Kubernetes部署ldap

目录

• doc
• ldap
• init pv
• ldap init
• use
• 查看状态

doc

https://hub.kubeapps.com/charts/geek-cookbook/openldap

ldap

389 tcp
636 tcp

init pv

kubectl apply -f  /free_cicdfs0/k8s_ymls/app-yml/ldap/ldap-pv.yml

kubectl replace --force -f  /free_cicdfs0/k8s_ymls/app-yml/ldap/ldap-pv.yml

kubectl delete -f  /free_cicdfs0/k8s_ymls/app-yml/ldap/ldap-pv.yml

ldap init

docker pull  osixia/openldap:1.1.10

# change tag and push self hub
docker tag   osixia/openldap:1.1.10     docker-hub.one-k.xyz/osixia/openldap:1.1.10
docker push docker-hub.one-k.xyz/osixia/openldap:1.1.10


helm repo add geek-cookbook https://geek-cookbook.github.io/charts

helm install geek-cookbook/openldap --version 1.2.9 --generate-name

# init
kubectl create namespace openldap
helm install -n openldap  my-release \
    --set  image.repository='docker-hub.one-k.xyz/osixia/openldap'   \
    --set  image.tag='1.1.10'   \
    --set  replicaCount='1'   \
    --set  service.type='LoadBalancer'   \
    --set  service.loadBalancerIP='192.168.99.135'   \
    --set  persistence.enabled='true'   \
    --set  persistence.storageClass='ldap-storage'   \
    --set  persistence.size='50Gi'   \
    --set  persistence.accessMode='ReadWriteMany'  \
    --set  adminPassword='root@free_cicd'   \
    geek-cookbook/openldap

# uninstall
helm uninstall  -n openldap  my-release 

# 检查 服务 是否 正常 分配 了 ip 
kubectl get svc --all-namespaces

use

NAME: my-release
LAST DEPLOYED: Thu Sep  2 10:27:04 2021
NAMESPACE: openldap
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
OpenLDAP has been installed. You can access the server from within the k8s cluster using:

  my-release-openldap.openldap.svc.cluster.local:389


You can access the LDAP adminPassword and configPassword using:

  kubectl get secret --namespace openldap my-release-openldap -o jsonpath="{.data.LDAP_ADMIN_PASSWORD}" | base64 --decode; echo
  kubectl get secret --namespace openldap my-release-openldap -o jsonpath="{.data.LDAP_CONFIG_PASSWORD}" | base64 --decode; echo


You can access the LDAP service, from within the cluster (or with kubectl port-forward) with a command like (replace password and domain):
  ldapsearch -x -H ldap://my-release-openldap.openldap.svc.cluster.local:389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w $LDAP_ADMIN_PASSWORD


Test server health using Helm test:
  helm test my-release


You can also consider installing the helm chart for phpldapadmin to manage this instance of OpenLDAP, or install Apache Directory Studio, and connect using kubectl port-forward.

查看状态

kubectl get pod -n openldap
NAME                                   READY   STATUS              RESTARTS   AGE
my-release-openldap-8459c66b7f-582lt   0/1     ContainerCreating   0          6m45s
my-release-openldap-8459c66b7f-jktjs   0/1     ContainerCreating   0          6m45s

# 
kubectl describe -n openldap pod my-release-openldap-8459c66b7f-582lt
#   Warning  FailedMount  51s (x12 over 9m5s)  kubelet            MountVolume.SetUp failed for volume "ldap-pv-2" : hostPath type check failed: /free_cicdfs0/k8s_data/ldap/pv-2 is not a directory
#   Warning  FailedMount  14s (x3 over 7m2s)   kubelet            Unable to attach or mount volumes: unmounted volumes=[data], unattached volumes=[data kube-api-access-qkmj2]: timed out waiting for the condition

欢迎大家一起交流呀
qq群：3638803451
vx：wxid_sgdelhiwombj12