389ds LDAP server
This chart is not maintained by the upstream project and any issues with the chart should be raised here
By default, this chart uses two secrets for the 389ds server. You need to create those manually before deploying the chart.
The first secret, by default called 389ds-environment, should contain the environment variables used for configuring the server. It could basically look like this:
apiVersion: v1
kind: Secret
metadata:
name: 389ds-environment
namespace: 389ds
stringData:
DS_DM_PASSWORD: 'your_password_goes_here'
DS_SUFFIX_NAME: 'dc=example,dc=org'
[...]The second secret is used for injecting a valid TLS certificate and key file for use with LDAPS or StartTLS. It needs to be specified in your values.yaml file in the persistence section. It is used by the 389ds-certs mount and mounted to /data/tls/ inside the container.
Specify the name of the TLS secret in your values.yaml file like this:
persistence:
389ds-certs:
name: ldap.example.org-tlsThis chart creates a ConfigMap containing the current Let's Encrypt root certificate, that is needed as the TLS secrets generated by e.g. cert-manager do not contain the CA certificate, but the server needs this.
In case you are using certificates from a different CA, please adjust your values.yaml file accordingly. Have a look at the values.yaml file, but basically you need something like this:
configmap:
letsencrypt-ca:
enabled: false
my-own-ca:
enabled: true
data:
ca.crt: |
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
persistence:
389ds-ca:
enabled: true
# Please note the 389ds prefix here
name: 389ds-my-own-caKubernetes: >=1.19.0-0
| Repository | Name | Version |
|---|---|---|
| https://johanneskastl.github.io/helm-charts/ | common | 5.0.4 |
helm repo add johanneskastl-helm-charts https://johanneskastl.github.io/helm-charts/
helm repo update
helm install 389ds johanneskastl-helm-charts/389dsTo install the chart with the release name 389ds
helm install 389ds johanneskastl-helm-charts/389dsTo uninstall the 389ds deployment
helm uninstall 389dsThe command removes all the Kubernetes components associated with the chart including persistent volumes and deletes the release.
Read through the values.yaml file. It has several commented out suggested values. Other values may be used from the values.yaml from the common library.
Specify each parameter using the --set key=value[,key=value] argument to helm install.
helm install 389ds \
--set env.TZ="America/New York" \
johanneskastl-helm-charts/389dsAlternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
helm install 389ds johanneskastl-helm-charts/389ds -f values.yamlN/A
Important: When deploying an application Helm chart you can add more values from the common library chart here
| Key | Type | Default | Description |
|---|---|---|---|
| configmap.letsencrypt-ca.data | object | {"ca.crt":"-----BEGIN CERTIFICATE-----\nMIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\nWhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\nZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\nMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\nh77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\nA5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\nT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\nB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\nB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\nKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\nOlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\njh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\nqHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\nrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\nHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\nhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\nubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\nNFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\nORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\nTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\njNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\noyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\nmRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\nemyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n-----END CERTIFICATE-----\n"} |
configMap data content. Helm template enabled. |
| configmap.letsencrypt-ca.enabled | bool | true |
|
| env | object | {} |
|
| envFrom[0].secretRef.name | string | "389ds-environment" |
|
| image.pullPolicy | string | "IfNotPresent" |
image pull policy |
| image.repository | string | "389ds/dirsrv" |
image repository |
| image.tag | string | chart.appVersion | image tag |
| persistence.389ds-ca.enabled | bool | true |
|
| persistence.389ds-ca.mountPath | string | "/data/tls/ca/" |
Where to mount the volume in the main container. |
| persistence.389ds-ca.name | string | "389ds-letsencrypt-ca" |
|
| persistence.389ds-ca.readOnly | bool | true |
Specify if the volume should be mounted read-only. |
| persistence.389ds-ca.type | string | "configMap" |
Sets the persistence type |
| persistence.389ds-certs.enabled | bool | true |
|
| persistence.389ds-certs.items[0].key | string | "tls.key" |
|
| persistence.389ds-certs.items[0].path | string | "server.key" |
|
| persistence.389ds-certs.items[1].key | string | "tls.crt" |
|
| persistence.389ds-certs.items[1].path | string | "server.crt" |
|
| persistence.389ds-certs.mountPath | string | "/data/tls/" |
Where to mount the volume in the main container. |
| persistence.389ds-certs.name | string | nil |
|
| persistence.389ds-certs.readOnly | bool | true |
Specify if the volume should be mounted read-only. |
| persistence.389ds-certs.type | string | "secret" |
Sets the persistence type |
| persistence.data.accessMode | string | "ReadWriteOnce" |
AccessMode for the persistent volume. |
| persistence.data.enabled | bool | true |
|
| persistence.data.mountPath | string | "/data/" |
Where to mount the volume in the main container. |
| persistence.data.retain | bool | true |
Set to true to retain the PVC upon helm uninstall |
| persistence.data.size | string | "1Gi" |
The amount of storage that is requested for the persistent volume. |
| probes.liveness.custom | bool | true |
|
| probes.liveness.enabled | bool | true |
|
| probes.liveness.spec.exec.command[0] | string | "/usr/lib/dirsrv/dscontainer" |
|
| probes.liveness.spec.exec.command[1] | string | "-H" |
|
| probes.liveness.spec.failureThreshold | int | 3 |
|
| probes.liveness.spec.initialDelaySeconds | int | 0 |
|
| probes.liveness.spec.periodSeconds | int | 15 |
|
| probes.liveness.spec.timeoutSeconds | int | 1 |
|
| probes.readiness.custom | bool | true |
|
| probes.readiness.enabled | bool | true |
|
| probes.readiness.spec.exec.command[0] | string | "/usr/lib/dirsrv/dscontainer" |
|
| probes.readiness.spec.exec.command[1] | string | "-H" |
|
| probes.readiness.spec.failureThreshold | int | 3 |
|
| probes.readiness.spec.initialDelaySeconds | int | 0 |
|
| probes.readiness.spec.periodSeconds | int | 15 |
|
| probes.readiness.spec.timeoutSeconds | int | 1 |
|
| probes.startup.custom | bool | true |
|
| probes.startup.enabled | bool | true |
|
| probes.startup.spec.exec.command[0] | string | "/usr/lib/dirsrv/dscontainer" |
|
| probes.startup.spec.exec.command[1] | string | "-H" |
|
| probes.startup.spec.failureThreshold | int | 3 |
|
| probes.startup.spec.initialDelaySeconds | int | 30 |
|
| probes.startup.spec.periodSeconds | int | 15 |
|
| probes.startup.spec.timeoutSeconds | int | 1 |
|
| service.main.annotations | object | {} |
|
| service.main.enabled | bool | true |
|
| service.main.namePrefix | string | "service" |
|
| service.main.ports.http.enabled | bool | false |
|
| service.main.ports.ldap-tcp.enabled | bool | true |
|
| service.main.ports.ldap-tcp.port | int | 389 |
|
| service.main.ports.ldap-tcp.protocol | string | "TCP" |
|
| service.main.ports.ldap-tcp.targetPort | int | 3389 |
|
| service.main.ports.ldap-udp.enabled | bool | false |
|
| service.main.ports.ldap-udp.port | int | 389 |
|
| service.main.ports.ldap-udp.protocol | string | "UDP" |
|
| service.main.ports.ldap-udp.targetPort | int | 3389 |
|
| service.main.ports.ldaps-tcp.enabled | bool | true |
|
| service.main.ports.ldaps-tcp.port | int | 636 |
|
| service.main.ports.ldaps-tcp.protocol | string | "TCP" |
|
| service.main.ports.ldaps-tcp.targetPort | int | 3636 |
|
| service.main.ports.ldaps-udp.enabled | bool | false |
|
| service.main.ports.ldaps-udp.port | int | 636 |
|
| service.main.ports.ldaps-udp.protocol | string | "UDP" |
|
| service.main.ports.ldaps-udp.targetPort | int | 3636 |
|
| service.main.type | string | "LoadBalancer" |
|
| serviceAccount.annotations | object | {} |
Annotations to add to the service account |
| serviceAccount.create | bool | true |
Specifies whether a service account should be created |
| serviceAccount.name | string | "" |
The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
All notable changes to this Helm chart will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
N/A
- first version of the chart, with appVersion 2.2
N/A
Open an issue.
Autogenerated from chart metadata using helm-docs v0.1.1