changed to helm chart

SUSE · Oct 25, 2024 · f28e43e · f28e43e
1 parent 97258cf
commit f28e43e
Show file tree

Hide file tree

Showing 10 changed files with 211 additions and 215 deletions.
diff --git a/charts/ds389/Chart.yaml b/charts/ds389/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: ds389-helm-chart
+description: A Helm chart for deploying the 389 Directory Server
+version: 1.0.0
+appVersion: "1.0"
+
diff --git a/charts/ds389/templates/namespace.yaml b/charts/ds389/templates/namespace.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.ds389.nsName }}
+
diff --git a/charts/ds389/templates/secrets.yaml b/charts/ds389/templates/secrets.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dirsrv-tls-secret
+  namespace: {{ .Values.ds389.nsName }}
+data:
+  tls.key: {{ .Values.ds389.tlsKey | b64enc | quote }}
+  tls.crt: {{ .Values.ds389.tlsCert | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dirsrv-dm-password
+  namespace: {{ .Values.ds389.nsName }}
+data:
+  dm-password: {{ .Values.ds389.dmPassword | quote }}
+
diff --git a/charts/ds389/templates/service-external.yaml b/charts/ds389/templates/service-external.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Values.ds389.name }}
+  name: {{ .Values.ds389.name }}-external-svc
+  namespace: {{ .Values.ds389.nsName }}
+spec:
+  ports:
+    - name: {{ .Values.ds389.name }}-port
+      port: {{ .Values.ds389.internalPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.internalPort }}
+      nodePort: {{ .Values.ds389.nodePort }}
+    - name: {{ .Values.ds389.name }}-tls-port
+      port: {{ .Values.ds389.tlsPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.tlsPort }}
+      nodePort: {{ .Values.ds389.nodePortTls }}
+  selector:
+    app: {{ .Values.ds389.name }}
+  type: NodePort
+
diff --git a/charts/ds389/templates/service-internal.yaml b/charts/ds389/templates/service-internal.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Values.ds389.name }}
+  name: {{ .Values.ds389.name }}-internal-svc
+  namespace: {{ .Values.ds389.nsName }}
+spec:
+  clusterIP: None
+  ports:
+    - name: {{ .Values.ds389.name }}-port
+      port: {{ .Values.ds389.internalPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.internalPort }}
+    - name: {{ .Values.ds389.name }}-tls-port
+      port: {{ .Values.ds389.tlsPort }}
+      protocol: TCP
+      targetPort: {{ .Values.ds389.tlsPort }}
+  selector:
+    app: {{ .Values.ds389.name }}
+  type: ClusterIP
+
diff --git a/charts/ds389/templates/serviceaccount.yaml b/charts/ds389/templates/serviceaccount.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.ds389.name }}-sa
+  namespace: {{ .Values.ds389.nsName }}
+
diff --git a/charts/ds389/templates/statefulset.yaml b/charts/ds389/templates/statefulset.yaml
@@ -0,0 +1,94 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ .Values.ds389.name }}
+  namespace: {{ .Values.ds389.nsName }}
+spec:
+  serviceName: {{ .Values.ds389.name }}-internal-svc
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.ds389.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.ds389.name }}
+    spec:
+      serviceAccountName: {{ .Values.ds389.name }}-sa
+      securityContext:
+        fsGroup: 499
+      initContainers:
+        - name: {{ .Values.ds389.name }}-init-container
+          image: busybox
+          command: ["/bin/sh", "-c", "chown -R 499:499 /data"]
+          volumeMounts:
+            - name: {{ .Values.ds389.name }}-data
+              mountPath: /data
+      containers:
+        - name: dirsrv-container
+          image: {{ .Values.ds389.image }}
+          lifecycle:
+            postStart:
+              exec:
+                command: ["/bin/sh", "-c", "sleep 60;
+                         dsconf localhost backend create --suffix {{ .Values.ds389.rootDN }} --be-name userroot --create-suffix --create-entries ;
+                         dsconf localhost pwpolicy set --pwdscheme=CRYPT-SHA512 ;
+                         dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 ;
+                         dsconf localhost config replace nsslapd-rootpw={{ .Values.ds389.dm_pwd }} ;
+                         dsconf localhost plugin referential-integrity enable ;
+                         dsconf localhost plugin memberof enable ;
+                         dsconf localhost config replace nsslapd-allow-anonymous-access=off ;
+                         dsidm localhost --basedn {{ .Values.ds389.rootDN }} user create --uid ldap_user --cn ldap_user --displayName ldap_user --uidNumber 1001 --gidNumber 1001 --homeDirectory /home/ldap_user ;
+                         dsidm localhost -b {{ .Values.ds389.rootDN }}  account change_password uid=ldap_user,ou=people,{{ .Values.ds389.rootDN }} {{ .Values.ds389.users_pwd }} ;
+                         dsidm localhost --basedn {{ .Values.ds389.rootDN }} user create --uid developer --cn developer --displayName developer --uidNumber 1002 --gidNumber 1002 --homeDirectory /home/developer ;
+                         dsidm localhost -b {{ .Values.ds389.rootDN }} account change_password uid=developer,ou=people,{{ .Values.ds389.rootDN }} {{ .Values.ds389.users_pwd }} ;
+                         dsidm localhost --basedn {{ .Values.ds389.rootDN }} group create --cn developers;
+                         dsidm localhost -b {{ .Values.ds389.rootDN }} group add_member developers uid=developer,ou=people,{{ .Values.ds389.rootDN }}
+                         "]
+          env:
+            - name: DS_DM_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: dirsrv-dm-password
+                  key: dm-password
+            - name: DS_SUFFIX_NAME
+              value: "{{ .Values.ds389.rootDN }}"
+            - name: DS_ERRORLOG_LEVEL
+              value: "8192"
+            - name: DS_MEMORY_PERCENTAGE
+              value: "10"
+            - name: DS_REINDEX
+              value: "True"
+            - name: DS_STARTUP_TIMEOUT
+              value: "120"
+          ports:
+            - containerPort: {{ .Values.ds389.internalPort }}
+              protocol: TCP
+            - containerPort: {{ .Values.ds389.tlsPort }}
+              protocol: TCP
+          securityContext:
+            runAsUser: 489
+          volumeMounts:
+            - name: {{ .Values.ds389.name }}-data
+              mountPath: "/data"
+            - name: dirsrv-tls
+              mountPath: '/data/tls/'
+              readOnly: true
+      volumes:
+        - name: dirsrv-tls
+          secret:
+            secretName: dirsrv-tls-secret
+            items:
+              - key: tls.key
+                path: server.key
+              - key: tls.crt
+                path: server.crt
+  volumeClaimTemplates:
+    - metadata:
+        name: {{ .Values.ds389.name }}-data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: {{ .Values.ds389.vcSize }}
+
diff --git a/charts/ds389/values.yaml b/charts/ds389/values.yaml
@@ -0,0 +1,16 @@
+# Default values for ds389-helm-chart
+ds389:
+  nsName: "ds389"
+  name: "ds389"
+  image: "docker.io/389ds/dirsrv"
+  tlsKey: "LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQpNSUlKbnpCSkJna3Foa2lHOXcwQkJRMHdQREFiQmdrcWhraUc5dzBCQlF3d0RnUUlMZmtpMDkwcnZsb0NBZ2dBCk1CMEdDV0NHU0FGbEF3UUJLZy4uLkdOWWM3aTlTVkRCb0E9PQotLS0tLUVORCBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLQ=="
+  tlsCert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ4akNDQTY0Q0NRQ05UK2VQMnZqSnh6QU5CZ2txaGtpRzl3MEJBUXNGQURDQnBERUxNQWtHQTFVRUJoTUMKUmxJeEVqQVFCZ05WQkFnTUMuLi51ZEp3RTdIbm5BN2xwQQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
+  dmPassword: "YWRtaW4xMjM="
+  rootDN: "dc=mydemo,dc=lab"
+  userPassword: "supersecret123"
+  vcSize: "5Gi"
+  internalPort: 3389
+  tlsPort: 3636
+  nodePort: 30389
+  nodePortTls: 30636
+
diff --git a/scripts/authentication/389.yml b/scripts/authentication/389.yml