Dreaded_X
078a9c6155
All checks were successful
kustomization/flux-system/12ab30af reconciliation succeeded
kustomization/alerts/12ab30af reconciliation succeeded
kustomization/cert-manager/12ab30af reconciliation succeeded
kustomization/longhorn/12ab30af reconciliation succeeded
kustomization/lldap/12ab30af reconciliation succeeded
kustomization/longhorn-jobs/12ab30af reconciliation succeeded
kustomization/reflector/12ab30af reconciliation succeeded
kustomization/spegel/12ab30af reconciliation succeeded
kustomization/certificates/12ab30af reconciliation succeeded
kustomization/cilium/12ab30af reconciliation succeeded
kustomization/cnpg/12ab30af reconciliation succeeded
kustomization/cilium-config/12ab30af reconciliation succeeded
kustomization/local-path-provisioner/12ab30af reconciliation succeeded
287 lines
6.7 KiB
YAML
287 lines
6.7 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: groups.lldap.huizinga.dev
|
|
spec:
|
|
group: lldap.huizinga.dev
|
|
names:
|
|
categories: []
|
|
kind: Group
|
|
plural: groups
|
|
shortNames:
|
|
- lg
|
|
singular: group
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns: []
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Custom resource for managing Groups inside of LLDAP
|
|
properties:
|
|
spec:
|
|
type: object
|
|
required:
|
|
- spec
|
|
title: Group
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: serviceusers.lldap.huizinga.dev
|
|
spec:
|
|
group: lldap.huizinga.dev
|
|
names:
|
|
categories: []
|
|
kind: ServiceUser
|
|
plural: serviceusers
|
|
shortNames:
|
|
- lsu
|
|
singular: serviceuser
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: Can the service user manage passwords
|
|
jsonPath: .spec.passwordManager
|
|
name: Manager
|
|
type: boolean
|
|
- description: Secret creation timestamp
|
|
jsonPath: .status.secretCreated
|
|
name: Password
|
|
type: date
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Custom resource for managing Service Users inside of LLDAP
|
|
properties:
|
|
spec:
|
|
properties:
|
|
additionalGroups:
|
|
default: []
|
|
items:
|
|
type: string
|
|
type: array
|
|
passwordManager:
|
|
default: false
|
|
type: boolean
|
|
type: object
|
|
status:
|
|
nullable: true
|
|
properties:
|
|
secretCreated:
|
|
format: date-time
|
|
nullable: true
|
|
type: string
|
|
type: object
|
|
required:
|
|
- spec
|
|
title: ServiceUser
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: userattributes.lldap.huizinga.dev
|
|
spec:
|
|
group: lldap.huizinga.dev
|
|
names:
|
|
categories: []
|
|
kind: UserAttribute
|
|
plural: userattributes
|
|
shortNames:
|
|
- lua
|
|
singular: userattribute
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: Type of attribute
|
|
jsonPath: .spec.type
|
|
name: Type
|
|
type: string
|
|
- description: Can the attribute contain multiple values
|
|
jsonPath: .spec.list
|
|
name: List
|
|
type: boolean
|
|
- description: Can users see the value
|
|
jsonPath: .spec.userVisible
|
|
name: Visible
|
|
type: boolean
|
|
- description: Can users edit the value
|
|
jsonPath: .spec.userEditable
|
|
name: Editable
|
|
type: boolean
|
|
- jsonPath: .status.synced
|
|
name: Synced
|
|
type: boolean
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Custom resource for managing custom User Attributes inside of
|
|
LLDAP
|
|
properties:
|
|
spec:
|
|
properties:
|
|
list:
|
|
default: false
|
|
type: boolean
|
|
type:
|
|
enum:
|
|
- String
|
|
- Integer
|
|
- Jpeg
|
|
- DateTime
|
|
type: string
|
|
userEditable:
|
|
default: false
|
|
type: boolean
|
|
userVisible:
|
|
default: false
|
|
type: boolean
|
|
required:
|
|
- type
|
|
type: object
|
|
status:
|
|
nullable: true
|
|
properties:
|
|
synced:
|
|
type: boolean
|
|
required:
|
|
- synced
|
|
type: object
|
|
required:
|
|
- spec
|
|
title: UserAttributeValidated
|
|
type: object
|
|
x-kubernetes-validations:
|
|
- message: User attributes are immutable
|
|
rule: self.spec == oldSelf.spec
|
|
- message: Editable attribute must also be visible
|
|
rule: '!self.spec.userEditable || self.spec.userVisible && self.spec.userEditable'
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
---
|
|
apiVersion: v1
|
|
automountServiceAccountToken: true
|
|
kind: ServiceAccount
|
|
metadata:
|
|
labels:
|
|
app: lldap-controller
|
|
app.kubernetes.io/name: lldap-controller
|
|
name: lldap-controller
|
|
namespace: lldap
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: lldap-controller
|
|
rules:
|
|
- apiGroups:
|
|
- lldap.huizinga.dev
|
|
resources:
|
|
- serviceusers
|
|
- serviceusers/status
|
|
- serviceusers/finalizers
|
|
- groups
|
|
- grours/status
|
|
- grours/finalizers
|
|
- userattributes
|
|
- userattributes/status
|
|
- userattributes/finalizers
|
|
verbs:
|
|
- '*'
|
|
- apiGroups:
|
|
- events.k8s.io
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- '*'
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: lldap-controller
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: lldap-controller
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: lldap-controller
|
|
namespace: lldap
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: lldap-controller
|
|
app.kubernetes.io/name: lldap-controller
|
|
name: lldap-controller
|
|
namespace: lldap
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: lldap-controller
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
kubectl.kubernetes.io/default-container: lldap-controller
|
|
labels:
|
|
app: lldap-controller
|
|
spec:
|
|
containers:
|
|
- env:
|
|
- name: RUST_LOG
|
|
value: info,lldap_controller=debug
|
|
- name: LLDAP_URL
|
|
value: http://lldap:17170
|
|
- name: LLDAP_USERNAME
|
|
value: admin
|
|
- name: LLDAP_PASSWORD_FILE
|
|
value: /secrets/credentials/lldap-ldap-user-pass
|
|
- name: LLDAP_BIND_DN
|
|
value: uid={username},ou=people,dc=huizinga,dc=dev
|
|
image: git.huizinga.dev/infra/lldap-controller@git.huizinga.dev/infra/lldap-controller@sha256:02aa3a7d70c1af838d0a4ac488d647abb90a4a641c8c82a8e82222c3a9d68f17
|
|
imagePullPolicy: IfNotPresent
|
|
name: lldap-controller
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 100Mi
|
|
securityContext: {}
|
|
volumeMounts:
|
|
- mountPath: /secrets/credentials
|
|
name: credentials
|
|
readOnly: true
|
|
securityContext: {}
|
|
serviceAccountName: lldap-controller
|
|
volumes:
|
|
- name: credentials
|
|
secret:
|
|
secretName: credentials
|