diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index 865c815..7fbf6e8 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -1,7 +1,7 @@ name: 'Setup env' description: 'Greet someone' inputs: - install-chaos: + install-chaos: description: 'Setup ChaosMesh' required: true default: false @@ -18,18 +18,18 @@ runs: - name: setup cluster shell: bash run: | - curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64 + curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.24.0/kind-linux-amd64 chmod +x /tmp/kind curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl rm -f kubectl sudo apt update sudo apt-get install -y ldap-utils - /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8 + /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.31.0@sha256:53df588e04085fd41ae12de0c3fe4c72f7013bba32a20e7325357a1ac94ba865 kubectl apply -f https://projectcontour.io/quickstart/contour.yaml kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}' - name: setup chaos mesh if: ${{ inputs.install-chaos == 'true' }} shell: bash run: | - curl -sSL https://mirrors.chaos-mesh.org/v2.6.2/install.sh | bash -s -- --local kind \ No newline at end of file + curl -sSL https://mirrors.chaos-mesh.org/v2.6.2/install.sh | bash -s -- --local kind diff --git a/Chart.yaml b/Chart.yaml index 148cf87..6a2691f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -13,7 +13,7 @@ dependencies: - bitnami-common version: ~2 home: https://www.openldap.org -version: 4.2.5 +version: 4.2.6 appVersion: 2.6.7 description: Community developed LDAP software icon: https://raw.githubusercontent.com/jp-gouin/helm-openldap/master/logo.png diff --git a/README.md b/README.md index 8f4ab3e..765e28d 100755 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ This version now use the [Bitnami Openldap](https://hub.docker.com/r/bitnami/ope More detail on the container image can be found [here](https://github.com/bitnami/containers/tree/main/bitnami/openldap) -The chart now support `Bitnami/Openldap 2.6.6`. +The chart now support `Bitnami/Openldap 2.6.6`. Due to #115, the chart does not fully support scaling the `openldap` cluster. To scale the cluster please follow [scaling your cluster](#scaling-your-cluster) - This will be fixed in priority @@ -46,68 +46,68 @@ The following table lists the configurable parameters of the openldap chart and Global parameters to configure the deployment of the application. -| Parameter | Description | Default | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `global.imageRegistry` | Global image registry | `""` | -| `global.imagePullSecrets` | Global list of imagePullSecrets | `[]` | -| `global.ldapDomain` | Domain LDAP can be explicit `dc=example,dc=org` or domain based `example.org` | `example.org` | -| `global.existingSecret` | Use existing secret for credentials - the expected keys are LDAP_ADMIN_PASSWORD and LDAP_CONFIG_ADMIN_PASSWORD | `""` | -| `global.adminUser` | Openldap database admin user | `admin` | -| `global.adminPassword` | Administration password of Openldap | `Not@SecurePassw0rd` | -| `global.configUserEnabled` | Whether to create a configuration admin user | `true` | -| `global.configUser` | Openldap configuration admin user | `admin` | -| `global.configPassword` | Configuration password of Openldap | `Not@SecurePassw0rd` | -| `global.ldapPort` | Ldap port | `389` | -| `global.sslLdapPort` | Ldaps port | `636` | +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------- | -------------------- | +| `global.imageRegistry` | Global image registry | `""` | +| `global.imagePullSecrets` | Global list of imagePullSecrets | `[]` | +| `global.ldapDomain` | Domain LDAP can be explicit `dc=example,dc=org` or domain based `example.org` | `example.org` | +| `global.existingSecret` | Use existing secret for credentials - the expected keys are LDAP_ADMIN_PASSWORD and LDAP_CONFIG_ADMIN_PASSWORD | `""` | +| `global.adminUser` | Openldap database admin user | `admin` | +| `global.adminPassword` | Administration password of Openldap | `Not@SecurePassw0rd` | +| `global.configUserEnabled` | Whether to create a configuration admin user | `true` | +| `global.configUser` | Openldap configuration admin user | `admin` | +| `global.configPassword` | Configuration password of Openldap | `Not@SecurePassw0rd` | +| `global.ldapPort` | Ldap port | `389` | +| `global.sslLdapPort` | Ldaps port | `636` | ### Application parameters Parameters related to the configuration of the application. -| Parameter | Description | Default | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `replicaCount` | Number of replicas | `3` | -| `users` | User list to create (comma separated list) , can't be use with customLdifFiles | "" | -| `userPasswords` | User password to create (comma seprated list) | "" | -| `group` | Group to create and add list of user above | "" | +| Parameter | Description | Default | +| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `replicaCount` | Number of replicas | `3` | +| `users` | User list to create (comma separated list) , can't be use with customLdifFiles | "" | +| `userPasswords` | User password to create (comma seprated list) | "" | +| `group` | Group to create and add list of user above | "" | | `env` | List of key value pairs as env variables to be sent to the docker image. See https://github.com/bitnami/containers/tree/main/bitnami/openldap for available ones | `[see values.yaml]` | -| `initTLSSecret.tls_enabled` | Set to enable TLS/LDAPS with custom certificate - Please also set `initTLSSecret.secret`, otherwise it will not take effect | `false` | -| `initTLSSecret.secret` | Secret containing TLS cert and key must contain the keys tls.key , tls.crt and ca.crt | `""` | -| `customSchemaFiles` | Custom openldap schema files used in addition to default schemas | `""` | -| `customLdifFiles` | Custom openldap configuration files used to override default settings | `""` | -| `customLdifCm` | Existing configmap with custom ldif. Can't be use with customLdifFiles | `""` | -| `customAcls` | Custom openldap ACLs. Overrides default ones. | `""` | -| `replication.enabled` | Enable the multi-master replication | `true` | -| `replication.retry` | retry period for replication in sec | `60` | -| `replication.timeout` | timeout for replication in sec| `1` | -| `replication.starttls` | starttls replication | `critical` | -| `replication.tls_reqcert` | tls certificate validation for replication | `never` | -| `replication.interval` | interval for replication | `00:00:00:10` | -| `replication.clusterName` | Set the clustername for replication | "cluster.local" | +| `initTLSSecret.tls_enabled` | Set to enable TLS/LDAPS with custom certificate - Please also set `initTLSSecret.secret`, otherwise it will not take effect | `false` | +| `initTLSSecret.secret` | Secret containing TLS cert and key must contain the keys tls.key , tls.crt and ca.crt | `""` | +| `customSchemaFiles` | Custom openldap schema files used in addition to default schemas | `""` | +| `customLdifFiles` | Custom openldap configuration files used to override default settings | `""` | +| `customLdifCm` | Existing configmap with custom ldif. Can't be use with customLdifFiles | `""` | +| `customAcls` | Custom openldap ACLs. Overrides default ones. | `""` | +| `replication.enabled` | Enable the multi-master replication | `true` | +| `replication.retry` | retry period for replication in sec | `60` | +| `replication.timeout` | timeout for replication in sec | `1` | +| `replication.starttls` | starttls replication | `critical` | +| `replication.tls_reqcert` | tls certificate validation for replication | `never` | +| `replication.interval` | interval for replication | `00:00:00:10` | +| `replication.clusterName` | Set the clustername for replication | "cluster.local" | ### Phpladadmin configuration Parameters related to PHPLdapAdmin -| Parameter | Description | Default | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `phpldapadmin.enabled` | Enable the deployment of PhpLdapAdmin | `true`| -| `phpldapadmin.ingress` | Ingress of Phpldapadmin | `{}` | -| `phpldapadmin.env` | Environment variables for PhpldapAdmin| `{PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: "never"}` | +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------- | ------------------------------------------------- | +| `phpldapadmin.enabled` | Enable the deployment of PhpLdapAdmin | `true` | +| `phpldapadmin.ingress` | Ingress of Phpldapadmin | `{}` | +| `phpldapadmin.env` | Environment variables for PhpldapAdmin | `{PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: "never"}` | -For more advance configuration see [README.md](./advanced_examples/README.md) +For more advance configuration see [README.md](./advanced_examples/README.md) For all possible chart parameters see chart's [README.md](./charts/phpldapadmin/README.md) ### Self-service password configuration Parameters related to Self-service password. -| Parameter | Description | Default | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -|`ltb-passwd.enabled`| Enable the deployment of Ltb-Passwd| `true` | -|`ltb-passwd.ingress`| Ingress of the Ltb-Passwd service | `{}` | +| Parameter | Description | Default | +| ---------------------------------- | ----------------------------------- | ------- | +| `ltb-passwd.enabled` | Enable the deployment of Ltb-Passwd | `true` | +| `ltb-passwd.ingress` | Ingress of the Ltb-Passwd service | `{}` | -For more advance configuration see [README.md](./advanced_examples/README.md) +For more advance configuration see [README.md](./advanced_examples/README.md) For all possible parameters see chart's [README.md](./charts/ltb-passwd/README.md) ### Kubernetes parameters @@ -117,51 +117,53 @@ Parameters related to Kubernetes. | Parameter | Description | Default | | ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | | `updateStrategy` | StatefulSet update strategy | `{}` | -| `kubeVersion` | kubeVersion Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | fullnameOverride String to fully override common.names.fullname | `""` | -| `commonLabels` | commonLabels Labels to add to all deployed objects | `{}` | -| `clusterDomain` | clusterDomain Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | extraDeploy Array of extra objects to deploy with the release | `""` | +| `kubeVersion` | kubeVersion Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | fullnameOverride String to fully override common.names.fullname | `""` | +| `commonLabels` | commonLabels Labels to add to all deployed objects | `{}` | +| `clusterDomain` | clusterDomain Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | extraDeploy Array of extra objects to deploy with the release | `""` | | `service.annotations` | Annotations to add to the service | `{}` | | `service.externalIPs` | Service external IP addresses | `[]` | -| `service.enableLdapPort` | Enable LDAP port on the service and headless service | `true` | -| `service.enableSslLdapPort` | Enable SSL LDAP port on the service and headless service | `true` | -| `service.ldapPortNodePort` | Nodeport of External service port for LDAP if service.type is NodePort | `nil` | -| `service.clusterIP` | Static cluster IP to assign to the service (if supported) | `nil` | +| `service.enableLdapPort` | Enable LDAP port on the service and headless service | `true` | +| `service.enableSslLdapPort` | Enable SSL LDAP port on the service and headless service | `true` | +| `service.ldapPortNodePort` | Nodeport of External service port for LDAP if service.type is NodePort | `nil` | +| `service.clusterIP` | Static cluster IP to assign to the service (if supported) | `nil` | | `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | | `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.sslLdapPortNodePort` | Nodeport of External service port for SSL if service.type is NodePort | `nil` | -| `service.type` | Service type can be ClusterIP, NodePort, LoadBalancer | `ClusterIP` | +| `service.sslLdapPortNodePort` | Nodeport of External service port for SSL if service.type is NodePort | `nil` | +| `service.type` | Service type can be ClusterIP, NodePort, LoadBalancer | `ClusterIP` | | `persistence.enabled` | Whether to use PersistentVolumes or not | `false` | | `persistence.storageClass` | Storage class for PersistentVolumes. | `` | -| `persistence.existingClaim` | Add existing Volumes Claim. | `` | +| `persistence.existingClaim` | Add existing Volumes Claim. | `` | | `persistence.accessMode` | Access mode for PersistentVolumes | `ReadWriteOnce` | | `persistence.size` | PersistentVolumeClaim storage size | `8Gi` | -| `extraVolumes` | Allow add extra volumes which could be mounted to statefulset | None | -| `extraVolumeMounts` | Add extra volumes to statefulset | None | -| `customReadinessProbe` | Liveness probe configuration | `[see values.yaml]` | -| `customLivenessProbe` | Readiness probe configuration | `[see values.yaml]` | -| `customStartupProbe` | Startup probe configuration | `[see values.yaml]` | +| `extraVolumes` | Allow add extra volumes which could be mounted to statefulset | None | +| `extraVolumeMounts` | Add extra volumes to statefulset | None | +| `customReadinessProbe` | Liveness probe configuration | `[see values.yaml]` | +| `customLivenessProbe` | Readiness probe configuration | `[see values.yaml]` | +| `customStartupProbe` | Startup probe configuration | `[see values.yaml]` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | '[]' | | `resources` | Container resource requests and limits in yaml | `{}` | -| `podSecurityContext` | Enabled OPENLDAP pods' Security Context | `true` |`` -| `containerSecurityContext` | Set OPENLDAP pod's Security Context fsGroup | `true` | -| `existingConfigmap` | existingConfigmap The name of an existing ConfigMap with your custom configuration for OPENLDAP | `` | -| `podLabels` | podLabels Extra labels for OPENLDAP pods| `{}` | -| `podAnnotations` | podAnnotations Extra annotations for OPENLDAP pods | `{}` | -| `podAffinityPreset` | podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`| `` | -| `podAntiAffinityPreset` | podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `podSecurityContext` | Enabled OPENLDAP pods' Security Context | `true` | +| `containerSecurityContext` | Set OPENLDAP pod's Security Context fsGroup | `true` | +| `existingConfigmap` | existingConfigmap The name of an existing ConfigMap with your custom configuration for OPENLDAP | `` | +| `podLabels` | podLabels Extra labels for OPENLDAP pods | `{}` | +| `podAnnotations` | podAnnotations Extra annotations for OPENLDAP pods | `{}` | +| `podAffinityPreset` | podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `` | +| `podAntiAffinityPreset` | podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | | `pdb.enabled` | Enable Pod Disruption Budget | `false` | | `pdb.minAvailable` | Configure PDB to have at least this many health replicas. | `1` | | `pdb.maxUnavailable` | Configure PDB to have at most this many unhealth replicas. | `` | -| `nodeAffinityPreset` | nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `true` | -| `affinity` | affinity Affinity for OPENLDAP pods assignment | `` | -| `nodeSelector` | nodeSelector Node labels for OPENLDAP pods assignment | `` | -| `sidecars` | sidecars Add additional sidecar containers to the OPENLDAP pod(s) | `` | -| `initContainers` | initContainers Add additional init containers to the OPENLDAP pod(s) | `` | -| `volumePermissions` | 'volumePermissions' init container parameters | `` | -| `priorityClassName` | OPENLDAP pods' priority class name | `` | -| `tolerations` | Tolerations for pod assignment | [] | +| `nodeAffinityPreset` | nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `true` | +| `affinity` | affinity Affinity for OPENLDAP pods assignment | `` | +| `nodeSelector` | nodeSelector Node labels for OPENLDAP pods assignment | `` | +| `sidecars` | sidecars Add additional sidecar containers to the OPENLDAP pod(s) | `` | +| `initContainers` | initContainers Add additional init containers to the OPENLDAP pod(s) | `` | +| `volumePermissions` | 'volumePermissions' init container parameters | `` | +| `priorityClassName` | OPENLDAP pods' priority class name | `` | +| `tolerations` | Tolerations for pod assignment | [] | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. @@ -256,7 +258,7 @@ Tips : to edit in the container, use : ``` cat < /tmp/serverid.ldif copy -your +your line EOF ``` diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index 6cedc13..8a8464c 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -52,12 +52,12 @@ spec: if [ "$host" = "{{ template "openldap.fullname" . }}-0" ] then echo "This is the main openldap so let's init all additional schemas and ldifs here" - cp -p -f /cm-schemas-acls/*.ldif /custom_config/ + cp -p -f /cm-schemas-acls/*.ldif /custom_config/ if [ -d /cm-schemas ]; then - cp -p -f /cm-schemas/*.ldif /custom-schemas/ + cp -p -f /cm-schemas/*.ldif /custom-schemas/ fi if [ -d /cm-ldifs ]; then - cp -p -f /cm-ldifs/*.ldif /custom-ldifs/ + cp -p -f /cm-ldifs/*.ldif /custom-ldifs/ fi else cp -p -f /cm-schemas-acls/*.ldif /custom_config/ @@ -141,7 +141,6 @@ spec: - mountPath: /bitnami name: data {{- end }} - serviceAccountName: {{ template "openldap.serviceAccountName" . }} {{- include "openldap.imagePullSecrets" . | nindent 6 }} {{- if .Values.hostAliases }} @@ -174,6 +173,12 @@ spec: - name: {{ .Chart.Name }} image: {{ include "openldap.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.command }} + command: {{ toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.args }} + args: {{ toYaml . | nindent 12}} + {{- end }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} @@ -216,6 +221,8 @@ spec: timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: @@ -226,6 +233,8 @@ spec: timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} {{- end }} {{- if .Values.startupProbe.enabled }} startupProbe: