目录
doc
https://hub.kubeapps.com/charts/geek-cookbook/openldap
ldap
389 tcp
636 tcp
init pv
kubectl apply -f /free_cicdfs0/k8s_ymls/app-yml/ldap/ldap-pv.yml
kubectl replace --force -f /free_cicdfs0/k8s_ymls/app-yml/ldap/ldap-pv.yml
kubectl delete -f /free_cicdfs0/k8s_ymls/app-yml/ldap/ldap-pv.yml
ldap init
docker pull osixia/openldap:1.1.10
# change tag and push self hub
docker tag osixia/openldap:1.1.10 docker-hub.one-k.xyz/osixia/openldap:1.1.10
docker push docker-hub.one-k.xyz/osixia/openldap:1.1.10
helm repo add geek-cookbook https://geek-cookbook.github.io/charts
helm install geek-cookbook/openldap --version 1.2.9 --generate-name
# init
kubectl create namespace openldap
helm install -n openldap my-release \
--set image.repository='docker-hub.one-k.xyz/osixia/openldap' \
--set image.tag='1.1.10' \
--set replicaCount='1' \
--set service.type='LoadBalancer' \
--set service.loadBalancerIP='192.168.99.135' \
--set persistence.enabled='true' \
--set persistence.storageClass='ldap-storage' \
--set persistence.size='50Gi' \
--set persistence.accessMode='ReadWriteMany' \
--set adminPassword='root@free_cicd' \
geek-cookbook/openldap
# uninstall
helm uninstall -n openldap my-release
# 检查 服务 是否 正常 分配 了 ip
kubectl get svc --all-namespaces
use
NAME: my-release
LAST DEPLOYED: Thu Sep 2 10:27:04 2021
NAMESPACE: openldap
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
OpenLDAP has been installed. You can access the server from within the k8s cluster using:
my-release-openldap.openldap.svc.cluster.local:389
You can access the LDAP adminPassword and configPassword using:
kubectl get secret --namespace openldap my-release-openldap -o jsonpath="{.data.LDAP_ADMIN_PASSWORD}" | base64 --decode; echo
kubectl get secret --namespace openldap my-release-openldap -o jsonpath="{.data.LDAP_CONFIG_PASSWORD}" | base64 --decode; echo
You can access the LDAP service, from within the cluster (or with kubectl port-forward) with a command like (replace password and domain):
ldapsearch -x -H ldap://my-release-openldap.openldap.svc.cluster.local:389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w $LDAP_ADMIN_PASSWORD
Test server health using Helm test:
helm test my-release
You can also consider installing the helm chart for phpldapadmin to manage this instance of OpenLDAP, or install Apache Directory Studio, and connect using kubectl port-forward.
查看状态
kubectl get pod -n openldap
NAME READY STATUS RESTARTS AGE
my-release-openldap-8459c66b7f-582lt 0/1 ContainerCreating 0 6m45s
my-release-openldap-8459c66b7f-jktjs 0/1 ContainerCreating 0 6m45s
#
kubectl describe -n openldap pod my-release-openldap-8459c66b7f-582lt
# Warning FailedMount 51s (x12 over 9m5s) kubelet MountVolume.SetUp failed for volume "ldap-pv-2" : hostPath type check failed: /free_cicdfs0/k8s_data/ldap/pv-2 is not a directory
# Warning FailedMount 14s (x3 over 7m2s) kubelet Unable to attach or mount volumes: unmounted volumes=[data], unattached volumes=[data kube-api-access-qkmj2]: timed out waiting for the condition
ps:欢迎大家进群交流 qq群:3638803451
公主号: