k8s 部署 ldap 服务

1、创建挂载卷，将数据和配置进行持久化存储
1.1、使用nfs作为共享存储

[root@localhost openldap_yaml]# cat /etc/exports
/dump_file/openldap_db 172.21.53.0/24(rw,sync,no_root_squash,no_all_squash)
/dump_file/openldap_conf 172.21.53.0/24(rw,sync,no_root_squash,no_all_squash)

1.2、刷新配置

exportfs -rv

2、使用如下yaml创建服务

[root@harbor openldap_yaml]# cat openldap_depl.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openldap
  labels:
    app: openldap
  namespace: openldap
spec:
  replicas: 1
  selector:
    matchLabels:
      app: openldap
  template:
    metadata:
      labels:
        app: openldap
    spec:
      containers:
      - name: openldap
        image: osixia/openldap
        env:
        - name: LDAP_ORGANISATION
          value: "hc"
        - name: LDAP_DOMAIN
          value: "hc.com"
        - name: LDAP_ADMIN_PASSWORD
          value: "hc@123456"
        ports:
        - containerPort: 389
        - containerPort: 636
        volumeMounts:
        - name: openldap-db
          mountPath: /var/lib/ldap
        - name: openldap-conf
          mountPath: /etc/ldap/slapd.d
        - name: local-time
          mountPath: /etc/localtime
      volumes:
        - name: openldap-db
          nfs:
            server: 172.21.53.202
            path: /dump_file/openldap_db  #挂载数据目录
        - name: openldap-conf
          nfs:
            server: 172.21.53.202
            path: /dump_file/openldap_conf  # 挂载配置文件目录
        - name: local-time  # 挂载时区
          hostPath:
            path: /usr/share/zoneinfo/Asia/Shanghai
            
---  # 创建service
apiVersion: v1
kind: Service
metadata:
  name: openldap
  namespace: openldap
spec:
  selector:
    app: openldap
  ports:
  - name: ldap
    port: 389
    targetPort: 389
  - name: ldaps
    port: 636
    targetPort: 636
  type: NodePort

2.1、使用 kubectl apply 命令，可以将这个 YAML 文件应用到 Kubernetes 集群中

kubectl apply -f openldap_depl.yaml

3、创建phpldapadmin
3.1、使用如下yaml部署

[root@harbor openldap_yaml]# cat phpldapadmin_deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: phpldapadmin
  labels:
    app: phpldapadmin
  namespace: openldap
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpldapadmin
  template:
    metadata:
      labels:
        app: phpldapadmin
    spec:
      containers:
      - name: phpldapadmin
        image: osixia/phpldapadmin:0.9.0
        ports:
        - containerPort: 80
        - containerPort: 443
        env:
        - name: PHPLDAPADMIN_LDAP_HOSTS
          value: ldap-service
        - name: PHPLDAPADMIN_HTTPS
          value: "false"
---
apiVersion: v1
kind: Service
metadata:
  name: phpldapadmin
  namespace: openldap
spec:
  selector:
    app: phpldapadmin
  ports:
    - name: http
      port: 80
      targetPort: 80
    - name: https
      port: 443
      targetPort: 443
  type: NodePort

3.2、使用 kubectl apply 命令，可以将这个 YAML 文件应用到 Kubernetes 集群中

kubectl apply -f phpldapadmin_deploy.yaml

4、查看服务是否正常启动

[root@harbor openldap_yaml]# kubectl get pod,svc -n openldap
NAME                                READY   STATUS    RESTARTS   AGE
pod/openldap-5748b4ff5f-qfprs       1/1     Running   0          71m
pod/phpldapadmin-59748c4dbb-2x97d   1/1     Running   0          3h37m

NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)                       AGE
service/openldap       NodePort   172.16.34.229   <none>        389:31183/TCP,636:31009/TCP   3h43m
service/phpldapadmin   NodePort   172.16.57.226   <none>        80:30350/TCP,443:30654/TCP    3h37m
说明：服务已经正常启动

5、访问phpldapadmin进行ldap配置

6、ldap服务容器化部署完成