[Kubernetes (K8S)] Helm install openldap and phpldapadmin to manage LDAP objects within Kubernetes (K8S)

Posted on Edited on In , , Views: Word count in article: 6.9k Reading time ≈ 6 mins.

openldap and phpldapadmin

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. The suite includes:

  • slapd - stand-alone LDAP daemon (server)

  • libraries implementing the LDAP protocol, and

  • utilities, tools, and sample clients.

phpLDAPadmin (also known as PLA) is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server.

Its hierarchical tree-viewer and advanced search functionality make it intuitive to browse and administer your LDAP directory. Since it is a web application, this LDAP browser works on many platforms, making your LDAP server easily manageable from any location.

phpLDAPadmin is the perfect LDAP browser for the LDAP professional and novice alike. Its user base consists mostly of LDAP administration professionals.

This article is about how to use Helm to deploy openldap and phpldapadmin on Kubernetes (K8S).

Prerequisites

  • Kubernetes (K8S)
    Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.

    For more information about installing and using Kubernetes (K8s), see the Kubernetes (K8s) Docs.

  • Helm
    Helm is the best way to find, share, and use software built for Kubernetes.

    For more information about installing and using Helm, see the Helm Docs.

Install openldap

Helm install openldap into openldap or your other namespace.

1
2
3
4
5
6
7
8
9
10
11
# crate namespace:
$ kubectl create namespace openldap

# Add the Stable Helm repository:
$ helm repo add stable http://mirror.azure.cn/kubernetes/charts/

# Update your local Helm chart repository cache:
$ helm repo update

# To install Helm chart:
$ helm install openldap stable/openldap --namespace openldap -f values.yaml

See Helm release about openldap

1
2
3
$ helm list --namespace openldap
NAME                       	NAMESPACE             	REVISION	UPDATED                               	STATUS  	CHART                            	APP VERSION
openldap     	openldap	1       	2020-10-17 00:06:55.701473 +0800 +0800	deployed	openldap-1.2.7     	2.3.0

See pods about openldap.

1
2
3
$ kubectl get pods -n openldap
NAME                       READY   STATUS    RESTARTS   AGE
openldap-c44fd599c-shbdg   1/1     Running   1          32d

Custom Values.yaml

Remember to replace content within {{ }} with your prefer values.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# charts/values.yaml at master · helm/charts
# https://github.com/helm/charts/blob/master/stable/openldap/values.yaml

# LDAP서버 설치 :: 온달의 해피클라우드(Happy@Cloud)
# https://happycloud-lee.tistory.com/117

# # settings for enabling TLS
# tls:
#   enabled: false
#   secret: ""  # The name of a kubernetes.io/tls type secret to use for TLS
#   CA:
#     enabled: false
#     secret: ""  # The name of a generic secret to use for custom CA certificate (ca.crt)

# Default configuration for openldap as environment variables. These get injected directly in the container.
# Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
env:
  LDAP_LOG_LEVEL: "256"
  LDAP_ORGANISATION: "CloudoLife Inc."
  LDAP_DOMAIN: "examples.cloudolife.com"
  LDAP_BASE_DN: ""
  LDAP_ADMIN_PASSWORD: {{ env.LDAP_ADMIN_PASSWORD }}
  LDAP_CONFIG_PASSWORD: {{ env.LDAP_CONFIG_PASSWORD }}
  LDAP_READONLY_USER: "true"
  LDAP_READONLY_USER_USERNAME: "readonly"
  LDAP_READONLY_USER_PASSWORD: {{ env.LDAP_READONLY_USER_PASSWORD }}
  LDAP_RFC2307BIS_SCHEMA: "false"
  LDAP_BACKEND: "mdb"
  LDAP_TLS: "true"
  LDAP_TLS_CRT_FILENAME: "ldap.crt"
  LDAP_TLS_KEY_FILENAME: "ldap.key"
  LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
  LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
  LDAP_TLS_ENFORCE: "false"
  LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
  LDAP_TLS_PROTOCOL_MIN: "3.1"
  LDAP_TLS_VERIFY_CLIENT: "allow" # allow or demand
  LDAP_REPLICATION: "false"
  #  LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$  LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
  #  LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$  LDAP_BASE_DN" bindmethod=simple credentials=$  LDAP_ADMIN_PASSWORD searchbase="$  LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
  #  LDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
  KEEP_EXISTING_CONFIG: "false"
  LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
  LDAP_SSL_HELPER_PREFIX: "ldap"

# Default Passwords to use, stored as a secret. If unset, passwords are auto-generated.
# You can override these at install time with
# helm install openldap --set openldap.adminPassword=<passwd>,openldap.configPassword=<passwd>
adminPassword: {{ env.adminPassword }}
configPassword: {{ env.configPassword }}

## Persist data to a persistent volume
persistence:
  enabled: true
  size: 1Gi

## test container details
test:
  enabled: true

Install phpldapadmin

Install by Helm

Helm install phpldapadmin into openldap namespace.

1
2
3
4
5
6
7
8
9
10
11
# Add the Helm repository:
$ helm repo add cetic https://cetic.github.io/helm-charts

# Update your local Helm chart repository cache:
$ helm repo update

# crate namespace:
$ kubectl create namespace phpldapadmin

# To install Helm chart:
$ helm install phpldapadmin cetic/phpldapadmin --namespace phpldapadmin -f values.yaml

See Helm release about phpldapadmin.

1
2
3
$ helm list --namespace openldap
NAME        	NAMESPACE	REVISION	UPDATED                               	STATUS  	CHART             	APP VERSION
phpldapadmin	openldap 	2       	2020-11-21 23:28:14.622381 +0800 +0800	deployed	phpldapadmin-0.1.4	0.7.1

See pods about phpldapadmin.

1
2
3
$ kubectl get pods -n openldap
NAME                       READY   STATUS    RESTARTS   AGE
phpldapadmin-c44fd599c-shbdg   1/1     Running   1          32d

Custom Values.yaml

Remember to replace content within {{ }} with your prefer values.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

# helm-phpLDAPadmin/values.yaml at master · cetic/helm-phpLDAPadmin
# https://github.com/cetic/helm-phpLDAPadmin/blob/master/values.yaml

## TODO: add this in the deployment.yaml
env:
  PHPLDAPADMIN_LDAP_HOSTS: openldap.openldap

## Expose the pgAdmin service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
  type: ClusterIP

# Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
#
ingress:
  enabled: true

  annotations:
    kubernetes.io/ingress.class: nginx

  hosts:
    - {{ Values.ingress.host }}

  tls:
    - secretName: {{ Values.ingress.tls.secretName }}
      hosts:
        - {{ Values.ingress.host }}

Access

Then, you can visit jenkins server with https://{{ .Values.ingress.host }}.

References

[1] charts/stable/openldap at master · helm/charts - https://github.com/helm/charts/tree/master/stable/openldap

[2] osixia/docker-openldap: A docker image to run OpenLDAP 🐳 - https://github.com/osixia/docker-openldap

[3] phpldapadmin 0.1.4 · helm/cetic - https://artifacthub.io/packages/helm/cetic/phpldapadmin

[4] OpenLDAP, Main Page - https://www.openldap.org/

[5] Main Page - phpLDAPadmin - http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

[6] Helm - https://helm.sh/

[7] Kubernetes - https://kubernetes.io/