chore(openldap): Update Helm release openldap-stack-ha to v4.3.3 #68
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Argo CD Diff PreviewSummary: {base => target}/openldap | 143 +++++++++++++++++++++++-----------------------
1 file changed, 73 insertions(+), 70 deletions(-)Diff:diff --git base/openldap target/openldap
index 0f80ad5..6980ce2 100644
--- base/openldap
+++ target/openldap
@@ -1,32 +1,32 @@
---
apiVersion: v1
data:
- BITNAMI_DEBUG: "true"
+ BITNAMI_DEBUG: "false"
+ LDAP_ALLOW_ANON_BINDING: "no"
LDAP_CONFIG_ADMIN_ENABLED: "yes"
LDAP_CONFIG_ADMIN_USERNAME: admin
LDAP_ENABLE_TLS: "yes"
- LDAP_EXTRA_SCHEMAS: cosine,inetorgperson,nis,syncprov,serverid,csyncprov,rep,bsyncprov,brep,acls
LDAP_LOGLEVEL: "256"
+ LDAP_REQUIRE_TLS: "false"
LDAP_ROOT: dc=simulatan,dc=me
LDAP_SKIP_DEFAULT_TREE: "no"
LDAP_TLS_CA_FILE: /opt/bitnami/openldap/certs/ca.crt
LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/certs/tls.crt
- LDAP_TLS_ENFORCE: "false"
LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/certs/tls.key
LDAPTLS_REQCERT: never
kind: ConfigMap
metadata:
labels:
app: openldap
argocd.argoproj.io/instance: openldap
- chart: openldap-4.2.1
+ chart: openldap-4.3.3
heritage: Helm
release: openldap
name: openldap-env
namespace: auth
---
apiVersion: v1
data:
PHPLDAPADMIN_HTTPS: "false"
PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: never
@@ -55,118 +55,91 @@ data:
by dn.exact=gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth manage
by * break
olcAccess: {1}to attrs=userPassword,shadowLastChange
by self write
by dn="cn=admin,dc=simulatan,dc=me" write
by anonymous auth by * none
olcAccess: {2}to *
by dn="cn=admin,dc=simulatan,dc=me" write
by self read
by * none
- brep.ldif: |
- dn: olcDatabase={2}mdb,cn=config
- changetype: modify
- add: olcSyncrepl
- olcSyncrepl:
- rid=101
- provider=ldap://openldap-0.openldap-headless.auth.svc.cluster.local:1389
- binddn=cn=admin,dc=simulatan,dc=me
- bindmethod=simple
- credentials=%%ADMIN_PASSWORD%%
- searchbase=dc=simulatan,dc=me
- type=refreshAndPersist
- interval=00:00:00:10
- network-timeout=0
- retry="60 +"
- timeout=1
- starttls=critical
- tls_reqcert=never
- olcSyncrepl:
- rid=102
- provider=ldap://openldap-1.openldap-headless.auth.svc.cluster.local:1389
- binddn=cn=admin,dc=simulatan,dc=me
- bindmethod=simple
- credentials=%%ADMIN_PASSWORD%%
- searchbase=dc=simulatan,dc=me
- type=refreshAndPersist
- interval=00:00:00:10
- network-timeout=0
- retry="60 +"
- timeout=1
- starttls=critical
- tls_reqcert=never
-
- dn: olcDatabase={2}mdb,cn=config
- changetype: modify
- add: olcMirrorMode
- olcMirrorMode: TRUE
+ brep.ldif: "dn: olcDatabase={2}mdb,cn=config\nchangetype: modify\nadd: olcSyncrepl\nolcSyncrepl:\n
+ \ rid=101\n provider=ldap://openldap-0.openldap-headless.auth.svc.cluster.local:1389\n
+ \ binddn=cn=admin,dc=simulatan,dc=me\n bindmethod=simple\n credentials=%%ADMIN_PASSWORD%%\n
+ \ searchbase=dc=simulatan,dc=me\n type=refreshAndPersist\n interval=00:00:00:10\n
+ \ network-timeout=0\n retry=\"60 +\"\n timeout=1\n starttls=critical\n tls_reqcert=never\n
+ \ \nolcSyncrepl:\n rid=102\n provider=ldap://openldap-1.openldap-headless.auth.svc.cluster.local:1389\n
+ \ binddn=cn=admin,dc=simulatan,dc=me\n bindmethod=simple\n credentials=%%ADMIN_PASSWORD%%\n
+ \ searchbase=dc=simulatan,dc=me\n type=refreshAndPersist\n interval=00:00:00:10\n
+ \ network-timeout=0\n retry=\"60 +\"\n timeout=1\n starttls=critical\n tls_reqcert=never\n
+ \ \n\ndn: olcDatabase={2}mdb,cn=config\nchangetype: modify\nadd: olcMultiProvider\nolcMultiProvider:
+ TRUE\n"
bsyncprov.ldif: |
dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
csyncprov.ldif: |
# Add syncprov on config
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
- rep.ldif: |
- # Add sync replication on config
- dn: olcDatabase={0}config,cn=config
- changetype: modify
- add: olcSyncRepl
- olcSyncRepl: rid=001 provider=ldap://openldap-0.openldap-headless.auth.svc.cluster.local:1389 binddn="cn=admin,cn=config" bindmethod=simple credentials=%%CONFIG_PASSWORD%% searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never
- olcSyncRepl: rid=002 provider=ldap://openldap-1.openldap-headless.auth.svc.cluster.local:1389 binddn="cn=admin,cn=config" bindmethod=simple credentials=%%CONFIG_PASSWORD%% searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never
- -
- add: olcMirrorMode
- olcMirrorMode: TRUE
+ rep.ldif: "# Add sync replication on config\ndn: olcDatabase={0}config,cn=config\nchangetype:
+ modify\nadd: olcSyncRepl\nolcSyncRepl: rid=001 provider=ldap://openldap-0.openldap-headless.auth.svc.cluster.local:1389
+ binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=%%CONFIG_PASSWORD%%
+ searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical
+ tls_reqcert=never \nolcSyncRepl: rid=002 provider=ldap://openldap-1.openldap-headless.auth.svc.cluster.local:1389
+ binddn=\"cn=admin,cn=config\" bindmethod=simple credentials=%%CONFIG_PASSWORD%%
+ searchbase=\"cn=config\" type=refreshAndPersist retry=\"60 +\" timeout=1 starttls=critical
+ tls_reqcert=never \n-\nadd: olcMultiProvider\nolcMultiProvider: TRUE\n"
serverid.ldif: |
# Set server ID
dn: cn=config
changeType: modify
add: olcServerID
olcServerID: 1 ldap://openldap-0.openldap-headless.auth.svc.cluster.local:1389
olcServerID: 2 ldap://openldap-1.openldap-headless.auth.svc.cluster.local:1389
syncprov.ldif: |
# Load syncprov module
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: syncprov.so
olcModulePath: /opt/bitnami/openldap/lib/openldap
kind: ConfigMap
metadata:
labels:
app: openldap
argocd.argoproj.io/instance: openldap
- chart: openldap-4.2.1
+ chart: openldap-4.3.3
heritage: Helm
release: openldap
name: openldap-replication-acls
namespace: auth
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: openldap
argocd.argoproj.io/instance: openldap
- chart: openldap-4.2.1
+ chart: openldap-4.3.3
heritage: Helm
release: openldap
name: openldap
namespace: auth
spec:
+ ipFamilyPolicy: SingleStack
ports:
- name: ldap-port
nodePort: null
port: 389
protocol: TCP
targetPort: ldap-port
- name: ssl-ldap-port
nodePort: null
port: 636
protocol: TCP
@@ -177,31 +150,34 @@ spec:
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: openldap
argocd.argoproj.io/instance: openldap
- chart: openldap-4.2.1
+ chart: openldap-4.3.3
heritage: Helm
release: openldap
name: openldap-headless
namespace: auth
spec:
clusterIP: None
ports:
- name: ldap-port
port: 389
targetPort: ldap-port
+ - name: ssl-ldap-port
+ port: 636
+ targetPort: ssl-ldap-port
selector:
app.kubernetes.io/component: openldap
release: openldap
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
@@ -217,20 +193,35 @@ spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: phpldapadmin
release: openldap
type: ClusterIP
+---
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: openldap
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: openldap-stack-ha
+ app.kubernetes.io/version: 2.6.9
+ argocd.argoproj.io/instance: openldap
+ helm.sh/chart: openldap-stack-ha-4.3.3
+ name: openldap-openldap-stack-ha-foo
+ namespace: auth
+
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: phpldapadmin
argocd.argoproj.io/instance: openldap
chart: phpldapadmin-0.1.2
heritage: Helm
release: openldap
@@ -271,75 +262,77 @@ spec:
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: openldap
app.kubernetes.io/instance: openldap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: openldap-stack-ha
+ app.kubernetes.io/version: 2.6.9
argocd.argoproj.io/instance: openldap
- chart: openldap-4.2.1
- helm.sh/chart: openldap-stack-ha-4.2.1
+ chart: openldap-4.3.3
+ helm.sh/chart: openldap-stack-ha-4.3.3
heritage: Helm
release: openldap
name: openldap
namespace: auth
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/component: openldap
app.kubernetes.io/instance: openldap
app.kubernetes.io/name: openldap-stack-ha
serviceName: openldap-headless
template:
metadata:
annotations:
- checksum/configmap-env: 3a7e20ad7b755fe341bf3307e3718fc6daae3d923482d3a30829be15d45d9134
+ checksum/configmap-env: 443c14fb5b420a49b1b0340ef6d210246d822be930d17d636d4f3ed567c8d652
labels:
app.kubernetes.io/component: openldap
app.kubernetes.io/instance: openldap
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: openldap-stack-ha
- helm.sh/chart: openldap-stack-ha-4.2.1
+ app.kubernetes.io/version: 2.6.9
+ helm.sh/chart: openldap-stack-ha-4.3.3
release: openldap
spec:
affinity:
nodeAffinity: null
podAffinity: null
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: openldap
app.kubernetes.io/instance: openldap
app.kubernetes.io/name: openldap-stack-ha
- namespaces:
- - auth
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
+ - name: LDAP_EXTRA_SCHEMAS
+ value: cosine,inetorgperson,nis,syncprov,serverid,csyncprov,rep,bsyncprov,brep,acls
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
envFrom:
- configMapRef:
name: openldap-env
- secretRef:
name: ldap-admin-passwords
- image: bitnami/openldap:2.6.5
+ image: jpgouin/openldap:2.6.5
imagePullPolicy: Always
livenessProbe:
failureThreshold: 10
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: ldap-port
timeoutSeconds: 1
name: openldap-stack-ha
@@ -390,29 +383,38 @@ spec:
- mountPath: /opt/bitnami/openldap/etc/schema/brep.ldif
name: replication-acls
subPath: brep.ldif
- mountPath: /opt/bitnami/openldap/etc/schema/acls.ldif
name: replication-acls
subPath: acls.ldif
initContainers:
- command:
- sh
- -c
- - "host=$(hostname)\nif [ \"$host\" = \"openldap-0\" ]\nthen\n echo \"This
- is the main openldap so let's init all additional schemas and ldifs here\"\n
- \ cp -p -f /cm-schemas-acls/*.ldif /custom_config/ \n if [ -d /cm-schemas
- ]; then\n cp -p -f /cm-schemas/*.ldif /custom-schemas/ \n fi\n if [
- -d /cm-ldifs ]; then\n cp -p -f /cm-ldifs/*.ldif /custom-ldifs/ \n fi\nelse\n
- \ cp -p -f /cm-schemas-acls/*.ldif /custom_config/\n rm -rf /custom_config/acls.ldif\n
- \ echo \"let the replication takes care of everything :)\"\nfi\nsed -i -e
- \"s/%%CONFIG_PASSWORD%%/${LDAP_CONFIG_ADMIN_PASSWORD}/g\" /custom_config/*\nsed
- -i -e \"s/%%ADMIN_PASSWORD%%/${LDAP_ADMIN_PASSWORD}/g\" /custom_config/*\n"
+ - |
+ host=$(hostname)
+ if [ "$host" = "openldap-0" ]
+ then
+ echo "This is the main openldap so let's init all additional schemas and ldifs here"
+ cp -p -f /cm-schemas-acls/*.ldif /custom_config/
+ if [ -d /cm-schemas ]; then
+ cp -p -f /cm-schemas/*.ldif /custom-schemas/
+ fi
+ if [ -d /cm-ldifs ]; then
+ cp -p -f /cm-ldifs/*.ldif /custom-ldifs/
+ fi
+ else
+ cp -p -f /cm-schemas-acls/*.ldif /custom_config/
+ echo "let the replication takes care of everything :)"
+ fi
+ sed -i -e "s/%%CONFIG_PASSWORD%%/${LDAP_CONFIG_ADMIN_PASSWORD}/g" /custom_config/*
+ sed -i -e "s/%%ADMIN_PASSWORD%%/${LDAP_ADMIN_PASSWORD}/g" /custom_config/*
envFrom:
- secretRef:
name: ldap-admin-passwords
image: debian:latest
imagePullPolicy: Always
name: init-schema
resources:
limits: {}
requests: {}
volumeMounts:
@@ -434,20 +436,21 @@ spec:
resources:
limits: {}
requests: {}
volumeMounts:
- mountPath: /certs
name: certs
- mountPath: /tmp-certs
name: secret-certs
securityContext:
fsGroup: 1001
+ serviceAccountName: openldap-openldap-stack-ha-foo
volumes:
- configMap:
name: openldap-replication-acls
name: cm-replication-acls
- emptyDir:
medium: Memory
name: replication-acls
- emptyDir:
medium: Memory
name: certs |
|
TODO:
|
SIMULATAN-Bot
force-pushed
the
renovate/openldap/openldap-stack-ha-4.x
branch
from
ae3704f to
2e9e5b3
Compare
SIMULATAN-Bot
changed the title
SIMULATAN-Bot
force-pushed
the
renovate/openldap/openldap-stack-ha-4.x
branch
from
2e9e5b3 to
d1184d6
Compare
SIMULATAN-Bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.2.1->4.3.3Release Notes
jp-gouin/helm-openldap (openldap-stack-ha)
v4.3.3Compare Source
What's Changed
New Contributors
Full Changelog: jp-gouin/helm-openldap@v4.3.2...v4.3.3
v4.3.2Compare Source
What's Changed
New Contributors
Full Changelog: jp-gouin/helm-openldap@v4.3.1...v4.3.2
v4.3.1Compare Source
What's Changed
Full Changelog: jp-gouin/helm-openldap@v4.3.0...v4.3.1
v4.3.0Compare Source
What's Changed
New Contributors
Full Changelog: jp-gouin/helm-openldap@v4.2.5...v4.3.0
v4.2.5Compare Source
What's Changed
Full Changelog: jp-gouin/helm-openldap@v4.2.4...v4.2.5
v4.2.4Compare Source
What's Changed
Full Changelog: jp-gouin/helm-openldap@v4.2.3...v4.2.4
v4.2.3Compare Source
What's Changed
New Contributors
Full Changelog: jp-gouin/helm-openldap@v4.2.2...v4.2.3
v4.2.2Compare Source
Fix #148 #147 #134
Full Changelog: jp-gouin/helm-openldap@v4.2.1...v4.2.2
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.