apiVersion: v1 kind: ConfigMap metadata: name: samba-ad-bootstrap namespace: samba-directory data: bootstrap.ldif: | # ----------------------------- # OU structure # ----------------------------- dn: OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: Undercloud description: Root OU for all Undercloud directory objects dn: OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: users description: Human user accounts dn: OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: serviceaccounts description: Non-interactive service accounts dn: OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: organizationalUnit ou: groups description: Security and role groups # ----------------------------- # Groups (CREATE FIRST) # ----------------------------- dn: CN=undercloud-users,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: undercloud-users sAMAccountName: undercloud-users description: All standard user accounts groupType: -2147483646 dn: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: undercloud-administrators sAMAccountName: undercloud-administrators description: Global administrators for Undercloud groupType: -2147483646 dn: CN=fileserver-access,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: fileserver-access sAMAccountName: fileserver-access description: Access control group for SMB file shares groupType: -2147483646 dn: CN=gitea-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: gitea-admins sAMAccountName: gitea-admins description: Administrative access to Gitea groupType: -2147483646 dn: CN=argocd-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: argocd-admins sAMAccountName: argocd-admins description: Administrative access to Argo CD groupType: -2147483646 dn: CN=firewall-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: firewall-admins sAMAccountName: firewall-admins description: Administrative access to firewall systems groupType: -2147483646 dn: CN=bookstack-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: bookstack-admins sAMAccountName: bookstack-admins description: Administrative access to BookStack groupType: -2147483646 dn: CN=nextcloud-admins,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: nextcloud-admins sAMAccountName: nextcloud-admins description: Administrative access to Nextcloud groupType: -2147483646 dn: CN=samba-service,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: group cn: samba-service sAMAccountName: samba-service description: Service group for Samba / SMB integration groupType: -2147483646 # ----------------------------- # Users # ----------------------------- dn: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: sebastian sn: Gurlin givenName: Sebastian displayName: Sebastian Gurlin sAMAccountName: sebastian userPrincipalName: sebastian@undercloud.local description: Primary human user account userAccountControl: 512 dn: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: glados sn: Glados givenName: Glados displayName: Glados sAMAccountName: glados userPrincipalName: glados@undercloud.local description: Administrative AI persona account userAccountControl: 512 dn: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: shodan sn: Shodan givenName: Shodan displayName: Shodan sAMAccountName: shodan userPrincipalName: shodan@undercloud.local description: Administrative AI persona account userAccountControl: 512 dn: CN=argocd,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: argocd sn: Service givenName: ArgoCD displayName: ArgoCD sAMAccountName: argocd userPrincipalName: argocd@undercloud.local mail: argocd@undercloud.local description: ArgoCD service account userAccountControl: 512 dn: CN=gitea,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: gitea sn: Service givenName: Gitea displayName: Gitea sAMAccountName: gitea userPrincipalName: gitea@undercloud.local mail: gitea@undercloud.local description: Gitea service account userAccountControl: 512 dn: CN=firewall,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: firewall sn: Service givenName: Firewall displayName: Firewall sAMAccountName: firewall userPrincipalName: firewall@undercloud.local mail: firewall@undercloud.local description: Firewall service account userAccountControl: 512 dn: CN=mailserver,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: mailserver sn: Service givenName: Mailserver displayName: Mailserver sAMAccountName: mailserver userPrincipalName: mailserver@undercloud.local mail: mailserver@undercloud.local description: Mailserver service account userAccountControl: 512 dn: CN=bookstack,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: bookstack sn: Service givenName: BookStack displayName: BookStack sAMAccountName: bookstack userPrincipalName: bookstack@undercloud.local mail: bookstack@undercloud.local description: BookStack service account userAccountControl: 512 dn: CN=nextcloud,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: nextcloud sn: Service givenName: Nextcloud displayName: Nextcloud sAMAccountName: nextcloud userPrincipalName: nextcloud@undercloud.local mail: nextcloud@undercloud.local description: Nextcloud service account userAccountControl: 512 dn: CN=jellyfin,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: jellyfin sn: Service givenName: Jellyfin displayName: Jellyfin sAMAccountName: jellyfin userPrincipalName: jellyfin@undercloud.local mail: jellyfin@undercloud.local description: Jellyfin service account userAccountControl: 512 dn: CN=bastillion,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: bastillion sn: Service givenName: Bastillion displayName: Bastillion sAMAccountName: bastillion userPrincipalName: bastillion@undercloud.local mail: bastillion@undercloud.local description: Bastillion service account userAccountControl: 512 dn: CN=guacamole,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: guacamole sn: Service givenName: Guacamole displayName: Guacamole sAMAccountName: guacamole userPrincipalName: guacamole@undercloud.local mail: guacamole@undercloud.local description: Guacamole service account userAccountControl: 512 dn: CN=synapse,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: synapse sn: Service givenName: Synapse displayName: Synapse sAMAccountName: synapse userPrincipalName: synapse@undercloud.local mail: synapse@undercloud.local description: Synapse service account userAccountControl: 512 dn: CN=samba,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: samba sn: Service givenName: Samba displayName: Samba sAMAccountName: samba userPrincipalName: samba@undercloud.local mail: samba@undercloud.local description: Service account for SMB / CSI access userAccountControl: 512 # ----------------------------- # Memberships (AFTER CREATION) # ----------------------------- dn: CN=undercloud-users,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local dn: CN=undercloud-administrators,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local dn: CN=fileserver-access,OU=groups,OU=Undercloud,DC=undercloud,DC=local changetype: modify add: member member: CN=sebastian,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=glados,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=shodan,OU=users,OU=Undercloud,DC=undercloud,DC=local member: CN=samba,OU=serviceaccounts,OU=users,OU=Undercloud,DC=undercloud,DC=local --- apiVersion: v1 kind: Service metadata: name: samba-ad-dc1 namespace: samba-directory labels: app: samba-ad samba-role: dc1 spec: clusterIP: None publishNotReadyAddresses: true selector: app: samba-ad samba-role: dc1 ports: - { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 } - { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 } - { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 } - { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 } - { name: ntp, port: 123, protocol: UDP, targetPort: 123 } - { name: epm, port: 135, protocol: TCP, targetPort: 135 } - { name: netbios-ns, port: 137, protocol: UDP, targetPort: 137 } - { name: netbios-dgm, port: 138, protocol: UDP, targetPort: 138 } - { name: netbios-ssn, port: 139, protocol: TCP, targetPort: 139 } - { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 } - { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 } - { name: smb, port: 445, protocol: TCP, targetPort: 445 } - { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 } - { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 } - { name: ldaps, port: 636, protocol: TCP, targetPort: 636 } - { name: gc, port: 3268, protocol: TCP, targetPort: 3268 } - { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 } - { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 } - { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 } - { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 } - { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 } - { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 } - { name: rpc-dnsserver, port: 5005, protocol: TCP, targetPort: 5005 } --- apiVersion: v1 kind: Service metadata: name: samba-ad-dc2 namespace: samba-directory labels: app: samba-ad samba-role: dc2 spec: clusterIP: None publishNotReadyAddresses: true selector: app: samba-ad samba-role: dc2 ports: - { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 } - { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 } - { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 } - { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 } - { name: ntp, port: 123, protocol: UDP, targetPort: 123 } - { name: netbios-ns, port: 137, protocol: UDP, targetPort: 137 } - { name: netbios-dgm, port: 138, protocol: UDP, targetPort: 138 } - { name: netbios-ssn, port: 139, protocol: TCP, targetPort: 139 } - { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 } - { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 } - { name: smb, port: 445, protocol: TCP, targetPort: 445 } - { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 } - { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 } - { name: ldaps, port: 636, protocol: TCP, targetPort: 636 } - { name: gc, port: 3268, protocol: TCP, targetPort: 3268 } - { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 } - { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 } - { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 } - { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 } - { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 } - { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 } - { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 } - { name: rpc-dnsserver, port: 5005, protocol: TCP, targetPort: 5005 } --- apiVersion: v1 kind: ConfigMap metadata: name: samba-ad-config-dc1 namespace: samba-directory data: smb.conf: | [global] workgroup = UNDERCLOUD realm = UNDERCLOUD.LOCAL netbios name = DC1 server role = active directory domain controller rpc server port = 5000 rpc server port:netlogon = 5001 rpc server port:lsarpc = 5002 rpc server port:samr = 5003 rpc server port:drsuapi = 5004 rpc server port:dnsserver = 5005 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/undercloud.local/scripts read only = No --- apiVersion: apps/v1 kind: StatefulSet metadata: name: dc1 namespace: samba-directory spec: serviceName: samba-ad-dc1 replicas: 1 selector: matchLabels: app: samba-ad samba-role: dc1 template: metadata: labels: app: samba-ad samba-role: dc1 spec: terminationGracePeriodSeconds: 30 hostname: dc1 containers: - name: samba-ad image: quay.io/samba.org/samba-ad-server:latest securityContext: capabilities: add: ["SYS_ADMIN"] envFrom: - secretRef: name: samba-ad-secrets ports: - { name: dns-tcp, containerPort: 53, protocol: TCP } - { name: dns-udp, containerPort: 53, protocol: UDP } - { name: kerberos-tcp, containerPort: 88, protocol: TCP } - { name: kerberos-udp, containerPort: 88, protocol: UDP } - { name: ldap-tcp, containerPort: 389, protocol: TCP } - { name: ldap-udp, containerPort: 389, protocol: UDP } - { name: smb, containerPort: 445, protocol: TCP } - { name: kpasswd-tcp, containerPort: 464, protocol: TCP } - { name: kpasswd-udp, containerPort: 464, protocol: UDP } - { name: ldaps, containerPort: 636, protocol: TCP } - { name: gc, containerPort: 3268, protocol: TCP } - { name: gc-ssl, containerPort: 3269, protocol: TCP } - { name: rpc-epmap, containerPort: 135, protocol: TCP } - { name: rpc-base, containerPort: 5000, protocol: TCP } - { name: rpc-netlogon, containerPort: 5001, protocol: TCP } - { name: rpc-lsarpc, containerPort: 5002, protocol: TCP } - { name: rpc-samr, containerPort: 5003, protocol: TCP } - { name: rpc-drsuapi, containerPort: 5004, protocol: TCP } - { name: rpc-dnsserver, containerPort: 5005, protocol: TCP } volumeMounts: - name: samba-state mountPath: /var/lib/samba - name: samba-etc mountPath: /etc/samba - name: samba-bootstrap mountPath: /bootstrap readOnly: true - name: samba-config mountPath: /etc/samba/smb.conf subPath: smb.conf command: ["/bin/bash", "-ec"] args: - | set -euxo pipefail if [ ! -f /var/lib/samba/.provisioned ] || [ ! -f /etc/samba/smb.conf ]; then rm -f /var/lib/samba/.provisioned rm -f /var/lib/samba/.bootstrap-ldif-applied samba-tool domain provision \ --server-role=dc \ --use-rfc2307 \ --dns-backend=SAMBA_INTERNAL \ --realm=UNDERCLOUD.LOCAL \ --domain=UNDERCLOUD \ --host-name=dc1 \ -d 3 \ --adminpass="${ADMIN_PASSWORD}" cp /var/lib/samba/private/krb5.conf /etc/krb5.conf touch /var/lib/samba/.provisioned fi cp /var/lib/samba/private/krb5.conf /etc/krb5.conf if [ ! -f /var/lib/samba/.bootstrap-ldif-applied ]; then ldbadd -H /var/lib/samba/private/sam.ldb /bootstrap/bootstrap.ldif samba-tool user setpassword sebastian --newpassword="${SEBASTIAN_PASSWORD}" samba-tool user setpassword shodan --newpassword="${SHODAN_PASSWORD}" samba-tool user setpassword lam --newpassword="${LAM_PASSWORD}" samba-tool group addmembers admins sebastian samba-tool group addmembers "Domain Admins" shodan samba-tool group addmembers "Domain Admins" lam touch /var/lib/samba/.bootstrap-ldif-applied fi exec samba -i volumes: - name: samba-bootstrap configMap: name: samba-ad-bootstrap - name: samba-config configMap: name: samba-ad-config-dc1 volumeClaimTemplates: - metadata: name: samba-state spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi storageClassName: cephfs-hyper - metadata: name: samba-etc spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: cephfs-hyper --- apiVersion: v1 kind: ConfigMap metadata: name: samba-ad-config-dc2 namespace: samba-directory data: smb.conf: | [global] workgroup = UNDERCLOUD realm = UNDERCLOUD.LOCAL netbios name = DC2 server role = active directory domain controller rpc server port = 5000 rpc server port:netlogon = 5001 rpc server port:lsarpc = 5002 rpc server port:samr = 5003 rpc server port:drsuapi = 5004 rpc server port:dnsserver = 5005 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/undercloud.local/scripts read only = No --- apiVersion: apps/v1 kind: StatefulSet metadata: name: dc2 namespace: samba-directory spec: serviceName: samba-ad-dc2 replicas: 1 selector: matchLabels: app: samba-ad samba-role: dc2 template: metadata: labels: app: samba-ad samba-role: dc2 spec: terminationGracePeriodSeconds: 30 hostname: dc2 containers: - name: samba-ad image: quay.io/samba.org/samba-ad-server:latest securityContext: capabilities: add: ["SYS_ADMIN"] envFrom: - secretRef: name: samba-ad-secrets ports: - { name: dns-tcp, containerPort: 53, protocol: TCP } - { name: dns-udp, containerPort: 53, protocol: UDP } - { name: kerberos-tcp, containerPort: 88, protocol: TCP } - { name: kerberos-udp, containerPort: 88, protocol: UDP } - { name: ldap-tcp, containerPort: 389, protocol: TCP } - { name: ldap-udp, containerPort: 389, protocol: UDP } - { name: smb, containerPort: 445, protocol: TCP } - { name: kpasswd-tcp, containerPort: 464, protocol: TCP } - { name: kpasswd-udp, containerPort: 464, protocol: UDP } - { name: ldaps, containerPort: 636, protocol: TCP } - { name: gc, containerPort: 3268, protocol: TCP } - { name: gc-ssl, containerPort: 3269, protocol: TCP } - { name: rpc-epmap, containerPort: 135, protocol: TCP } - { name: rpc-base, containerPort: 5000, protocol: TCP } - { name: rpc-netlogon, containerPort: 5001, protocol: TCP } - { name: rpc-lsarpc, containerPort: 5002, protocol: TCP } - { name: rpc-samr, containerPort: 5003, protocol: TCP } - { name: rpc-drsuapi, containerPort: 5004, protocol: TCP } - { name: rpc-dnsserver, containerPort: 5005, protocol: TCP } volumeMounts: - name: samba-state mountPath: /var/lib/samba - name: samba-etc mountPath: /etc/samba - name: samba-config mountPath: /etc/samba/smb.conf subPath: smb.conf command: ["/bin/bash", "-ec"] args: - | set -euxo pipefail DC1_FQDN="dc1.undercloud.local" if [ ! -f /var/lib/samba/.joined ] || [ ! -f /etc/samba/smb.conf ]; then rm -f /var/lib/samba/.joined until getent hosts "${DC1_FQDN}"; do echo "waiting for dc1 dns" sleep 5 done until bash -c "/dev/null; do echo "waiting for dc1 ldap" sleep 5 done sleep 30 samba-tool domain join UNDERCLOUD.LOCAL DC \ --server="${DC1_FQDN}" \ -d 3 \ -U"Administrator%${ADMIN_PASSWORD}" cp /var/lib/samba/private/krb5.conf /etc/krb5.conf touch /var/lib/samba/.joined fi cp /var/lib/samba/private/krb5.conf /etc/krb5.conf exec samba -i volumes: - name: samba-config configMap: name: samba-ad-config-dc2 volumeClaimTemplates: - metadata: name: samba-state spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi storageClassName: cephfs-hyper - metadata: name: samba-etc spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: cephfs-hyper --- apiVersion: v1 kind: Service metadata: name: samba-ad-dc1-direct namespace: samba-directory labels: app: samba-ad samba-role: dc1 spec: internalTrafficPolicy: Cluster clusterIP: 2001:470:7116:f:1::21 clusterIPs: - 2001:470:7116:f:1::21 - 10.0.91.21 ipFamilies: - IPv6 - IPv4 ipFamilyPolicy: PreferDualStack type: ClusterIP selector: app: samba-ad samba-role: dc1 ports: - { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 } - { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 } - { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 } - { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 } - { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 } - { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 } - { name: smb, port: 445, protocol: TCP, targetPort: 445 } - { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 } - { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 } - { name: ldaps, port: 636, protocol: TCP, targetPort: 636 } - { name: gc, port: 3268, protocol: TCP, targetPort: 3268 } - { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 } - { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 } - { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 } - { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 } - { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 } - { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 } - { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 } - { name: rpc-dnsserver, port: 5005, protocol: TCP, targetPort: 5005 } --- apiVersion: v1 kind: Service metadata: name: samba-ad-dc2-direct namespace: samba-directory labels: app: samba-ad samba-role: dc2 spec: internalTrafficPolicy: Cluster clusterIP: 2001:470:7116:f:1::22 clusterIPs: - 2001:470:7116:f:1::22 - 10.0.91.22 ipFamilies: - IPv6 - IPv4 ipFamilyPolicy: PreferDualStack type: ClusterIP selector: app: samba-ad samba-role: dc2 ports: - { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 } - { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 } - { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 } - { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 } - { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 } - { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 } - { name: smb, port: 445, protocol: TCP, targetPort: 445 } - { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 } - { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 } - { name: ldaps, port: 636, protocol: TCP, targetPort: 636 } - { name: gc, port: 3268, protocol: TCP, targetPort: 3268 } - { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 } - { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 } - { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 } - { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 } - { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 } - { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 } - { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 } - { name: rpc-dnsserver, port: 5005, protocol: TCP, targetPort: 5005 } --- apiVersion: v1 kind: Service metadata: name: samba-ad namespace: samba-directory labels: app: samba-ad spec: internalTrafficPolicy: Cluster clusterIP: 2001:470:7116:f:1::20 clusterIPs: - 2001:470:7116:f:1::20 - 10.0.91.20 ipFamilies: - IPv6 - IPv4 ipFamilyPolicy: PreferDualStack type: ClusterIP selector: app: samba-ad ports: - { name: dns-tcp, port: 53, protocol: TCP, targetPort: 53 } - { name: dns-udp, port: 53, protocol: UDP, targetPort: 53 } - { name: kerberos-tcp, port: 88, protocol: TCP, targetPort: 88 } - { name: kerberos-udp, port: 88, protocol: UDP, targetPort: 88 } - { name: ldap-tcp, port: 389, protocol: TCP, targetPort: 389 } - { name: ldap-udp, port: 389, protocol: UDP, targetPort: 389 } - { name: smb, port: 445, protocol: TCP, targetPort: 445 } - { name: kpasswd-tcp, port: 464, protocol: TCP, targetPort: 464 } - { name: kpasswd-udp, port: 464, protocol: UDP, targetPort: 464 } - { name: ldaps, port: 636, protocol: TCP, targetPort: 636 } - { name: gc, port: 3268, protocol: TCP, targetPort: 3268 } - { name: gc-ssl, port: 3269, protocol: TCP, targetPort: 3269 } - { name: rpc-epmap, port: 135, protocol: TCP, targetPort: 135 } - { name: rpc-base, port: 5000, protocol: TCP, targetPort: 5000 } - { name: rpc-netlogon, port: 5001, protocol: TCP, targetPort: 5001 } - { name: rpc-lsarpc, port: 5002, protocol: TCP, targetPort: 5002 } - { name: rpc-samr, port: 5003, protocol: TCP, targetPort: 5003 } - { name: rpc-drsuapi, port: 5004, protocol: TCP, targetPort: 5004 } - { name: rpc-dnsserver, port: 5005, protocol: TCP, targetPort: 5005 }