taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lldap: add new service for LDAP

Browse Source
This commit is contained in:
Taqi Tahmid
2025-05-03 12:32:20 +03:00
parent 9a32df5fb9
commit b451cf2830
13 changed files with 464 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kubernetes/lldap-helm-chart/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: lldap-chart
description: lldap - Light LDAP implementation for authentication
type: application
version: 0.1.0
appVersion: "latest"

62
kubernetes/lldap-helm-chart/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "lldap-chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "lldap-chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "lldap-chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "lldap-chart.labels" -}}
helm.sh/chart: {{ include "lldap-chart.chart" . }}
{{ include "lldap-chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "lldap-chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "lldap-chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "lldap-chart.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "lldap-chart.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

99
kubernetes/lldap-helm-chart/templates/deployment.yaml Normal file
View File

@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: lldap
namespace: {{ .Values.namespace }}
labels:
app: lldap
annotations:
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: lldap
strategy:
type: Recreate
template:
metadata:
labels:
app: lldap
annotations:
spec:
containers:
- name: lldap
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
- name: GID
value: "{{ .Values.env.GID }}"
- name: LLDAP_JWT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: lldap-jwt-secret
- name: LLDAP_LDAP_BASE_DN
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: base-dn
- name: LLDAP_LDAP_USER_DN
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: lldap-ldap-user-name
- name: LLDAP_LDAP_USER_PASS
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: lldap-ldap-user-pass
- name: TZ
value: "{{ .Values.env.TZ }}"
- name: UID
value: "{{ .Values.env.UID }}"
{{- if .Values.extraEnv}}
{{- toYaml .Values.extraEnv | nindent 12}}
{{- end }}
ports:
- containerPort: 3890
- containerPort: 6360
- containerPort: 17170
volumeMounts:
{{- if .Values.persistence.enabled }}
- mountPath: /data
name: lldap-data
{{- end }}
{{- if .Values.extraVolumeMounts}}
{{- toYaml .Values.extraVolumeMounts | nindent 12}}
{{- end }}
volumes:
{{- if .Values.persistence.enabled}}
- name: lldap-data
persistentVolumeClaim:
claimName: lldap-data
{{- end }}
{{- if .Values.extraVolumes}}
{{- toYaml .Values.extraVolumes | nindent 8}}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}

38
kubernetes/lldap-helm-chart/templates/ingress.yaml Normal file
View File

@ -0,0 +1,38 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.ingress.name | quote }}
namespace: {{ .Values.namespace | quote }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingress.labels }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
rules:
- host: {{ .Values.ingress.hosts.host | quote }}
http:
paths:
- path: {{ .Values.ingress.hosts.paths.path | quote }}
pathType: {{ .Values.ingress.hosts.paths.pathType | default "Prefix" | quote }}
backend:
service:
name: {{ $.Values.service.webui.name | quote }}
port:
number: {{ $.Values.service.webui.ports.port | default 17170 }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName | quote }}
{{- end }}
{{- end }}
{{- end }}

40
kubernetes/lldap-helm-chart/templates/pvc.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- if .Values.persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lldap-data
namespace: {{ .Values.namespace }}
labels:
app: lldap
spec:
{{- if .Values.persistence.storageClassName }}
storageClassName: {{ .Values.persistence.storageClassName }}
{{- end }}
accessModes:
- {{ .Values.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.storageSize }}
{{- end }}
{{- if and .Values.persistence.enabled .Values.persistence.manualProvision }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: lldap-data-pv
namespace: {{ .Values.namespace }}
labels:
app: lldap
spec:
capacity:
storage: {{ .Values.persistence.storageSize }}
accessModes:
- {{ .Values.persistence.accessMode }}
{{- if .Values.persistence.storageClassName }}
storageClassName: {{ .Values.persistence.storageClassName }}
{{- end }}
{{- if .Values.persistence.localPath }}
hostPath:
path: {{ .Values.persistence.localPath }}
{{- end }}
{{- end }}

13
kubernetes/lldap-helm-chart/templates/secret.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.secret.create }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.secret.name }}
namespace: {{ .Values.namespace }}
type: Opaque
data:
lldap-jwt-secret: {{ .Values.secret.lldapJwtSecret | b64enc }}
lldap-ldap-user-name: {{ .Values.secret.lldapUserName | b64enc }}
lldap-ldap-user-pass: {{ .Values.secret.lldapUserPass | b64enc }}
base-dn: {{ .Values.secret.lldapBaseDn | b64enc }}
{{- end }}

33
kubernetes/lldap-helm-chart/templates/service.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.service.webui.name }}
namespace: {{ .Values.namespace }}
labels:
app: lldap
spec:
type: {{ .Values.service.webui.type }}
ports:
- name: {{ .Values.service.webui.ports.name | quote }}
port: {{ .Values.service.webui.ports.port }}
targetPort: {{ .Values.service.webui.ports.targetPort }}
selector:
app: lldap
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.service.ldap.name }}
annotations:
external-dns.alpha.kubernetes.io/hostname: lldap.tahmidcloud.com
namespace: {{ .Values.namespace }}
labels:
app: lldap
spec:
type: {{ .Values.service.ldap.type }}
ports:
- name: {{ .Values.service.ldap.ports.name | quote }}
port: {{ .Values.service.ldap.ports.port }}
targetPort: {{ .Values.service.ldap.ports.targetPort }}
selector:
app: lldap

97
kubernetes/lldap-helm-chart/values.yaml Normal file
View File

@ -0,0 +1,97 @@
##### secret creation
secret:
create: true
name: lldap-credentials
lldapJwtSecret: "placeholder"
lldapUserName: "placeholder"
lldapUserPass: "placeholder"
lldapBaseDn: "dc=homelab,dc=local"
##### pvc
persistence:
enabled: true
storageClassName: ""
storageSize: "100Mi"
accessMode: "ReadWriteOnce"
# in case the StorageClass used does not automatically provision volumes,
# you can specify a local path for manual mounting here like for example /mnt/data/lldap
# if the StorageClass supports automatic provisioning, leave this field empty.
localPath: "" # Local filesystem path for storage, used if 'local-path' is the SC.
# if manualProvision is set to true, a persistentVolume is created with helm
# if the StorageClass used supports automatic provisioning, this should be set to false.
# and if it does not supports automatic provisioning, set to true. Default is false
manualProvision: false
extraVolumes: []
extraVolumeMounts: []
##### deployment
# hour zone
env:
TZ: "EET"
GID: "1001"
UID: "1001"
extraEnv: []
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 50m
memory: 50M
nodeSelector: {}
tolerations: []
affinity: {}
replicaCount: 1
image:
repository: "nitnelave/lldap"
tag: "v0.6.1"
pullPolicy: "IfNotPresent"
#### service this is unique service, so no enabled is added as if not it wont work
service:
webui:
name: lldap-service
type: ClusterIP
ports:
name: "17170"
port: 17170
targetPort: 17170
ldap:
name: lldap
type: LoadBalancer
ports:
name: "3890"
port: 3890
targetPort: 3890
#####ingress
ingress:
ingressClassName: "traefik"
enabled: true
name: lldap-web-ingress
annotations: {}
labels: {}
hosts:
host: "placeholder.test.com"
paths:
path: "/"
pathType: "Prefix"
tls:
- secretName: "lldap-secret-tls"
hosts:
- "placeholder.test.com"