplicaSet "phpldapadmin-7bf9f9957c" is progressing.
reason: ReplicaSetUpdated
status: 'True'
type: Progressing
observedGeneration: 6
readyReplicas: 1
replicas: 1
unavailableReplicas: 1
updatedReplicas: 1
编写服务openldap-svc.yml
apiVersion: v1
kind: Service
metadata:
name: openldap-svc
namespace: base-component
resourceVersion: '43043585'
spec:
clusterIP: 10.233.170.152
clusterIPs:
- 10.233.170.152
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: r6pkcf
nodePort: 389
port: 389
protocol: TCP
targetPort: 389
- name: fw8jjr
nodePort: 636
port: 636
protocol: TCP
targetPort: 636
selector:
k8s.kuboard.cn/name: openldap
sessionAffinity: None
type: NodePort
编写 phpldapadmin-svc.yml
apiVersion: v1
kind: Service
metadata:
name: phpldapadmin-svc
namespace: base-component
resourceVersion: '43042798'
spec:
clusterIP: 10.233.214.176
clusterIPs:
- 10.233.214.176
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: dbz2rn
nodePort: 5080
port: 80
protocol: TCP
targetPort: 80
selector:
k8s.kuboard.cn/name: phpldapadmin
sessionAffinity: None
type: NodePort
然后启动,进入页面。
注意:在phpldapadmin.yml文件里的环境变量PHPLDAPADMIN_LDAP_HOSTS,之前用的是openldap,也就是工作负载的名称,但是页面会出现不能连接ldap服务。改成openldap-svc就可以了,可能是因为工作负载不对外。