sso: remove openldap bootstrap job
This commit is contained in:
parent
2c86a6d95f
commit
d70b685f27
@ -1,69 +0,0 @@
|
|||||||
# services/openldap/bootstrap-job.yaml
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: openldap-bootstrap-3
|
|
||||||
namespace: sso
|
|
||||||
spec:
|
|
||||||
backoffLimit: 3
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
restartPolicy: OnFailure
|
|
||||||
nodeSelector:
|
|
||||||
kubernetes.io/arch: arm64
|
|
||||||
node-role.kubernetes.io/worker: "true"
|
|
||||||
containers:
|
|
||||||
- name: bootstrap
|
|
||||||
image: docker.io/osixia/openldap:1.5.0
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
env:
|
|
||||||
- name: LDAP_DOMAIN
|
|
||||||
value: bstein.dev
|
|
||||||
- name: LDAP_ADMIN_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: openldap-admin
|
|
||||||
key: LDAP_ADMIN_PASSWORD
|
|
||||||
command: ["/bin/sh", "-c"]
|
|
||||||
args:
|
|
||||||
- |
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
base_dn="dc=bstein,dc=dev"
|
|
||||||
admin_dn="cn=admin,${base_dn}"
|
|
||||||
ldap_uri="ldap://openldap-0.openldap.sso.svc.cluster.local:389"
|
|
||||||
|
|
||||||
echo "Waiting for OpenLDAP..."
|
|
||||||
i=0
|
|
||||||
while [ "${i}" -lt 60 ]; do
|
|
||||||
if ldapsearch -x -H "${ldap_uri}" -b "${base_dn}" -s base '(objectClass=*)' dn >/dev/null 2>&1; then
|
|
||||||
echo "OpenLDAP is ready"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
sleep 2
|
|
||||||
i=$((i+1))
|
|
||||||
done
|
|
||||||
if ! ldapsearch -x -H "${ldap_uri}" -b "${base_dn}" -s base '(objectClass=*)' dn >/dev/null 2>&1; then
|
|
||||||
echo "OpenLDAP did not become ready in time" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
ensure_ou() {
|
|
||||||
ou_name="${1}"
|
|
||||||
ou_dn="ou=${ou_name},${base_dn}"
|
|
||||||
|
|
||||||
if ldapsearch -x -H "${ldap_uri}" -D "${admin_dn}" -w "${LDAP_ADMIN_PASSWORD}" -b "${ou_dn}" -s base '(objectClass=organizationalUnit)' dn >/dev/null 2>&1; then
|
|
||||||
echo "OU ${ou_name} exists"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Creating OU ${ou_name}"
|
|
||||||
cat <<EOF | ldapadd -x -H "${ldap_uri}" -D "${admin_dn}" -w "${LDAP_ADMIN_PASSWORD}"
|
|
||||||
dn: ${ou_dn}
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
ou: ${ou_name}
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
ensure_ou users
|
|
||||||
ensure_ou groups
|
|
||||||
@ -5,4 +5,3 @@ namespace: sso
|
|||||||
resources:
|
resources:
|
||||||
- service.yaml
|
- service.yaml
|
||||||
- statefulset.yaml
|
- statefulset.yaml
|
||||||
- bootstrap-job.yaml
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user