openldap docker k8s部署

1、docker部署

首先编写docker-compose.yml文件：

version: '2'
services:
  openldap:
    image: osixia/openldap:1.5.0
    container_name: openldap
    restart: always
    environment:
      LDAP_ORGANISATION: "gavin"
      LDAP_DOMAIN: "auth.gavin.cn"
      LDAP_BASE_DN: "dc=auth,dc=gavin,dc=cn"
      LDAP_ADMIN_PASSWORD: "123456"
      LDAP_CONFIG_PASSWORD: "123456"
    # volumes:
    #   - /opt/openldap/ldap:/var/lib/ldap
    #   - /opt/openldap/slapd.d:/etc/ldap/slapd.d
    ports:
      - "389:389"
      - "636:636"
  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    restart: always
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
      PHPLDAPADMIN_HTTPS: "false"
    ports:
      - "50081:80"
    depends_on:
      - openldap

然后通过docker-compose up启动成功。http://localhost:50081/.

用户名为cn=admin,dc=auth,dc=gavin,dc=cn, 密码为123456

2、k8s部署，

首先通过docker命令把镜像推送到harbor

编写openldap.yml，

---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations: {}
  labels:
    k8s.kuboard.cn/layer: db
    k8s.kuboard.cn/name: openldap
  name: openldap
  namespace: base-component
  resourceVersion: '43043689'
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s.kuboard.cn/layer: db
      k8s.kuboard.cn/name: openldap
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        k8s.kuboard.cn/layer: db
        k8s.kuboard.cn/name: openldap
    spec:
      containers:
        - env:
            - name: LDAP_ORGANISATION
              value: gavin
            - name: LDAP_DOMAIN
              value: auth.gavin.cn
            - name: LDAP_BASE_DN
              value: 'dc=auth,dc=gavin,dc=cn'
            - name: LDAP_ADMIN_PASSWORD
              value: 123456
            - name: LDAP_CONFIG_PASSWORD
              value: 123456
          image: '192.168.20.4:8930/base-component/osixia/openldap:1.0.0'
          imagePullPolicy: IfNotPresent
          name: openldap
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: '/opt/openldap/ldap:/var/lib/ldap'
              name: volume-hznp6
            - mountPath: '/opt/openldap/slapd.d:/etc/ldap/slapd.d'
              name: volume-hznp6
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
        - name: volume-hznp6
          persistentVolumeClaim:
            claimName: openldap

编写phpldapadmin.yml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations: {}
  labels:
    k8s.kuboard.cn/layer: web
    k8s.kuboard.cn/name: phpldapadmin
  name: phpldapadmin
  namespace: base-component
  resourceVersion: '43046631'
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s.kuboard.cn/layer: web
      k8s.kuboard.cn/name: phpldapadmin
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        k8s.kuboard.cn/layer: web
        k8s.kuboard.cn/name: phpldapadmin
    spec:
      containers:
        - env:
            - name: PHPLDAPADMIN_LDAP_HOSTS
              value: openldap-svc
            - name: PHPLDAPADMIN_HTTPS
              value: 'false'
          image: '192.168.20.4:8930/base-component/osixia/phpldapadmin:1.0.0'
          imagePullPolicy: IfNotPresent
          name: phpldapadmin
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
    - lastTransitionTime: '2023-07-13T06:19:54Z'
      lastUpdateTime: '2023-07-13T06:19:54Z'
      message: Deployment has minimum availability.
      reason: MinimumReplicasAvailable
      status: 'True'
      type: Available
    - lastTransitionTime: '2023-07-13T06:19:49Z'
      lastUpdateTime: '2023-07-13T06:45:55Z'
      message: ReplicaSet "phpldapadmin-7bf9f9957c" is progressing.
      reason: ReplicaSetUpdated
      status: 'True'
      type: Progressing
  observedGeneration: 6
  readyReplicas: 1
  replicas: 1
  unavailableReplicas: 1
  updatedReplicas: 1

编写服务openldap-svc.yml

---
apiVersion: v1
kind: Service
metadata:
  name: openldap-svc
  namespace: base-component
  resourceVersion: '43043585'
spec:
  clusterIP: 10.233.170.152
  clusterIPs:
    - 10.233.170.152
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  ports:
    - name: r6pkcf
      nodePort: 389
      port: 389
      protocol: TCP
      targetPort: 389
    - name: fw8jjr
      nodePort: 636
      port: 636
      protocol: TCP
      targetPort: 636
  selector:
    k8s.kuboard.cn/layer: db
    k8s.kuboard.cn/name: openldap
  sessionAffinity: None
  type: NodePort

编写 phpldapadmin-svc.yml

---
apiVersion: v1
kind: Service
metadata:
  name: phpldapadmin-svc
  namespace: base-component
  resourceVersion: '43042798'
spec:
  clusterIP: 10.233.214.176
  clusterIPs:
    - 10.233.214.176
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  ports:
    - name: dbz2rn
      nodePort: 5080
      port: 80
      protocol: TCP
      targetPort: 80
  selector:
    k8s.kuboard.cn/layer: web
    k8s.kuboard.cn/name: phpldapadmin
  sessionAffinity: None
  type: NodePort

然后启动，进入页面。

注意：在phpldapadmin.yml文件里的环境变量PHPLDAPADMIN_LDAP_HOSTS，之前用的是openldap，也就是工作负载的名称，但是页面会出现不能连接ldap服务。改成openldap-svc就可以了，可能是因为工作负载不对外。