Add ldap example to demo data

demos/data/ldap/base/deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: ldap
+  labels:
+    app: ldap
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ldap
+  template:
+    metadata:
+      labels:
+        app: ldap
+    spec:
+      containers:
+        - name: ldap
+          image: osixia/openldap:1.1.11
+          args: ["--copy-service"]
+          volumeMounts:
+            - name: ldap-data
+              mountPath: /var/lib/ldap
+            - name: ldap-config
+              mountPath: /etc/ldap/slapd.d
+            - name: ldap-certs
+              mountPath: /container/service/slapd/assets/certs
+            - name: configmap-volume
+              mountPath: /container/environment/01-custom
+            - name: container-run
+              mountPath: /container/run
+          ports:
+            - containerPort: 389
+              name: openldap
+      volumes:
+        - name: ldap-data
+          emptyDir: {}
+        - name: ldap-config
+          emptyDir: {}
+        - name: ldap-certs
+          emptyDir: {}
+        - name: "configmap-volume"
+          configMap:
+            name: "ldap-configmap"
+        - name: container-run
+          emptyDir: {}

demos/data/ldap/base/env.startup.txt

@@ -0,0 +1,61 @@
+# This is the default image startup configuration file
+# this file define environment variables used during the container **first start** in **startup files**.
+
+# This file is deleted right after startup files are processed for the first time,
+# after that all these values will not be available in the container environment.
+# This helps to keep your container configuration secret.
+# more information : https://github.com/osixia/docker-light-baseimage
+
+# Required and used for new ldap server only
+LDAP_ORGANISATION: Example Inc.
+LDAP_DOMAIN: example.org
+LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
+
+LDAP_ADMIN_PASSWORD: admin
+LDAP_CONFIG_PASSWORD: config
+
+LDAP_READONLY_USER: false
+LDAP_READONLY_USER_USERNAME: readonly
+LDAP_READONLY_USER_PASSWORD: readonly
+
+LDAP_RFC2307BIS_SCHEMA: false
+
+# Backend
+LDAP_BACKEND: hdb
+
+# Tls
+LDAP_TLS: true
+LDAP_TLS_CRT_FILENAME: ldap.crt
+LDAP_TLS_KEY_FILENAME: ldap.key
+LDAP_TLS_CA_CRT_FILENAME: ca.crt
+
+LDAP_TLS_ENFORCE: false
+LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
+LDAP_TLS_VERIFY_CLIENT: demand
+
+# Replication
+LDAP_REPLICATION: false
+# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
+# are automaticaly replaced at run time
+
+# if you want to add replication to an existing ldap
+# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
+# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
+LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_HOSTS:
+  - ldap://ldap.example.org # The order must be the same on all ldap servers
+  - ldap://ldap2.example.org
+
+
+# Do not change the ldap config
+# - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
+#   The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
+# - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
+KEEP_EXISTING_CONFIG: false
+
+# Remove config after setup
+LDAP_REMOVE_CONFIG_AFTER_SETUP: true
+
+# ssl-helper environment variables prefix
+LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.

demos/data/ldap/base/kustomization.yaml

@@ -0,0 +1,7 @@
+resources:
+- deployment.yaml
+- service.yaml
+configMapGenerator:
+- name: ldap-configmap
+  files:
+    - env.startup.txt

demos/data/ldap/base/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: ldap
+  name: ldap-service
+spec:
+  ports:
+    - port: 389
+  selector:
+    app: ldap

demos/data/ldap/base/tests/test.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# This script validates that this package works as expected with kustomize.
+# The validation makes sure following steps are correctly executed and the output is as expected
+# - deploy a ldap server by the output of kustomize
+# - add a user
+# - query a user
+# - delete a user
+#
+# This script should be called as
+# test.sh <path to directory of Kube-manifest.yaml>
+#
+# Testing passes if exit code is 0
+# Tesging fails if exit code is 1
+set -x
+
+function exit_with {
+  local msg=$1
+  echo >&2 ${msg}
+  exit 1
+}
+
+# make sure kustomize and kubectl are available
+command -v kustomize >/dev/null 2>&1 || { exit_with "Require kustomize but it's not installed.  Aborting."; }
+command -v kubectl >/dev/null 2>&1 || { exit_with "Require kubectl but it's not installed.  Aborting."; }
+
+# set namespace to default
+kubectl config set-context $(kubectl config current-context) --namespace=default
+
+# run kustomize
+# kustomize build $1 | kubectl apply -f - || { exit_with "Failed to run kubectl apply"; }
+echo Kustomizing \"$1\"
+ls $1
+kustomize build $1 > generatedResources.yaml
+[[ $? -eq 0 ]] || { exit_with "Failed to kustomize build"; }
+cat generatedResources.yaml
+kubectl apply -f generatedResources.yaml
+[[ $? -eq 0 ]] || { exit_with "Failed to run kubectl apply"; }
+sleep 20
+
+# get the pod and namespace
+pod=$(kubectl get pods -l app=ldap  -o jsonpath='{.items[0].metadata.name}')
+namespace=$(kubectl get pods -l app=ldap  -o jsonpath='{.items[0].metadata.namespace}')
+container="ldap"
+[[ -z ${pod} ]] && { exit_with "Pod is not started successfully"; }
+[[ -z ${namespace} ]] && { exit_with "Couldn't get namespace for Pod ${pod}"; }
+
+# create a user ldif file locally
+ldiffile="user.ldif"
+cat <<EOF >$ldiffile
+dn: cn=The Postmaster,dc=example,dc=org
+objectClass: organizationalRole
+cn: The Postmaster
+EOF
+[[ -f ${ldiffile} ]] || { exit_with "Failed to create ldif file locally"; }
+
+# add a user
+pod_ldiffile="/tmp/user.ldif"
+kubectl cp $ldiffile  ${namespace}/${pod}:${pod_ldiffile} || { exit_with "Failed to copy ldif file to Pod ${pod}"; }
+kubectl exec ${pod} -c ${container} -- ldapadd -x -H ldap://localhost -D "cn=admin,dc=example,dc=org" -w admin \
+-f ${pod_ldiffile} || { exit_with "Failed to add a user"; }
+
+# query the added user
+r=$(kubectl exec ${pod} -c ${container} -- ldapsearch -x -H ldap://localhost -b dc=example,dc=org \
+-D "cn=admin,dc=example,dc=org" -w admin)
+user_count=$(echo ${r} | grep "cn: The Postmaster" | wc -l)
+[[ ${user_count} -eq 0 ]] && { exit_with "Couldn't find the new added user"; }
+
+# delete the added user
+kubectl exec ${pod} -c ${container} -- ldapdelete -v -x -H ldap://localhost "cn=The Postmaster,dc=example,dc=org" \
+-D "cn=admin,dc=example,dc=org" -w admin || {  exit_with "Failed to delete the user"; }
+r=$(kubectl exec ${pod} -c ${container} -- ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin)
+user_count=$(echo ${r} | grep "cn: The Postmaster" | wc -l)
+[[ ${user_count} -ne 0 ]] && { exit_with "The user hasn't been deleted."; }
+
+# kubectl delete
+kubectl delete -f generatedResources.yaml
+rm $ldiffile

demos/data/ldap/overlays/production/deployment.yaml

@@ -0,0 +1,13 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: ldap
+spec:
+  replicas: 6
+  template:
+    spec:
+      volumes:
+        - name: ldap-data
+          emptyDir: null
+          gcePersistentDisk:
+            pdName: ldap-persistent-storage

demos/data/ldap/overlays/production/kustomization.yaml

@@ -0,0 +1,5 @@
+bases:
+  - ../../base
+patches:
+  - deployment.yaml
+namePrefix: production-

demos/data/ldap/overlays/staging/config.env

@@ -0,0 +1,2 @@
+DB_USERNAME=admin
+DB_PASSWORD=somepw

demos/data/ldap/overlays/staging/deployment.yaml

@@ -0,0 +1,7 @@
+
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: ldap
+spec:
+  replicas: 2

demos/data/ldap/overlays/staging/kustomization.yaml

@@ -0,0 +1,9 @@
+bases:
+  - ../../base
+patches:
+  - deployment.yaml
+nameprefix: staging-
+configMapGenerator:
+  - name: env-config
+    files:
+      - config.env