Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-11 15:37:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1352 from andresbono/ldap-changes

Browse Source 
[bitnami/mariadb-galera] Update LDAP configuration
This commit is contained in:
Juan Ariza Toledano
2019-08-16 08:50:54 +02:00
committed by GitHub
parent ceb85e662b f668e2da29
commit f713a62efd
8 changed files with 117 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/mariadb-galera/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
name: mariadb-galera
version: 0.0.2
version: 0.1.0
appVersion: 10.3.17
description: MariaDB Galera is a multi-master database cluster solution for synchronous replication and high availability.
keywords:

13
bitnami/mariadb-galera/README.md
View File

@@ -101,6 +101,9 @@ The following table lists the configurable parameters of the MariaDB Galera char
| `ldap.binddn` | LDAP bind DN | `nil` |
| `ldap.bindpw` | LDAP bind password | `nil` |
| `ldap.bslookup` | LDAP base lookup | `nil` |
| `ldap.nss_initgroups_ignoreusers` | LDAP ignored users | `root,nslcd` |
| `ldap.scope` | LDAP search scope | `nil` |
| `ldap.tls_reqcert` | LDAP TLS check on server certificates | `nil` |
| `mariadbConfiguration` | Configuration for the MariaDB server | `_default values in the values.yaml file_` |
| `configurationConfigMap` | ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. | `nil` |
| `initdbScripts` | Dictionary of initdb scripts | `nil` |
@@ -183,17 +186,23 @@ LDAP support can be enabled in the chart by specifying the `ldap.` parameters wh
- `ldap.binddn`: LDAP bind DN. No defaults.
- `ldap.bindpw`: LDAP bind password. No defaults.
- `ldap.bslookup`: LDAP base lookup. No defaults.
- `ldap.nss_initgroups_ignoreusers`: LDAP ignored users. `root,nslcd`.
- `ldap.scope`: LDAP search scope. No defaults.
- `ldap.tls_reqcert`: LDAP TLS check on server certificates. No defaults.
For example:
```bash
$ helm install --name my-release bitnami/mariadb-galera \
--set ldap.enabled="true" \
--set ldap.url="ldap://my_ldap_server" \
--set ldap.uri="ldap://my_ldap_server" \
--set ldap.base="dc=example,dc=org" \
--set ldap.binddn="cn=admin,dc=example,dc=org" \
--set ldap.bindpw="admin" \
--set ldap.bslookup="ou=group-ok,dc=example,dc=org"
--set ldap.bslookup="ou=group-ok,dc=example,dc=org" \
--set ldap.nss_initgroups_ignoreusers="root,nslcd" \
--set ldap.scope="sub" \
--set ldap.tls_reqcert="demand"
```
Next, login to the MariaDB server using the `mysql` client and add the PAM authenticated LDAP users.

1
bitnami/mariadb-galera/templates/NOTES.txt
View File

@@ -59,4 +59,5 @@ To upgrade this helm chart:
{{ if .Values.db.user }}--set db.user={{ .Values.db.user }} --set db.password=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) {{ end }}--set db.name={{ .Values.db.name }} \
--set galera.mariabackup.password=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "mariadb-galera.fullname" . }}{{ end }} -o jsonpath="{.data.mariadb-galera-mariabackup-password}" | base64 --decode)
{{ include "mariadb-galera.validateValues" . }}
{{ include "mariadb-galera.checkRollingTags" . }}

84
bitnami/mariadb-galera/templates/_helpers.tpl
View File

@@ -121,24 +121,24 @@ Also, we can not use a single if because lazy evaluation is not an option
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end -}}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end -}}
{{- end -}}
{{- end -}}
@@ -147,5 +147,65 @@ imagePullSecrets:
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "mariadb-galera.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "mariadb-galera.validateValues.rootPassword" .) -}}
{{- $messages := append $messages (include "mariadb-galera.validateValues.password" .) -}}
{{- $messages := append $messages (include "mariadb-galera.validateValues.mariadbBackupPassword" .) -}}
{{- $messages := append $messages (include "mariadb-galera.validateValues.ldap" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of MariaDB Galera - must provide passwords when forced */}}
{{- define "mariadb-galera.validateValues.rootPassword" -}}
{{- if and .Values.rootUser.forcePassword (empty .Values.rootUser.password) -}}
mariadb-galera: rootUser.password
A MariaDB Database Root Password is required ("rootUser.forcePassword=true" is set)
Please set a password (--set rootUser.password="xxxx")
{{- end -}}
{{- end -}}
{{/* Validate values of MariaDB Galera - must provide passwords when forced */}}
{{- define "mariadb-galera.validateValues.password" -}}
{{- if and .Values.db.forcePassword (empty .Values.db.password) -}}
mariadb-galera: db.password
A MariaDB Database Password is required ("db.forcePassword=true" is set)
Please set a password (--set db.password="xxxx")
{{- end -}}
{{- end -}}
{{/* Validate values of MariaDB Galera - must provide passwords when forced */}}
{{- define "mariadb-galera.validateValues.mariadbBackupPassword" -}}
{{- if and .Values.galera.mariabackup.forcePassword (empty .Values.galera.mariabackup.password) -}}
mariadb-galera: galera.mariabackup.password
A MariaBackup Password is required ("galera.mariabackup.forcePassword=true" is set)
Please set a password (--set galera.mariabackup.password="xxxx")
{{- end -}}
{{- end -}}
{{/* Validate values of MariaDB Galera - must provide mandatory LDAP paremeters when LDAP is enabled */}}
{{- define "mariadb-galera.validateValues.ldap" -}}
{{- if and .Values.ldap.enabled (or (empty .Values.ldap.uri) (empty .Values.ldap.base) (empty .Values.ldap.binddn) (empty .Values.ldap.bindpw)) -}}
mariadb-galera: LDAP
Invalid LDAP configuration. When enabling LDAP support, the parameters "ldap.uri",
"ldap.base", "ldap.binddn", and "ldap.bindpw" are mandatory. Please provide them:
$ helm install --name {{ .Release.Name }} bitnami/mariadb-galera \
--set ldap.enabled=true \
--set ldap.uri="ldap://my_ldap_server" \
--set ldap.base="dc=example,dc=org" \
--set ldap.binddn="cn=admin,dc=example,dc=org" \
--set ldap.bindpw="admin"
{{- end -}}
{{- end -}}

32
bitnami/mariadb-galera/templates/secrets.yaml
View File

@@ -10,34 +10,10 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
type: Opaque
data:
{{- if .Values.rootUser.password }}
mariadb-root-password: {{ .Values.rootUser.password | b64enc | quote }}
{{- else if (not .Values.rootUser.forcePassword) }}
mariadb-root-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ else }}
mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.rootUser.password }}
{{- end }}
{{- if .Values.db.user }}
{{- if .Values.db.password }}
mariadb-password: {{ .Values.db.password | b64enc | quote }}
{{- else if (not .Values.db.forcePassword) }}
mariadb-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- else }}
mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.db.password }}
{{- end }}
{{- end }}
{{- if .Values.galera.mariabackup.password }}
mariadb-galera-mariabackup-password: {{ .Values.galera.mariabackup.password | b64enc | quote }}
{{- else if (not .Values.galera.mariabackup.forcePassword) }}
mariadb-galera-mariabackup-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ else }}
mariadb-galera-mariabackup-password: {{ required "A MariaBackup Password is required!" .Values.galera.mariabackup.password }}
{{- end }}
{{- if .Values.ldap.enabled }}
{{- if .Values.ldap.bindpw }}
mariadb-root-password: {{ ternary (randAlphaNum 10) .Values.rootUser.password (empty .Values.rootUser.password) | b64enc | quote }}
mariadb-password: {{ ternary (randAlphaNum 10) .Values.db.password (empty .Values.db.password) | b64enc | quote }}
mariadb-galera-mariabackup-password: {{ ternary (randAlphaNum 10) .Values.galera.mariabackup.password (empty .Values.galera.mariabackup.password) | b64enc | quote }}
{{- if and .Values.ldap.enabled .Values.ldap.bindpw }}
ldap-bindpw: {{ .Values.ldap.bindpw | b64enc | quote }}
{{ else }}
ldap-bindpw: {{ required "LDAP Password is required!" .Values.ldap.bindpw }}
{{- end }}
{{- end }}
{{- end }}

24
bitnami/mariadb-galera/templates/statefulset.yaml
View File

@@ -128,23 +128,11 @@ spec:
key: mariadb-galera-mariabackup-password
{{- if .Values.ldap.enabled }}
- name: MARIADB_LDAP_URI
{{- if .Values.ldap.uri }}
value: {{ .Values.ldap.uri }}
{{ else }}
value: {{ required "LDAP uri is required!" .Values.ldap.uri }}
{{- end }}
- name: MARIADB_LDAP_BASE
{{- if .Values.ldap.base }}
value: {{ .Values.ldap.base }}
{{ else }}
value: {{ required "LDAP base is required!" .Values.ldap.base }}
{{- end }}
- name: MARIADB_LDAP_BIND_DN
{{- if .Values.ldap.binddn }}
value: {{ .Values.ldap.binddn }}
{{ else }}
value: {{ required "LDAP binddn is required!" .Values.ldap.binddn }}
{{- end }}
- name: MARIADB_LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
@@ -154,9 +142,21 @@ spec:
name: {{ template "mariadb-galera.fullname" . }}
{{- end }}
key: ldap-bindpw
- name: MARIADB_LDAP_NSS_INITGROUPS_IGNOREUSERS
value: {{ .Values.ldap.nss_initgroups_ignoreusers | quote }}
{{- if .Values.ldap.bslookup }}
- name: MARIADB_LDAP_BASE_LOOKUP
value: {{ .Values.ldap.bslookup }}
{{- end }}
{{- if .Values.ldap.scope }}
- name: MARIADB_LDAP_SCOPE
value: {{ .Values.ldap.scope }}
{{- end }}
{{- if .Values.ldap.tls_reqcert }}
- name: MARIADB_LDAP_TLS_REQCERT
value: {{ .Values.ldap.tls_reqcert }}
{{- end }}
{{- end }}
{{- if .Values.extraFlags }}
- name: MARIADB_EXTRA_FLAGS
value: {{ .Values.extraFlags | quote }}

13
bitnami/mariadb-galera/values-production.yaml
View File

@@ -158,11 +158,14 @@ ldap:
## Enable LDAP support
##
enabled: false
# uri:
# base:
# binddn:
# bindpw:
# bslookup:
uri:
base:
binddn:
bindpw:
bslookup:
nss_initgroups_ignoreusers: root,nslcd
scope:
tls_reqcert:
## Configure MariaDB with a custom my.cnf file
## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file

13
bitnami/mariadb-galera/values.yaml
View File

@@ -158,11 +158,14 @@ ldap:
## Enable LDAP support
##
enabled: false
# uri:
# base:
# binddn:
# bindpw:
# bslookup:
uri:
base:
binddn:
bindpw:
bslookup:
nss_initgroups_ignoreusers: root,nslcd
scope:
tls_reqcert:
## Configure MariaDB with a custom my.cnf file
## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file