Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

smb.conf

Browse Source
This commit is contained in:
Gitea Root Administrator
2026-03-19 19:45:05 +00:00
parent 5cecc13ae1
commit d5118dde60
1 changed files with 142 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
samba-directory/samba-ad-server.yaml
View File

@@ -149,6 +149,33 @@ spec:
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
---
apiVersion: v1
kind: ConfigMap
metadata:
name: samba-ad-config-dc1
namespace: samba-directory
data:
smb.conf: |
[global]
workgroup = UNDERCLOUD
realm = UNDERCLOUD.LOCAL
netbios name = DC1
server role = active directory domain controller
rpc server port = 5000
rpc server port:netlogon = 5001
rpc server port:lsarpc = 5002
rpc server port:samr = 5003
rpc server port:drsuapi = 5004
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/undercloud.local/scripts
read only = No
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -179,23 +206,28 @@ spec:
- secretRef:
name: samba-ad-secrets
ports:
- { containerPort: 53, name: dns-tcp, protocol: TCP }
- { containerPort: 53, name: dns-udp, protocol: UDP }
- { containerPort: 88, name: krb-tcp, protocol: TCP }
- { containerPort: 88, name: krb-udp, protocol: UDP }
- { containerPort: 123, name: ntp, protocol: UDP }
- { containerPort: 135, name: epm, protocol: TCP }
- { containerPort: 137, name: nbns, protocol: UDP }
- { containerPort: 138, name: nbdgm, protocol: UDP }
- { containerPort: 139, name: nbssn, protocol: TCP }
- { containerPort: 389, name: ldap-tcp, protocol: TCP }
- { containerPort: 389, name: ldap-udp, protocol: UDP }
- { containerPort: 445, name: smb, protocol: TCP }
- { containerPort: 464, name: kpwd-tcp, protocol: TCP }
- { containerPort: 464, name: kpwd-udp, protocol: UDP }
- { containerPort: 636, name: ldaps, protocol: TCP }
- { containerPort: 3268, name: gc, protocol: TCP }
- { containerPort: 3269, name: gc-ssl, protocol: TCP }
- { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 }
- { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 }
- { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 }
- { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 }
- { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 }
- { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 }
- { name: smb, port: 445, protocol: TCP, targetPort: 445 }
- { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 }
- { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 }
- { name: ldaps, port: 636, protocol: TCP, targetPort: 636 }
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
# 🔥 RPC / DCOM (REQUIRED FOR DC JOIN)
- { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 }
# 🔒 Fixed RPC ports (must match smb.conf)
- { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 }
- { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 }
- { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 }
- { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 }
- { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 }
volumeMounts:
- name: samba-state
mountPath: /var/lib/samba
@@ -204,6 +236,9 @@ spec:
- name: samba-bootstrap
mountPath: /bootstrap
readOnly: true
- name: samba-config
mountPath: /etc/samba/smb.conf
subPath: smb.conf
command: ["/bin/bash", "-ec"]
args:
- |
@@ -249,6 +284,9 @@ spec:
- name: samba-bootstrap
configMap:
name: samba-ad-bootstrap
- name: samba-config
configMap:
name: samba-ad-config-dc1
volumeClaimTemplates:
- metadata:
name: samba-state
@@ -269,6 +307,33 @@ spec:
storage: 1Gi
storageClassName: cephfs-hyper
---
apiVersion: v1
kind: ConfigMap
metadata:
name: samba-ad-config-dc2
namespace: samba-directory
data:
smb.conf: |
[global]
workgroup = UNDERCLOUD
realm = UNDERCLOUD.LOCAL
netbios name = DC2
server role = active directory domain controller
rpc server port = 5000
rpc server port:netlogon = 5001
rpc server port:lsarpc = 5002
rpc server port:samr = 5003
rpc server port:drsuapi = 5004
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/undercloud.local/scripts
read only = No
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -299,28 +364,36 @@ spec:
- secretRef:
name: samba-ad-secrets
ports:
- { containerPort: 53, name: dns-tcp, protocol: TCP }
- { containerPort: 53, name: dns-udp, protocol: UDP }
- { containerPort: 88, name: krb-tcp, protocol: TCP }
- { containerPort: 88, name: krb-udp, protocol: UDP }
- { containerPort: 123, name: ntp, protocol: UDP }
- { containerPort: 135, name: epm, protocol: TCP }
- { containerPort: 137, name: nbns, protocol: UDP }
- { containerPort: 138, name: nbdgm, protocol: UDP }
- { containerPort: 139, name: nbssn, protocol: TCP }
- { containerPort: 389, name: ldap-tcp, protocol: TCP }
- { containerPort: 389, name: ldap-udp, protocol: UDP }
- { containerPort: 445, name: smb, protocol: TCP }
- { containerPort: 464, name: kpwd-tcp, protocol: TCP }
- { containerPort: 464, name: kpwd-udp, protocol: UDP }
- { containerPort: 636, name: ldaps, protocol: TCP }
- { containerPort: 3268, name: gc, protocol: TCP }
- { containerPort: 3269, name: gc-ssl, protocol: TCP }
- { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 }
- { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 }
- { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 }
- { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 }
- { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 }
- { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 }
- { name: smb, port: 445, protocol: TCP, targetPort: 445 }
- { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 }
- { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 }
- { name: ldaps, port: 636, protocol: TCP, targetPort: 636 }
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
# 🔥 RPC / DCOM (REQUIRED FOR DC JOIN)
- { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 }
# 🔒 Fixed RPC ports (must match smb.conf)
- { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 }
- { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 }
- { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 }
- { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 }
- { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 }
volumeMounts:
- name: samba-state
mountPath: /var/lib/samba
- name: samba-etc
mountPath: /etc/samba
- name: samba-config
mountPath: /etc/samba/smb.conf
subPath: smb.conf
command: ["/bin/bash", "-ec"]
args:
- |
@@ -356,6 +429,10 @@ spec:
cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
exec samba -i
volumes:
- name: samba-config
configMap:
name: samba-ad-config-dc2
volumeClaimTemplates:
- metadata:
name: samba-state
@@ -411,6 +488,16 @@ spec:
- { name: ldaps, port: 636, protocol: TCP, targetPort: 636 }
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
# 🔥 RPC / DCOM (REQUIRED FOR DC JOIN)
- { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 }
# 🔒 Fixed RPC ports (must match smb.conf)
- { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 }
- { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 }
- { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 }
- { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 }
- { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 }
---
apiVersion: v1
kind: Service
@@ -447,6 +534,16 @@ spec:
- { name: ldaps, port: 636, protocol: TCP, targetPort: 636 }
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
# 🔥 RPC / DCOM (REQUIRED FOR DC JOIN)
- { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 }
# 🔒 Fixed RPC ports (must match smb.conf)
- { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 }
- { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 }
- { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 }
- { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 }
- { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 }
---
apiVersion: v1
kind: Service
@@ -480,4 +577,14 @@ spec:
- { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 }
- { name: ldaps, port: 636, protocol: TCP, targetPort: 636 }
- { name: gc, port: 3268, protocol: TCP, targetPort: 3268 }
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
- { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 }
# 🔥 RPC / DCOM (REQUIRED FOR DC JOIN)
- { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 }
# 🔒 Fixed RPC ports (must match smb.conf)
- { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 }
- { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 }
- { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 }
- { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 }
- { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 }