Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more apps

Browse Source
This commit is contained in:
Gitea Root Administrator
2026-03-20 10:04:17 +00:00
parent 78b2ce85c7
commit de0fb75f84
2 changed files with 298 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
samba-directory/phpldapadmin.yaml Normal file
View File

@@ -0,0 +1,156 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: phpldapadmin-config
namespace: samba-directory
data:
config.php: |
<?php
$config->custom->commands['cmd'] = array(
'entry_internal_attributes_show' => true,
'entry_refresh' => true,
'oslinks' => true,
'switch_template' => true
);
$config->custom->commands['script'] = array(
'add_attr_form' => true,
'add_oclass_form' => true,
'add_value_form' => true,
'collapse' => true,
'compare' => true,
'compare_form' => true,
'copy' => true,
'copy_form' => true,
'create' => true,
'create_confirm' => true,
'delete' => true,
'delete_attr' => true,
'delete_form' => true,
'draw_tree_node' => true,
'expand' => true,
'export' => true,
'export_form' => true,
'import' => true,
'import_form' => true,
'login' => true,
'logout' => true,
'login_form' => true,
'mass_delete' => true,
'mass_edit' => true,
'mass_update' => true,
'modify_member_form' => true,
'monitor' => true,
'purge_cache' => true,
'query_engine' => true,
'rename' => true,
'rename_form' => true,
'rdelete' => true,
'refresh' => true,
'schema' => true,
'server_info' => true,
'show_cache' => true,
'template_engine' => true,
'update_confirm' => true,
'update' => true
);
$servers = new Datastore();
/* Samba AD DC over LDAP inside the cluster */
$servers->newServer('ldap_pla');
$servers->setValue('server','name','UNDERCLOUD Samba AD - LDAP');
$servers->setValue('server','host','dc1.samba-ad-dc1.samba-directory.svc.cluster.local');
$servers->setValue('server','port',389);
$servers->setValue('server','tls',false);
$servers->setValue('login','bind_id','Administrator@UNDERCLOUD.LOCAL');
$servers->setValue('server','base',array('DC=undercloud,DC=local'));
/* Optional LDAPS entry if server certificates are configured */
$servers->newServer('ldap_pla');
$servers->setValue('server','name','UNDERCLOUD Samba AD - LDAPS');
$servers->setValue('server','host','ldaps://dc1.samba-ad-dc1.samba-directory.svc.cluster.local:636');
$servers->setValue('server','port',0);
$servers->setValue('login','bind_id','Administrator@UNDERCLOUD.LOCAL');
$servers->setValue('server','base',array('DC=undercloud,DC=local'));
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: phpldapadmin
namespace: samba-directory
labels:
app: phpldapadmin
spec:
replicas: 1
selector:
matchLabels:
app: phpldapadmin
template:
metadata:
labels:
app: phpldapadmin
spec:
dnsConfig:
options:
- name: ndots
value: "1"
initContainers:
- name: copy-assets
image: osixia/phpldapadmin:0.9.0
imagePullPolicy: IfNotPresent
command: ['sh', '-c', 'cp -f /config.php /container/service/phpldapadmin/assets/config/config.php']
volumeMounts:
- mountPath: /config.php
name: phpldapadmin-config
subPath: config.php
- mountPath: /container/service/phpldapadmin/assets/config
name: config-dir
containers:
- name: phpldapadmin
image: osixia/phpldapadmin:0.9.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
args:
- --copy-service
env:
- name: PHPLDAPADMIN_TRUST_PROXY_SSL
value: "true"
- name: PHPLDAPADMIN_HTTPS
value: "false"
volumeMounts:
- mountPath: /container/service/phpldapadmin/assets/config
name: config-dir
volumes:
- name: phpldapadmin-config
configMap:
name: phpldapadmin-config
defaultMode: 0777
items:
- key: config.php
path: config.php
- name: config-dir
emptyDir:
sizeLimit: 16Mi
---
apiVersion: v1
kind: Service
metadata:
name: phpldapadmin
namespace: samba-directory
spec:
ipFamilies:
- IPv6
- IPv4
ipFamilyPolicy: PreferDualStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: phpldapadmin
type: ClusterIP
---

142
samba-directory/self-service-passwords.yaml Normal file
View File

@@ -0,0 +1,142 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ssp-config
namespace: samba-directory
data:
config.inc.local.php: |
<?php
$debug = false;
$lang = "de";
$keyphrase = getenv('KEYPHRASE');
/* Samba AD DC */
$ldap_url = "ldaps://dc1.samba-ad-dc1.samba-directory.svc.cluster.local:636";
$ldap_binddn = "lam@UNDERCLOUD.LOCAL";
$ldap_bindpw = getenv('LDAP_BINDPW');
$ldap_base = "DC=undercloud,DC=local";
/* Users log in with their AD username */
$ldap_login_attribute = "sAMAccountName";
$ldap_fullname_attribute = "displayName";
$use_ssl = true;
$use_starttls = false;
$default_action = "change";
$use_change = true;
$use_sendtoken = false;
$show_menu = true;
$show_help = true;
/* Active Directory / Samba AD password changes */
$who_change_password = "manager";
$ad_mode = true;
$messages["changehelpextramessage"] = "Bitte Benutzernamen und aktuelles Passwort eingeben.";
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: self-service-password
namespace: samba-directory
labels:
app: self-service-password
spec:
replicas: 1
selector:
matchLabels:
app: self-service-password
template:
metadata:
labels:
app: self-service-password
spec:
dnsConfig:
options:
- name: ndots
value: "1"
enableServiceLinks: false
containers:
- name: self-service-password
image: ltbproject/self-service-password:latest
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: LDAP_BINDPW
valueFrom:
secretKeyRef:
name: ssp-secrets
key: LDAP_BINDPW
- name: KEYPHRASE
valueFrom:
secretKeyRef:
name: ssp-secrets
key: KEYPHRASE
- name: LDAPTLS_CACERT
value: /etc/ssl/certs/undercloud-ca.pem
- name: LDAPTLS_REQCERT
value: demand
volumeMounts:
- name: ssp-config
mountPath: /var/www/conf/config.inc.local.php
subPath: config.inc.local.php
readOnly: true
- name: root-ca
mountPath: /etc/ssl/certs/undercloud-ca.pem
subPath: trust-bundle.pem
readOnly: true
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
periodSeconds: 20
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
volumes:
- name: ssp-config
configMap:
name: ssp-config
items:
- key: config.inc.local.php
path: config.inc.local.php
- name: root-ca
configMap:
name: undercloud-ca-bundle
items:
- key: trust-bundle.pem
path: trust-bundle.pem
---
apiVersion: v1
kind: Service
metadata:
name: self-service-password
namespace: samba-directory
spec:
selector:
app: self-service-password
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
type: ClusterIP
---