64 lines
2.0 KiB
YAML
64 lines
2.0 KiB
YAML
# services/openldap/bootstrap-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: openldap-bootstrap-1
|
|
namespace: sso
|
|
spec:
|
|
backoffLimit: 3
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
nodeSelector:
|
|
kubernetes.io/arch: arm64
|
|
node-role.kubernetes.io/worker: "true"
|
|
containers:
|
|
- name: bootstrap
|
|
image: docker.io/osixia/openldap:1.5.0
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: LDAP_DOMAIN
|
|
value: bstein.dev
|
|
- name: LDAP_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: openldap-admin
|
|
key: LDAP_ADMIN_PASSWORD
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
set -euo pipefail
|
|
|
|
domain="${LDAP_DOMAIN}"
|
|
base_dn="$(printf '%s' "${domain}" | awk -F. '{for (i=1;i<=NF;i++) printf("%sdc=%s", (i==1?"":","), $i)}')"
|
|
admin_dn="cn=admin,${base_dn}"
|
|
ldap_uri="ldap://openldap.sso.svc.cluster.local:389"
|
|
|
|
echo "Waiting for OpenLDAP..."
|
|
for i in $(seq 1 60); do
|
|
if ldapsearch -x -H "${ldap_uri}" -b "${base_dn}" -s base '(objectClass=*)' dn >/dev/null 2>&1; then
|
|
break
|
|
fi
|
|
sleep 2
|
|
done
|
|
|
|
ensure_ou() {
|
|
local ou_name="${1}"
|
|
local ou_dn="ou=${ou_name},${base_dn}"
|
|
|
|
if ldapsearch -x -H "${ldap_uri}" -D "${admin_dn}" -w "${LDAP_ADMIN_PASSWORD}" -b "${ou_dn}" -s base '(objectClass=organizationalUnit)' dn >/dev/null 2>&1; then
|
|
echo "OU ${ou_name} exists"
|
|
return 0
|
|
fi
|
|
|
|
echo "Creating OU ${ou_name}"
|
|
cat <<EOF | ldapadd -x -H "${ldap_uri}" -D "${admin_dn}" -w "${LDAP_ADMIN_PASSWORD}"
|
|
dn: ${ou_dn}
|
|
objectClass: organizationalUnit
|
|
ou: ${ou_name}
|
|
EOF
|
|
}
|
|
|
|
ensure_ou users
|
|
ensure_ou groups
|