-
Notifications
You must be signed in to change notification settings - Fork 36
/
ldap_cluster_cr.yaml
97 lines (91 loc) · 2.85 KB
/
ldap_cluster_cr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# A demo example of LDAP based external authentication for Aerospike
# using Aerospike Kubernetes Operator.
#
# This example assumes openldap cluster deployed following instructions
# and manifests from the /openldap/ folder. See openldap/README.md.
#
# Assumes OpenLDAP installed from openldap/ folder. For details
# see https://docs.aerospike.com/server/operations/configure/security/ldap
apiVersion: asdb.aerospike.com/v1
kind: AerospikeCluster
metadata:
name: aerocluster
namespace: aerospike
spec:
size: 2
image: aerospike/aerospike-server-enterprise:6.4.0.0
podSpec:
multiPodPerHost: true
storage:
filesystemVolumePolicy:
cascadeDelete: true
initMethod: deleteFiles
volumes:
- name: workdir
source:
persistentVolume:
storageClass: ssd
volumeMode: Filesystem
size: 3Gi
aerospike:
path: /opt/aerospike
- name: aerospike-config-secret
source:
secret:
secretName: aerospike-secret
aerospike:
path: /etc/aerospike/secret
aerospikeAccessControl:
users:
# Internal admin user.
- name: admin
secretName: auth-secret
roles:
- sys-admin
- user-admin
operatorClientCert:
tlsClientName: aerospike-a-0.test-runner
secretCertSource:
secretName: aerospike-secret
caCertsFilename: cacert.pem
clientCertFilename: svc_cluster_chain.pem
clientKeyFilename: svc_key.pem
aerospikeConfig:
service:
feature-key-file: /etc/aerospike/secret/features.conf
security:
ldap:
# The patterns are based on the demo OpenLDAP deployment.
# You need to adapt them to your setup.
query-base-dn: 'dc=example,dc=org'
server: ldap://openldap.default.svc.cluster.local:1389
disable-tls: true
query-user-dn: "cn=admin,dc=example,dc=org"
query-user-password-file: /etc/aerospike/secret/ldap-passwd.txt
user-dn-pattern: 'cn=${un},ou=users,dc=example,dc=org'
role-query-search-ou: true
role-query-patterns:
- '(&(objectClass=groupOfNames)(member=cn=${un},ou=users,dc=example,dc=org))'
polling-period: 10
network:
service:
tls-name: aerospike-a-0.test-runner
tls-authenticate-client: false
tls-port: 4333
heartbeat:
tls-name: aerospike-a-0.test-runner
tls-port: 3012
fabric:
tls-name: aerospike-a-0.test-runner
tls-port: 3011
tls:
- name: aerospike-a-0.test-runner
cert-file: /etc/aerospike/secret/svc_cluster_chain.pem
key-file: /etc/aerospike/secret/svc_key.pem
ca-file: /etc/aerospike/secret/cacert.pem
namespaces:
- name: test
memory-size: 3000000000
replication-factor: 2
storage-engine:
type: memory