Merge pull request #23 from SUSE/develop

Merge PR 20, 21 and 22
SUSE · Oct 28, 2024 · 086515a · 086515a
2 parents ef52858 + ca8ffa2
commit 086515a
Show file tree

Hide file tree

Showing 21 changed files with 558 additions and 45 deletions.
diff --git a/charts/README.md b/charts/README.md
@@ -7,6 +7,7 @@
 * [Let's Encrypt](letsencrypt/README.md)
 * [NFS-Ganesha](nfs-ganesha/README.md)
 * [NFS Server Provisioner](nfs-server-provisioner/README.md)
+* [Portworx BBQ](portworx-bbq/README.md)
 * [Rancher Cluster Template](rancher-cluster-templates/README.md)
 * [WordPress](wordpress/README.md)
 

diff --git a/charts/ds389/Chart.yaml b/charts/ds389/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: ds389-helm-chart
+description: A Helm chart for deploying the 389 Directory Server
+version: 1.0.0
+appVersion: "1.0"
+maintainers:
+  - name: rmahique
+    email: [email protected]
+keywords:
+  - ldap
+  - '389'
+  - '636'
diff --git a/charts/ds389/templates/secrets.yaml b/charts/ds389/templates/secrets.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dirsrv-tls-secret
+#  namespace: {{ .Values.ds389.nsName }}
+data:
+  tls.key: {{ .Values.ds389.tlsKey | b64enc | quote }}
+  tls.crt: {{ .Values.ds389.tlsCert | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dirsrv-dm-password
+#  namespace: {{ .Values.ds389.nsName }}
+data:
+  dm-password: {{ .Values.ds389.dmPassword | quote }}
diff --git a/charts/ds389/templates/service-external.yaml b/charts/ds389/templates/service-external.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Values.ds389.name }}
+  name: {{ .Values.ds389.name }}-external-svc
+#  namespace: {{ .Values.ds389.nsName }}
+spec:
+  ports:
+    - name: {{ .Values.ds389.name }}-port
+      port: {{ .Values.ds389.internalPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.internalPort }}
+      nodePort: {{ .Values.ds389.nodePort }}
+    - name: {{ .Values.ds389.name }}-tls-port
+      port: {{ .Values.ds389.tlsPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.tlsPort }}
+      nodePort: {{ .Values.ds389.nodePortTls }}
+  selector:
+    app: {{ .Values.ds389.name }}
+  type: NodePort
diff --git a/charts/ds389/templates/service-internal.yaml b/charts/ds389/templates/service-internal.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Values.ds389.name }}
+  name: {{ .Values.ds389.name }}-internal-svc
+#  namespace: {{ .Values.ds389.nsName }}
+spec:
+  clusterIP: None
+  ports:
+    - name: {{ .Values.ds389.name }}-port
+      port: {{ .Values.ds389.internalPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.internalPort }}
+    - name: {{ .Values.ds389.name }}-tls-port
+      port: {{ .Values.ds389.tlsPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.tlsPort }}
+  selector:
+    app: {{ .Values.ds389.name }}
+  type: ClusterIP
diff --git a/charts/ds389/templates/serviceaccount.yaml b/charts/ds389/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.ds389.name }}-sa
+#  namespace: {{ .Values.ds389.nsName }}
diff --git a/charts/ds389/templates/statefulset.yaml b/charts/ds389/templates/statefulset.yaml
@@ -0,0 +1,93 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Values.ds389.name }}
+#  namespace: {{ .Values.ds389.nsName }}
+spec:
+  serviceName: {{ .Values.ds389.name }}-internal-svc
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.ds389.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.ds389.name }}
+    spec:
+      serviceAccountName: {{ .Values.ds389.name }}-sa
+      securityContext:
+        fsGroup: 499
+      initContainers:
+        - name: {{ .Values.ds389.name }}-init-container
+          image: busybox
+          command: ["/bin/sh", "-c", "chown -R 499:499 /data"]
+          volumeMounts:
+            - name: {{ .Values.ds389.name }}-data
+              mountPath: /data
+      containers:
+        - name: dirsrv-container
+          image: {{ .Values.ds389.image }}
+          lifecycle:
+            postStart:
+              exec:
+                command: ["/bin/sh", "-c", "sleep 60;
+                         dsconf localhost backend create --suffix {{ .Values.ds389.rootDN }} --be-name userroot --create-suffix --create-entries ;
+                         dsconf localhost pwpolicy set --pwdscheme=CRYPT-SHA512 ;
+                         dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 ;
+                         dsconf localhost config replace nsslapd-rootpw={{ .Values.ds389.dm_pwd }} ;
+                         dsconf localhost plugin referential-integrity enable ;
+                         dsconf localhost plugin memberof enable ;
+                         dsconf localhost config replace nsslapd-allow-anonymous-access=off ;
+                         dsidm localhost --basedn {{ .Values.ds389.rootDN }} user create --uid ldap_user --cn ldap_user --displayName ldap_user --uidNumber 1001 --gidNumber 1001 --homeDirectory /home/ldap_user ;
+                         dsidm localhost -b {{ .Values.ds389.rootDN }}  account change_password uid=ldap_user,ou=people,{{ .Values.ds389.rootDN }} {{ .Values.ds389.users_pwd }} ;
+                         dsidm localhost --basedn {{ .Values.ds389.rootDN }} user create --uid developer --cn developer --displayName developer --uidNumber 1002 --gidNumber 1002 --homeDirectory /home/developer ;
+                         dsidm localhost -b {{ .Values.ds389.rootDN }} account change_password uid=developer,ou=people,{{ .Values.ds389.rootDN }} {{ .Values.ds389.users_pwd }} ;
+                         dsidm localhost --basedn {{ .Values.ds389.rootDN }} group create --cn developers;
+                         dsidm localhost -b {{ .Values.ds389.rootDN }} group add_member developers uid=developer,ou=people,{{ .Values.ds389.rootDN }}
+                         "]
+          env:
+            - name: DS_DM_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: dirsrv-dm-password
+                  key: dm-password
+            - name: DS_SUFFIX_NAME
+              value: "{{ .Values.ds389.rootDN }}"
+            - name: DS_ERRORLOG_LEVEL
+              value: "8192"
+            - name: DS_MEMORY_PERCENTAGE
+              value: "10"
+            - name: DS_REINDEX
+              value: "True"
+            - name: DS_STARTUP_TIMEOUT
+              value: "120"
+          ports:
+            - containerPort: {{ .Values.ds389.internalPort }}
+              protocol: TCP
+            - containerPort: {{ .Values.ds389.tlsPort }}
+              protocol: TCP
+          securityContext:
+            runAsUser: 489
+          volumeMounts:
+            - name: {{ .Values.ds389.name }}-data
+              mountPath: "/data"
+            - name: dirsrv-tls
+              mountPath: '/data/tls/'
+              readOnly: true
+      volumes:
+        - name: dirsrv-tls
+          secret:
+            secretName: dirsrv-tls-secret
+            items:
+              - key: tls.key
+                path: server.key
+              - key: tls.crt
+                path: server.crt
+  volumeClaimTemplates:
+    - metadata:
+        name: {{ .Values.ds389.name }}-data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: {{ .Values.ds389.vcSize }}
diff --git a/charts/ds389/values.yaml b/charts/ds389/values.yaml
@@ -0,0 +1,15 @@
+# Default values for ds389-helm-chart
+ds389:
+  nsName: "ds389"
+  name: "ds389"
+  image: "docker.io/389ds/dirsrv"
+  tlsKey: "LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUlKbnpCSkJna3Foa2lHOXcwQkJRMHdQREFiQmdrcWhraUc5dzBCQlF3d0RnUUlMZmtpMDkwcnZsb0NBZ2dBCk1CMEdDV0NHU0FGbEF3UUJLZy4uLkdOWWM3aTlTVkRCb0E9PQotLS0tLUVORCBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQ=="
+  tlsCert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ4akNDQTY0Q0NRQ05UK2VQMnZqSnh6QU5CZ2txaGtpRzl3MEJBUXNGQURDQnBERUxNQWtHQTFVRUJoTUMKUmxJeEVqQVFCZ05WQkFnTUMuLi51ZEp3RTdIbm5BN2xwQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
+  dmPassword: "YWRtaW4xMjM="
+  rootDN: "dc=mydemo,dc=lab"
+  userPassword: "supersecret123"
+  vcSize: "5Gi"
+  internalPort: 3389
+  tlsPort: 3636
+  nodePort: 30389
+  nodePortTls: 30636
diff --git a/scripts/README.md b/scripts/README.md
@@ -2,24 +2,45 @@
 
 ## Bash functions
 
+### Instruqt
+
+Name                        | Source
+----------------------------|-------------------------------------
+`instruqt_wait_hoststartup` | [instruqt/host.sh](instruqt/host.sh)
+
+### K3s
+
+Name                  | Source
+----------------------|-----------------------------------------------------
+`k3s_copy_kubeconfig` | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
+`k3s_create_cluster`  | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
+
+### Kubernetes
+
+Name                                  | Source
+--------------------------------------|-----------------------------------------------------------------------------
+`k8s_create_letsencryptclusterissuer` | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
+`k8s_install_certmanager`             | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
+`k8s_wait_fornodesandpods`            | [kubernetes/cluster_status.sh](kubernetes/cluster_status.sh)
+
+### Keycloak
+
+Name                   | Source
+-----------------------|---------------------------------------------------------
+`keycloak_login`       | [authentication/keycloak.sh](authentication/keycloak.sh)
+`keycloak_create_user` | [authentication/keycloak.sh](authentication/keycloak.sh)
+`keycloak_delete_user` | [authentication/keycloak.sh](authentication/keycloak.sh)
+
+### Linux
+
+Name                         | Source
+-----------------------------|-------------------------------
+`linux_create_fileAndLoopDevice` | [linux/disk.sh](linux/disk.sh)
+
+### Rancher
+
 Name                                           | Source
------------------------------------------------|-----------------------------------------------------------------------------
-`instruqt_wait_hoststartup`                    | [instruqt/host.sh](instruqt/host.sh)
-`k3s_copy_kubeconfig`                          | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
-`k3s_create_cluster`                           | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
-`k8s_create_letsencryptclusterissuer`          | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
-`k8s_install_certmanager`                      | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
-`k8s_wait_fornodesandpods`                     | [kubernetes/cluster_status.sh](kubernetes/cluster_status.sh)
-`keycloak_login`                               | [authentication/keycloak.sh](authentication/keycloak.sh)
-`keycloak_create_user`                         | [authentication/keycloak.sh](authentication/keycloak.sh)
-`keycloak_delete_user`                         | [authentication/keycloak.sh](authentication/keycloak.sh)
-`observability_check_stackpack`                | [observability/stackpack.sh](observability/stackpack.sh)
-`observability_create_ingestion_api_key`       | [observability/api_key.sh](observability/api_key.sh)
-`observability_delete_ingestion_api_key`       | [observability/api_key.sh](observability/api_key.sh)
-`observability_delete_stackpack`               | [observability/stackpack.sh](observability/stackpack.sh)
-`observability_get_component_snapshot`         | [observability/stql.sh](observability/stql.sh)
-`observability_get_component_state`            | [observability/stql.sh](observability/stql.sh)
-`observability_install_cli`                    | [observability/cli.sh](observability/cli.sh)
+-----------------------------------------------|-------------------------------------------------------------
 `rancher_create_apikey`                        | [rancher/user_actions.sh](rancher/user_actions.sh)
 `rancher_create_customcluster`                 | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
 `rancher_first_login`                          | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)
@@ -31,11 +52,29 @@ Name                                           | Source
 `rancher_update_password`                      | [rancher/user_actions.sh](rancher/user_actions.sh)
 `rancher_update_serverurl`                     | [rancher/manager_settings.sh](rancher/manager_settings.sh)
 `rancher_wait_capiready`                       | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)
-`suselinux_install_git`                        | [suselinux/packages.sh](suselinux/packages.sh)
-`suselinux_install_helm`                       | [suselinux/packages.sh](suselinux/packages.sh)
-`suselinux_install_kubectl`                    | [suselinux/packages.sh](suselinux/packages.sh)
-`suselinux_install_podman`                     | [suselinux/packages.sh](suselinux/packages.sh)
-`suselinux_register_cloudguest`                | [suselinux/registration.sh](suselinux/registration.sh)
+
+### SUSE Observability
+
+Name                                     | Source
+-----------------------------------------|---------------------------------------------------------
+`observability_check_stackpack`          | [observability/stackpack.sh](observability/stackpack.sh)
+`observability_create_ingestion_api_key` | [observability/api_key.sh](observability/api_key.sh)
+`observability_delete_ingestion_api_key` | [observability/api_key.sh](observability/api_key.sh)
+`observability_delete_stackpack`         | [observability/stackpack.sh](observability/stackpack.sh)
+`observability_get_component_snapshot`   | [observability/stql.sh](observability/stql.sh)
+`observability_get_component_state`      | [observability/stql.sh](observability/stql.sh)
+`observability_install_cli`              | [observability/cli.sh](observability/cli.sh)
+
+### SUSE Linux (previously SLES, SLE Micro)
+
+Name                            | Source
+--------------------------------|-------------------------------------------------------
+`suselinux_install_git`         | [suselinux/packages.sh](suselinux/packages.sh)
+`suselinux_install_helm`        | [suselinux/packages.sh](suselinux/packages.sh)
+`suselinux_install_kubectl`     | [suselinux/packages.sh](suselinux/packages.sh)
+`suselinux_install_openiscsi`   | [suselinux/packages.sh](suselinux/packages.sh)
+`suselinux_install_podman`      | [suselinux/packages.sh](suselinux/packages.sh)
+`suselinux_register_cloudguest` | [suselinux/registration.sh](suselinux/registration.sh)
 
 ## Concrete examples