forked from hswaw/hscloud
ldapweb: migrate from mirko to standalone
Change-Id: I169598232b39b99bfd2d4ff3799b44083ba77e84 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1623 Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
parent
a7c36ed9f3
commit
b8d4a8a902
4 changed files with 156 additions and 126 deletions
|
@ -416,6 +416,7 @@ local rook = import "lib/rook.libsonnet";
|
|||
{ namespace: "covid-formity", dns: "covid.hackerspace.pl" },
|
||||
{ namespace: "covid-formity", dns: "www.covid.hackerspace.pl" },
|
||||
{ namespace: "inventory", dns: "inventory.hackerspace.pl" },
|
||||
{ namespace: "ldapweb", dns: "profile.hackerspace.pl" },
|
||||
{ namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" },
|
||||
{ namespace: "devtools-prod", dns: "cs.hackerspace.pl" },
|
||||
{ namespace: "engelsystem-prod", dns: "engelsystem.hackerspace.pl" },
|
||||
|
|
|
@ -2,7 +2,6 @@ local mirko = import "../../kube/mirko.libsonnet";
|
|||
local kube = import "../../kube/kube.libsonnet";
|
||||
|
||||
local smsgw = import "smsgw.libsonnet";
|
||||
local ldapweb = import "ldapweb.libsonnet";
|
||||
local teleimg = import "teleimg.libsonnet";
|
||||
local frab = import "frab.libsonnet";
|
||||
local pretalx = import "pretalx.libsonnet";
|
||||
|
@ -17,7 +16,6 @@ local capacifier = import "capacifier.libsonnet";
|
|||
|
||||
cfg+: {
|
||||
smsgw: smsgw.cfg,
|
||||
ldapweb: ldapweb.cfg,
|
||||
teleimg: teleimg.cfg,
|
||||
frab: frab.cfg,
|
||||
pretalx: pretalx.cfg,
|
||||
|
@ -28,7 +26,6 @@ local capacifier = import "capacifier.libsonnet";
|
|||
|
||||
components: {
|
||||
smsgw: smsgw.component(cfg.smsgw, env),
|
||||
ldapweb: ldapweb.component(cfg.ldapweb, env),
|
||||
teleimg: teleimg.teleimg(cfg.teleimg, env),
|
||||
lelegram: teleimg.lelegram(cfg.teleimg, env),
|
||||
frab: frab.component(cfg.frab, env),
|
||||
|
@ -49,9 +46,6 @@ local capacifier = import "capacifier.libsonnet";
|
|||
},
|
||||
webhookFQDN: "smsgw-webhook-prod.hswaw.net",
|
||||
},
|
||||
ldapweb+: {
|
||||
webFQDN: "profile.hackerspace.pl",
|
||||
},
|
||||
teleimg+: {
|
||||
webFQDN: "teleimg.hswaw.net",
|
||||
secret+: {
|
||||
|
|
|
@ -1,120 +0,0 @@
|
|||
local mirko = import "../../kube/mirko.libsonnet";
|
||||
local kube = import "../../kube/kube.libsonnet";
|
||||
|
||||
{
|
||||
cfg:: {
|
||||
# Manually built from code.hackerspace.pl/informatic/ldap-web-public.
|
||||
image: "registry.k0.hswaw.net/radex/ldap-web:1695415920",
|
||||
webFQDN: error "webFQDN must be set!",
|
||||
},
|
||||
|
||||
component(cfg, env): mirko.Component(env, "ldapweb") {
|
||||
local ldapweb = self,
|
||||
cfg+: {
|
||||
image: cfg.image,
|
||||
volumes+: {
|
||||
config: kube.ConfigMapVolume(ldapweb.configmap),
|
||||
},
|
||||
container: ldapweb.Container("main") {
|
||||
# Starts by default on port 8000.
|
||||
volumeMounts_+: {
|
||||
config: { mountPath: "/app/webapp/config.py", subPath: "config.py", },
|
||||
},
|
||||
},
|
||||
ports+: {
|
||||
publicHTTP: {
|
||||
web: {
|
||||
port: 8000,
|
||||
dns: cfg.webFQDN,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
configmap: kube.ConfigMap(ldapweb.makeName("config")) {
|
||||
metadata+: ldapweb.metadata,
|
||||
data: {
|
||||
"config.py": |||
|
||||
import flask_wtf
|
||||
import wtforms
|
||||
import secrets
|
||||
|
||||
secret_key = secrets.token_hex(32)
|
||||
|
||||
ldap_url = 'ldap://ldap.hackerspace.pl'
|
||||
dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
|
||||
|
||||
ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
|
||||
|
||||
ldap_base = 'dc=hackerspace,dc=pl'
|
||||
ldap_people = 'ou=People,dc=hackerspace,dc=pl'
|
||||
admin_groups = {
|
||||
'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
|
||||
'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
|
||||
'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
|
||||
}
|
||||
|
||||
admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
|
||||
admin_pw = 'unused'
|
||||
|
||||
hackerspace_name = 'Warsaw Hackerspace'
|
||||
|
||||
readable_names = {
|
||||
'commonname': u'Common Name',
|
||||
'givenname': u'Given Name',
|
||||
'gecos': u'GECOS (public name)',
|
||||
'surname': u'Surname',
|
||||
'loginshell': u'Shell',
|
||||
'telephonenumber': 'Phone Number',
|
||||
'mobiletelephonenumber': 'Mobile Number',
|
||||
'sshpublickey': 'SSH Public Key',
|
||||
'mifareidhash': 'MIFARE ID Hash',
|
||||
}
|
||||
|
||||
full_name = {
|
||||
'cn': 'commonname',
|
||||
'gecos': 'gecos',
|
||||
'sn': 'surname',
|
||||
'mobile': 'mobiletelephonenumber',
|
||||
'l': 'locality',
|
||||
}
|
||||
|
||||
can_add = set([
|
||||
'telephonenumber',
|
||||
'mobiletelephonenumber',
|
||||
'sshpublickey',
|
||||
'mifareidhash',
|
||||
])
|
||||
can_delete = can_add
|
||||
can_modify = can_add | set([
|
||||
'givenname', 'surname', 'commonname', 'gecos',
|
||||
])
|
||||
can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
|
||||
admin_required = set()
|
||||
|
||||
|
||||
perm_errors = {
|
||||
'add': 'You cannot add this attribute!',
|
||||
'mod': 'You cannot change this attribute!',
|
||||
'del': 'You cannot delete this attribute!',
|
||||
}
|
||||
std_templates = {
|
||||
'add': 'ops/add.html',
|
||||
'mod': 'ops/mod.html',
|
||||
'del': 'ops/del.html',
|
||||
}
|
||||
|
||||
|
||||
|
||||
default_field = (wtforms.fields.StringField, {})
|
||||
fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
|
||||
|
||||
kadmin_passwd = True
|
||||
kadmin_principal_map = "{}@HACKERSPACE.PL"
|
||||
|
||||
TOKEN_LENGTH = 32
|
||||
|||,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
155
hswaw/ldapweb/prod.jsonnet
Normal file
155
hswaw/ldapweb/prod.jsonnet
Normal file
|
@ -0,0 +1,155 @@
|
|||
local kube = import "../../kube/kube.libsonnet";
|
||||
|
||||
{
|
||||
local top = self,
|
||||
local cfg = self.cfg,
|
||||
|
||||
cfg:: {
|
||||
name: 'ldapweb',
|
||||
namespace: 'ldapweb',
|
||||
domain: 'profile.hackerspace.pl',
|
||||
image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920',
|
||||
},
|
||||
|
||||
ns: kube.Namespace(cfg.namespace),
|
||||
|
||||
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
|
||||
spec+: {
|
||||
replicas: 1,
|
||||
template+: {
|
||||
spec+: {
|
||||
volumes_: {
|
||||
config: kube.ConfigMapVolume(top.configmap),
|
||||
},
|
||||
containers_: {
|
||||
default: kube.Container("default") {
|
||||
image: cfg.image,
|
||||
resources: {
|
||||
requests: { cpu: "25m", memory: "64Mi" },
|
||||
limits: { cpu: "500m", memory: "128Mi" },
|
||||
},
|
||||
ports_: {
|
||||
http: { containerPort: 8000 },
|
||||
},
|
||||
volumeMounts_: {
|
||||
config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' },
|
||||
}
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
service: top.ns.Contain(kube.Service(cfg.name)) {
|
||||
target_pod:: top.deployment.spec.template,
|
||||
},
|
||||
|
||||
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
|
||||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
|
||||
rules: [
|
||||
{
|
||||
host: cfg.domain,
|
||||
http: {
|
||||
paths: [
|
||||
{ path: "/", backend: top.service.name_port },
|
||||
],
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
|
||||
configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) {
|
||||
data: {
|
||||
"config.py": |||
|
||||
import flask_wtf
|
||||
import wtforms
|
||||
import secrets
|
||||
|
||||
secret_key = secrets.token_hex(32)
|
||||
|
||||
ldap_url = 'ldap://ldap.hackerspace.pl'
|
||||
dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
|
||||
|
||||
ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
|
||||
|
||||
ldap_base = 'dc=hackerspace,dc=pl'
|
||||
ldap_people = 'ou=People,dc=hackerspace,dc=pl'
|
||||
admin_groups = {
|
||||
'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
|
||||
'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
|
||||
'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
|
||||
}
|
||||
|
||||
admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
|
||||
admin_pw = 'unused'
|
||||
|
||||
hackerspace_name = 'Warsaw Hackerspace'
|
||||
|
||||
readable_names = {
|
||||
'commonname': u'Common Name',
|
||||
'givenname': u'Given Name',
|
||||
'gecos': u'GECOS (public name)',
|
||||
'surname': u'Surname',
|
||||
'loginshell': u'Shell',
|
||||
'telephonenumber': 'Phone Number',
|
||||
'mobiletelephonenumber': 'Mobile Number',
|
||||
'sshpublickey': 'SSH Public Key',
|
||||
'mifareidhash': 'MIFARE ID Hash',
|
||||
}
|
||||
|
||||
full_name = {
|
||||
'cn': 'commonname',
|
||||
'gecos': 'gecos',
|
||||
'sn': 'surname',
|
||||
'mobile': 'mobiletelephonenumber',
|
||||
'l': 'locality',
|
||||
}
|
||||
|
||||
can_add = set([
|
||||
'telephonenumber',
|
||||
'mobiletelephonenumber',
|
||||
'sshpublickey',
|
||||
'mifareidhash',
|
||||
])
|
||||
can_delete = can_add
|
||||
can_modify = can_add | set([
|
||||
'givenname', 'surname', 'commonname', 'gecos',
|
||||
])
|
||||
can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
|
||||
admin_required = set()
|
||||
|
||||
|
||||
perm_errors = {
|
||||
'add': 'You cannot add this attribute!',
|
||||
'mod': 'You cannot change this attribute!',
|
||||
'del': 'You cannot delete this attribute!',
|
||||
}
|
||||
std_templates = {
|
||||
'add': 'ops/add.html',
|
||||
'mod': 'ops/mod.html',
|
||||
'del': 'ops/del.html',
|
||||
}
|
||||
|
||||
|
||||
|
||||
default_field = (wtforms.fields.StringField, {})
|
||||
fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
|
||||
|
||||
kadmin_passwd = True
|
||||
kadmin_principal_map = "{}@HACKERSPACE.PL"
|
||||
|
||||
TOKEN_LENGTH = 32
|
||||
|||,
|
||||
},
|
||||
},
|
||||
}
|
Loading…
Reference in a new issue