Adds support for setting up the LDAP server's admin user, admin passw…

…ord and root DN (#125) Co-authored-by: German Espinoza <[email protected]>
AzBuilder · Jul 3, 2024 · 57db6ad · 57db6ad
1 parent 9b2d816
commit 57db6ad
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -239,6 +239,15 @@ Once you have completed the above steps you can complete the file values.yaml to
 | security.dexClientScope                   | Yes      | Use "email openid profile offline_access groups"                       |
 | security.gcpCredentials                   | No       | JSON Credentials for Google Identity Authentication                    |
 | security.caCerts                          | No       | Custom CA certificates to be added at runtime                          |
+| openldap.adminUser                        | Yes      | LDAP deployment admin user                                             |
+| openldap.adminPass                        | Yes      | LDAP deployment admin password                                         |
+| openldap.baseRoot                         | Yes      | LDAP baseDN (or suffix) of the LDAP tree                               |
+| openldap.image                            | Yes      | LDAP deployment image repository                                       |
+| openldap.version                          | Yes      | LDAP deployment image tag                                              |
+| openldap.imagePullSecrets                 | No       | Secret used to pull images from private repository                     |
+| openldap.podLabels                        | No       | Pod labels for LDAP deployment                                         |
+| openldap.securityContext                  | No       | Security context for LDAP deployment                                   |
+| openldap.containerSecurityContext         | No       | Container security context for LDAP deployment                         |
 | storage.defaultStorage                    | No       | Enable default storage using minio helm chart                          |
 | storage.gcp.projectId                     | No       | GCP Project Id for the storage                                         |
 | storage.gcp.bucketName                    | No       | GCP Bucket name for the storage                                        |

diff --git a/charts/terrakube/Chart.yaml b/charts/terrakube/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.17.4
+version: 3.17.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/terrakube/templates/deployment-openldap.yaml b/charts/terrakube/templates/deployment-openldap.yaml
@@ -29,11 +29,11 @@ spec:
         image: {{ .Values.openldap.image }}:{{ .Values.openldap.version }}
         env:
         - name: LDAP_ADMIN_USERNAME
-          value: "admin"
+          value: {{ .Values.openldap.adminUser }}
         - name: LDAP_ADMIN_PASSWORD
-          value: "admin"
+          value: {{ .Values.openldap.adminPass }}
         - name: LDAP_ROOT
-          value: "dc=example,dc=org"
+          value: {{ .Values.openldap.baseRoot }}
         - name: LDAP_CUSTOM_LDIF_DIR
           value: "/ldifs"
         ports:

diff --git a/charts/terrakube/templates/secret-openldap.yaml b/charts/terrakube/templates/secret-openldap.yaml
@@ -6,38 +6,38 @@ metadata:
 type: Opaque
 stringData:
   config-ldap.ldif: |
-    dn: dc=example,dc=org
+    dn: {{ .Values.openldap.baseRoot }}
     dc: example
     objectClass: dcObject
     objectClass: organization
     o: Example, Inc
 
-    dn: ou=users,dc=example,dc=org
+    dn: ou=users,{{ .Values.openldap.baseRoot }}
     ou: users
     objectClass: organizationalunit
 
-    dn: cn=lester,ou=users,dc=example,dc=org
+    dn: cn={{ .Values.openldap.adminUser }},ou=users,{{ .Values.openldap.baseRoot }}
     objectClass: inetOrgPerson
-    sn: Parkinson
-    cn: Lester
+    sn: Admin
+    cn: Admin
     mail: [email protected]
-    userpassword: admin
+    userpassword: {{ .Values.openldap.adminPass }}
 
-    dn: cn=grady,ou=users,dc=example,dc=org
+    dn: cn=grady,ou=users,{{ .Values.openldap.baseRoot }}
     objectClass: inetOrgPerson
     sn: Chambers
     cn: Grady
     mail: [email protected]
-    userpassword: azure
+    userpassword: aws
 
-    dn: cn=saarah,ou=users,dc=example,dc=org
+    dn: cn=saarah,ou=users,{{ .Values.openldap.baseRoot }}
     objectClass: inetOrgPerson
     sn: Lott
     cn: Saarah
     mail: [email protected]
-    userpassword: aws
+    userpassword: azure
 
-    dn: cn=eugene,ou=users,dc=example,dc=org
+    dn: cn=eugene,ou=users,{{ .Values.openldap.baseRoot }}
     objectClass: inetOrgPerson
     sn: Monaghan
     cn: Eugene
@@ -46,33 +46,33 @@ stringData:
 
     # Group definitions.
 
-    dn: ou=Groups,dc=example,dc=org
+    dn: ou=Groups,{{ .Values.openldap.baseRoot }}
     objectClass: organizationalUnit
     ou: Groups
 
-    dn: cn=TERRAKUBE_ADMIN,ou=Groups,dc=example,dc=org
+    dn: cn=TERRAKUBE_ADMIN,ou=Groups,{{ .Values.openldap.baseRoot }}
     objectClass: groupOfNames
     cn: TERRAKUBE_ADMIN
-    member: cn=lester,ou=users,dc=example,dc=org
+    member: cn={{ .Values.openldap.adminUser }},ou=users,{{ .Values.openldap.baseRoot }}
 
-    dn: cn=TERRAKUBE_DEVELOPERS,ou=Groups,dc=example,dc=org
+    dn: cn=TERRAKUBE_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }}
     objectClass: groupOfNames
     cn: TERRAKUBE_DEVELOPERS
-    member: cn=lester,ou=users,dc=example,dc=org
+    member: cn={{ .Values.openldap.adminUser }},ou=users,{{ .Values.openldap.baseRoot }}
 
-    dn: cn=AZURE_DEVELOPERS,ou=Groups,dc=example,dc=org
+    dn: cn=AZURE_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }}
     objectClass: groupOfNames
     cn: AZURE_DEVELOPERS
-    member: cn=saarah,ou=users,dc=example,dc=org
+    member: cn=saarah,ou=users,{{ .Values.openldap.baseRoot }}
 
-    dn: cn=AWS_DEVELOPERS,ou=Groups,dc=example,dc=org
+    dn: cn=AWS_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }}
     objectClass: groupOfNames
     cn: AWS_DEVELOPERS
-    member: cn=grady,ou=users,dc=example,dc=org
+    member: cn=grady,ou=users,{{ .Values.openldap.baseRoot }}
 
-    dn: cn=GCP_DEVELOPERS,ou=Groups,dc=example,dc=org
+    dn: cn=GCP_DEVELOPERS,ou=Groups,{{ .Values.openldap.baseRoot }}
     objectClass: groupOfNames
     cn: GCP_DEVELOPERS
-    member: cn=eugene,ou=users,dc=example,dc=org
+    member: cn=eugene,ou=users,{{ .Values.openldap.baseRoot }}
 
 {{ end }}
diff --git a/charts/terrakube/values.yaml b/charts/terrakube/values.yaml
@@ -18,9 +18,12 @@ security:
 
 ## OpenLdap
 openldap:
-  imagePullSecrets: []
+  adminUser: "admin"
+  adminPass: "admin"
+  baseRoot: "dc=example,dc=org"
   image: "bitnami/openldap"
   version: "2.6.4-debian-11-r4"
+  imagePullSecrets: []
   podLabels: {}
   securityContext: {}
   containerSecurityContext: {}