-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #23 from aservo/feature/ldap_crowd_adapter
Implement chart for LDAP-Crowd-Adapter
- Loading branch information
Showing
11 changed files
with
800 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| apiVersion: v2 | ||
| name: ldap-crowd-adapter | ||
| version: 0.1.0 # the chart version | ||
| appVersion: 7.1.0 | ||
| description: A LDAP server that delegates request to Atlassian Crowd | ||
| type: application | ||
| sources: | ||
| - https://github.com/aservo/charts | ||
| - https://github.com/aservo/charts/ldap-crowd-adapter | ||
| - https://github.com/aservo/ldap-crowd-adapter | ||
| keywords: | ||
| - ldap | ||
| - authentication | ||
| - authorization | ||
| maintainers: | ||
| - name: ASERVO Software GmbH | ||
| email: [email protected] | ||
| engine: gotpl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| fullnameOverride: "ldap-adapter" | ||
| nameOverride: "ldap-adapter" | ||
|
|
||
| resources: | ||
| requests: | ||
| cpu: 100m | ||
| memory: 500M | ||
|
|
||
| jvmMemory: | ||
| xms: 500M | ||
| xmx: 500M | ||
|
|
||
| server: | ||
| directoryBackend: | ||
| permanent: 'de.aservo.ldap.adapter.backend.JsonDirectoryBackend' | ||
|
|
||
| extraVolumes: | | ||
| - name: test-data | ||
| configMap: | ||
| name: ldap-adapter-test-data-config | ||
| defaultMode: 0555 | ||
| items: | ||
| - key: test-data.json | ||
| path: test-data.json | ||
| extraVolumeMounts: | | ||
| - name: test-data | ||
| mountPath: /opt/test-data.json | ||
| subPath: test-data.json | ||
| readOnly: true | ||
| extraEnvFrom: | | ||
| - configMapRef: | ||
| name: ldap-adapter-test-env-config | ||
| configmaps: | ||
| test-env-config: | ||
| data: | ||
| JAVA_OPTS: -Ddb-uri=file:///opt/test-data.json | ||
| test-data-config: | ||
| data: | ||
| test-data.json: |- | ||
| { | ||
| "groups": [ | ||
| { | ||
| "name": "GroupA", | ||
| "description": "Description of GroupA.", | ||
| "group_members": [], | ||
| "user_members": [ | ||
| "UserA" | ||
| ] | ||
| } | ||
| ], | ||
| "users": [ | ||
| { | ||
| "username": "UserA", | ||
| "first_name": "FirstNameOfUserA", | ||
| "last_name": "LastNameOfUserA", | ||
| "display_name": "DisplayNameOfUserA", | ||
| "email": "[email protected]", | ||
| "password": "pw-user-a", | ||
| "active": true | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
|
|
||
| {{/* | ||
| Expand the name of the chart. | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.name" -}} | ||
| {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||
| {{- end }} | ||
|
|
||
| {{/* | ||
| Create a default fully qualified app name. | ||
| We truncate to 20 characters because this is used to set the node identifier in WildFly which is limited to | ||
| 23 characters. This allows for a replica suffix for up to 99 replicas. | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.fullname" -}} | ||
| {{- if .Values.fullnameOverride }} | ||
| {{- .Values.fullnameOverride | trunc 20 | trimSuffix "-" }} | ||
| {{- else }} | ||
| {{- $name := default .Chart.Name .Values.nameOverride }} | ||
| {{- if contains $name .Release.Name }} | ||
| {{- .Release.Name | trunc 20 | trimSuffix "-" }} | ||
| {{- else }} | ||
| {{- printf "%s-%s" .Release.Name $name | trunc 20 | trimSuffix "-" }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- end }} | ||
|
|
||
| {{/* | ||
| Create chart name and version as used by the chart label. | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.chart" -}} | ||
| {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||
| {{- end }} | ||
|
|
||
| {{/* | ||
| Common labels | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.labels" -}} | ||
| helm.sh/chart: {{ include "ldap-crowd-adapter.chart" . }} | ||
| {{ include "ldap-crowd-adapter.selectorLabels" . }} | ||
| app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} | ||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
| {{- end }} | ||
|
|
||
| {{/* | ||
| Selector labels | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.selectorLabels" -}} | ||
| app.kubernetes.io/name: {{ include "ldap-crowd-adapter.name" . }} | ||
| app.kubernetes.io/instance: {{ .Release.Name }} | ||
| {{- end }} | ||
|
|
||
| {{/* | ||
| Create the name of the service account to use | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.serviceAccountName" -}} | ||
| {{- if .Values.serviceAccount.create }} | ||
| {{- default (include "ldap-crowd-adapter.fullname" .) .Values.serviceAccount.name }} | ||
| {{- else }} | ||
| {{- default "default" .Values.serviceAccount.name }} | ||
| {{- end }} | ||
| {{- end }} | ||
|
|
||
| {{/* | ||
| Get the container port | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.containerPort" -}} | ||
| {{- if .Values.ssl.enabled }} | ||
| {{- .Values.containerSecurePort }} | ||
| {{- else }} | ||
| {{- .Values.containerDefaultPort }} | ||
| {{- end }} | ||
| {{- end }} | ||
|
|
||
| {{/* | ||
| Get the service port | ||
| */}} | ||
| {{- define "ldap-crowd-adapter.servicePort" -}} | ||
| {{- if .Values.ssl.enabled }} | ||
| {{- .Values.service.ldapsPort }} | ||
| {{- else }} | ||
| {{- .Values.service.ldapPort }} | ||
| {{- end }} | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: {{ include "ldap-crowd-adapter.fullname" . }}-config-env | ||
| {{- with .Values.annotations }} | ||
| annotations: | ||
| {{- range $key, $value := . }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| labels: | ||
| {{- include "ldap-crowd-adapter.labels" $ | nindent 4 }} | ||
| {{- range $key, $value := .Values.labels }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| data: | ||
| {{- with .Values.logLevel }} | ||
| LOGLEVEL: '{{ . }}' | ||
| {{- end }} | ||
| {{- with .Values.jvmMemory.xms }} | ||
| XMS: '{{ . }}' | ||
| {{- end }} | ||
| {{- with .Values.jvmMemory.xmx }} | ||
| XMX: '{{ . }}' | ||
| {{- end }} | ||
| {{- with .Values.jvmMemory.xss }} | ||
| XSS: '{{ . }}' | ||
| {{- end }} | ||
| SERVER_SSL_ENABLED: '{{ default "false" .Values.ssl.enabled }}' | ||
| {{- with .Values.ssl.keyStoreFile }} | ||
| SERVER_SSL_KEY_STORE_FILE: '{{ . }}' | ||
| {{- end }} | ||
| {{- with .Values.server.cacheDirectory }} | ||
| SERVER_CACHE_DIR: '{{ . }}' | ||
| {{- end }} | ||
| SERVER_BIND_ADDRESS: '0.0.0.0:{{ include "ldap-crowd-adapter.containerPort" . }}' | ||
| {{- with .Values.server.directoryBackend.permanent }} | ||
| SERVER_DIRECTORY_BACKEND_PERMANENT: '{{ . }}' | ||
| {{- end }} | ||
| {{- with .Values.server.directoryBackend.session }} | ||
| SERVER_DIRECTORY_BACKEND_SESSION: '{{ . }}' | ||
| {{- end }} | ||
| SERVER_MODE_FLATTENING: '{{ .Values.server.flattening }}' | ||
| SERVER_RESPONSE_MAX_SIZE_LIMIT: '{{ .Values.server.response.maxSizeLimit }}' | ||
| SERVER_RESPONSE_MAX_TIME_LIMIT: '{{ .Values.server.response.maxTimeLimit }}' | ||
| SERVER_CONNECTION_BACK_LOG: '{{ .Values.server.connection.backlog }}' | ||
| SERVER_RESPONSE_ACTIVE_THREADS: '{{ .Values.server.connection.activeThreads }}' | ||
| SERVER_ABBREVIATE_SN_ATTRIBUTE: '{{ .Values.server.attribute.snAbbreviate }}' | ||
| SERVER_ABBREVIATE_GN_ATTRIBUTE: '{{ .Values.server.attribute.gnAbbreviate }}' | ||
| CROWD_APP_NAME: '{{ .Values.crowd.applicationName }}' | ||
| CROWD_SERVER_URL: '{{ .Values.crowd.serverUrl }}' | ||
| CROWD_VALIDATION_INTERVAL: '{{ .Values.crowd.sessionValidationInterval }}' | ||
| BACKEND_READINESS_CHECK: '{{ default "false" .Values.backend.crowd.readinessCheck }}' | ||
| BACKEND_REST_BASE_URL: '{{ .Values.backend.crowd.adminRest.baseUrl }}' | ||
| BACKEND_MIRROR_SYNC_PAGE_SIZE: '{{ .Values.backend.mirror.sync.pageSize }}' | ||
| BACKEND_MIRROR_AUDIT_LOG_PAGE_SIZE: '{{ .Values.backend.mirror.auditLog.pageSize }}' | ||
| BACKEND_MIRROR_AUDIT_LOG_PAGE_LIMIT: '{{ .Values.backend.mirror.auditLog.pageLimit }}' | ||
| BACKEND_MIRROR_FORCE_FULL_SYNC_ON_BOOT: '{{ .Values.backend.mirror.forceFullSyncOnBoot }}' | ||
| BACKEND_JDBC_DRIVER: '{{ .Values.backend.db.connection.jdbcDriver }}' | ||
| BACKEND_JDBC_URL: '{{ .Values.backend.db.connection.url }}' | ||
| BACKEND_JDBC_CON_MIN_IDLE: '{{ .Values.backend.db.connection.minIdle }}' | ||
| BACKEND_JDBC_CON_MAX_IDLE: '{{ .Values.backend.db.connection.maxIdle }}' | ||
| BACKEND_JDBC_CON_MAX_TOTAL: '{{ .Values.backend.db.connection.maxTotal }}' | ||
| BACKEND_JDBC_CON_MAX_OPEN_STMT: '{{ .Values.backend.db.connection.maxOpenPreparedStatements }}' | ||
| BACKEND_JDBC_ISO_LEVEL: '{{ .Values.backend.db.connection.isolationLevel }}' | ||
| BACKEND_TRANSACTION_TIMEOUT: '{{ .Values.backend.db.transactionTimeout }}' | ||
| BACKEND_APPLY_NATIVE_SQL: '{{ .Values.backend.db.applyNativeSql }}' | ||
| BACKEND_USE_MATERIALIZED_VIEWS: '{{ .Values.backend.db.useMaterializedViews }}' | ||
| BACKEND_PASS_ACTIVE_USERS_ONLY: '{{ .Values.backend.db.passActiveUsersOnly }}' | ||
| WAIT_DATABASE: '{{ default "false" .Values.waitDatabase }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| {{- range $nameSuffix, $values := .Values.configmaps }} | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: {{ include "ldap-crowd-adapter.fullname" $ }}-{{ $nameSuffix }} | ||
| {{- with $values.annotations }} | ||
| annotations: | ||
| {{- range $key, $value := . }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| labels: | ||
| {{- include "ldap-crowd-adapter.labels" $ | nindent 4 }} | ||
| {{- range $key, $value := $values.labels }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| {{- with $values.data }} | ||
| data: | ||
| {{- toYaml . | nindent 2 }} | ||
| {{- end }} | ||
| {{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: {{ include "ldap-crowd-adapter.fullname" . }}-secret-env | ||
| {{- with .Values.annotations }} | ||
| annotations: | ||
| {{- range $key, $value := . }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| labels: | ||
| {{- include "ldap-crowd-adapter.labels" $ | nindent 4 }} | ||
| {{- range $key, $value := .Values.labels }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| type: {{ default "Opaque" .Values.type }} | ||
| data: | ||
| {{- with .Values.ssl.keyStorePassword }} | ||
| SERVER_SSL_KEY_STORE_PASSWORD: '{{ . | b64enc }}' | ||
| {{- end }} | ||
| {{- with .Values.ssl.crt }} | ||
| SSL_CRT: '{{ . | b64enc }}' | ||
| {{- end }} | ||
| {{- with .Values.ssl.key }} | ||
| SSL_KEY: '{{ . | b64enc }}' | ||
| {{- end }} | ||
| {{- with .Values.crowd.applicationPassword }} | ||
| CROWD_APP_PASSWORD: '{{ . | b64enc }}' | ||
| {{- end }} | ||
| {{- with .Values.backend.crowd.adminRest.username }} | ||
| BACKEND_REST_USERNAME: '{{ . | b64enc }}' | ||
| {{- end }} | ||
| {{- with .Values.backend.crowd.adminRest.userPassword }} | ||
| BACKEND_REST_USER_PASSWORD: '{{ . | b64enc }}' | ||
| {{- end }} | ||
| {{- with .Values.backend.db.connection.user }} | ||
| BACKEND_JDBC_USER: '{{ . | b64enc }}' | ||
| {{- end }} | ||
| {{- with .Values.backend.db.connection.password }} | ||
| BACKEND_JDBC_PASSWORD: '{{ . | b64enc }}' | ||
| {{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| {{- range $nameSuffix, $values := .Values.secrets }} | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: {{ include "ldap-crowd-adapter.fullname" $ }}-{{ $nameSuffix }} | ||
| {{- with $values.annotations }} | ||
| annotations: | ||
| {{- range $key, $value := . }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| labels: | ||
| {{- include "ldap-crowd-adapter.labels" $ | nindent 4 }} | ||
| {{- range $key, $value := $values.labels }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| type: {{ default "Opaque" $values.type }} | ||
| {{- with $values.data }} | ||
| data: | ||
| {{- toYaml . | nindent 2 }} | ||
| {{- end }} | ||
| {{- with $values.stringData }} | ||
| stringData: | ||
| {{- range $key, $value := . }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 2 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: {{ include "ldap-crowd-adapter.fullname" . }} | ||
| {{- with .Values.service.annotations }} | ||
| annotations: | ||
| {{- range $key, $value := . }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| labels: | ||
| {{- include "ldap-crowd-adapter.labels" . | nindent 4 }} | ||
| {{- range $key, $value := .Values.service.labels }} | ||
| {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} | ||
| {{- end }} | ||
| app.kubernetes.io/component: ldap | ||
| spec: | ||
| type: {{ .Values.service.type }} | ||
| {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} | ||
| loadBalancerIP: {{ .Values.service.loadBalancerIP }} | ||
| {{- end }} | ||
| {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} | ||
| loadBalancerSourceRanges: | ||
| {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} | ||
| {{- end }} | ||
| {{- if eq .Values.service.type "LoadBalancer" }} | ||
| externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} | ||
| {{- end }} | ||
| {{- if .Values.service.sessionAffinity }} | ||
| sessionAffinity: {{ .Values.service.sessionAffinity }} | ||
| {{- with .Values.service.sessionAffinityConfig }} | ||
| sessionAffinityConfig: | ||
| {{- toYaml . | nindent 4 }} | ||
| {{- end }} | ||
| {{- end }} | ||
| ports: | ||
| - name: ldap | ||
| port: {{ include "ldap-crowd-adapter.servicePort" . }} | ||
| targetPort: ldap | ||
| {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.nodePort }} | ||
| nodePort: {{ .Values.service.nodePort }} | ||
| {{- end }} | ||
| protocol: TCP | ||
| {{- with .Values.service.extraPorts }} | ||
| {{- toYaml . | nindent 4 }} | ||
| {{- end }} | ||
| selector: | ||
| {{- include "ldap-crowd-adapter.selectorLabels" . | nindent 4 }} |
Oops, something went wrong.