mirror of
https://github.com/lldap/lldap.git
synced 2026-04-05 14:48:10 +00:00
example_configs: add example with podman quadlets for pgsql deployment w/ secrets
This commit is contained in:
Yuki
@@ -36,6 +36,7 @@
|
||||
- [About](#about)
|
||||
- [Installation](#installation)
|
||||
- [With Docker](#with-docker)
|
||||
- [With Podman](#with-podman)
|
||||
- [With Kubernetes](#with-kubernetes)
|
||||
- [From a package repository](#from-a-package-repository)
|
||||
- [With FreeBSD](#with-freebsd)
|
||||
@@ -179,6 +180,13 @@ services:
|
||||
Then the service will listen on two ports, one for LDAP and one for the web
|
||||
front-end.
|
||||
|
||||
### With Podman
|
||||
|
||||
LLDAP works well with rootless Podman either through command line deployment
|
||||
or using [quadlets](example_configs/podman-quadlets/). The example quadlets
|
||||
include configuration with postgresql and file based secrets, but have comments
|
||||
for several other deployment strategies.
|
||||
|
||||
### With Kubernetes
|
||||
|
||||
See https://github.com/Evantage-WS/lldap-kubernetes for a LLDAP deployment for Kubernetes
|
||||
|
||||
38
example_configs/podman-quadlets/lldap-db.container
Normal file
38
example_configs/podman-quadlets/lldap-db.container
Normal file
@@ -0,0 +1,38 @@
|
||||
###
|
||||
### lldap-db - podman quadlet file
|
||||
### https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
|
||||
###
|
||||
|
||||
[Unit]
|
||||
Description=LLDAP-DB container
|
||||
Documentation=https://hub.docker.com/_/postgres
|
||||
# likely only needed for Podman < 5.3 (see containers/podman#22197 and #24637)
|
||||
After=podman-user-wait-network-online.service
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=lldap-db
|
||||
Image=docker.io/postgres:17
|
||||
|
||||
# this is optional to keep db/web services separate
|
||||
Network=backend.network
|
||||
|
||||
# health check
|
||||
HealthCmd=pg_isready -U lldapuser -d lldap
|
||||
HealthInterval=5s
|
||||
HealthRetries=3
|
||||
HealthStartPeriod=15s
|
||||
HealthTimeout=30s
|
||||
|
||||
# environment variables
|
||||
Environment=POSTGRES_DB=lldap
|
||||
Environment=POSTGRES_PASSWORD=lldappass
|
||||
Environment=POSTGRES_USER=lldapuser
|
||||
|
||||
Volume=lldap-db.volume:/var/lib/postgresql/data:Z
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
71
example_configs/podman-quadlets/lldap.container
Normal file
71
example_configs/podman-quadlets/lldap.container
Normal file
@@ -0,0 +1,71 @@
|
||||
###
|
||||
### lldap - podman quadlet file
|
||||
### https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
|
||||
###
|
||||
|
||||
[Unit]
|
||||
Description=LLDAP container
|
||||
Documentation=https://github.com/lldap/lldap
|
||||
Requires=lldap-db.service
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
|
||||
[Container]
|
||||
AutoUpdate=registry
|
||||
ContainerName=lldap
|
||||
Image=docker.io/lldap/lldap:stable-debian
|
||||
|
||||
# using multiple networks for traefik and db, not essential
|
||||
Network=frontend.network
|
||||
Network=backend.network
|
||||
|
||||
# environment variables
|
||||
Environment=UID=1000
|
||||
Environment=GID=1000
|
||||
Environment=LLDAP_LDAP_BASE_DN=dc=example,dc=com
|
||||
Environment=LLDAP_DATABASE_URL=postgres://lldapuser:lldappass@lldap-db/lldap
|
||||
Environment=LLDAP_LDAP_USER_EMAIL=admin@example.com
|
||||
|
||||
# set secrets in files, see below for environment variable method
|
||||
Environment=LLDAP_KEY_SEED_FILE=/run/secrets/lldap-key-seed
|
||||
Environment=LLDAP_JWT_SECRET_FILE=/run/secrets/lldap-jwt-secret
|
||||
Environment=LLDAP_LDAP_USER_PASS_FILE=/run/secrets/lldap-ldap-user-pass
|
||||
|
||||
# bootstrap.sh environment variables
|
||||
# Environment=LLDAP_URL=http://localhost:17170
|
||||
# Environment=LLDAP_ADMIN_USERNAME=admin
|
||||
# Environment=LLDAP_ADMIN_PASSWORD_FILE=/run/secrets/lldap-ldap-user-pass
|
||||
|
||||
# health check
|
||||
HealthCmd=/app/lldap healthcheck
|
||||
HealthInterval=30s
|
||||
HealthRetries=3
|
||||
HealthStartPeriod=15s
|
||||
HealthTimeout=30s
|
||||
|
||||
# if using traefik, automatically configure to proxy the web service
|
||||
# Label=traefik.enable="true"
|
||||
# Label=traefik.http.routers.lldap.rule="Host(`lldap.example.com`)"
|
||||
# Label=traefik.http.routers.lldap.middlewares="authelia@docker"
|
||||
# Label=traefik.http.services.lldap.loadbalancer.server.port=17170
|
||||
|
||||
# secrets
|
||||
# file based secrets
|
||||
Secret=lldap-jwt-secret,type=mount,uid=1000
|
||||
Secret=lldap-key-seed,type=mount,uid=1000
|
||||
Secret=lldap-ldap-user-pass,type=mount,uid=1000
|
||||
|
||||
# env variable secrets
|
||||
# Secret=lldap-jwt-secret,type=env,target=LLDAP_JWT_SECRET
|
||||
# Secret=lldap-key-seed,type=env,target=LLDAP_KEY_SEED
|
||||
# Secret=lldap-ldap-user-pass,type=env,target=LLDAP_LDAP_USER_PASS
|
||||
|
||||
# for bootstrap.sh script
|
||||
# Secret=lldap-ldap-user-pass,type=env,target=LLDAP_ADMIN_PASSWORD
|
||||
|
||||
# volumes - only needed for bootstrap.sh
|
||||
# Volume=%h/containers/lldap:/bootstrap:ro,Z
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
Reference in New Issue
Block a user