Gitea-John71/LLDAP
2
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-05 14:48:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

example_configs: add example with podman quadlets for pgsql deployment w/ secrets

Browse Source
This commit is contained in:
Yuki
2025-03-14 01:46:57 +09:00
committed by GitHub
parent 049e882c35
commit 928559890a
3 changed files with 117 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -36,6 +36,7 @@
- [About](#about) - [About](#about)
- [Installation](#installation) - [Installation](#installation)
- [With Docker](#with-docker) - [With Docker](#with-docker)
- [With Podman](#with-podman)
- [With Kubernetes](#with-kubernetes) - [With Kubernetes](#with-kubernetes)
- [From a package repository](#from-a-package-repository) - [From a package repository](#from-a-package-repository)
- [With FreeBSD](#with-freebsd) - [With FreeBSD](#with-freebsd)
@@ -179,6 +180,13 @@ services:
Then the service will listen on two ports, one for LDAP and one for the web Then the service will listen on two ports, one for LDAP and one for the web
front-end. front-end.
### With Podman
LLDAP works well with rootless Podman either through command line deployment
or using [quadlets](example_configs/podman-quadlets/). The example quadlets
include configuration with postgresql and file based secrets, but have comments
for several other deployment strategies.
### With Kubernetes ### With Kubernetes
See https://github.com/Evantage-WS/lldap-kubernetes for a LLDAP deployment for Kubernetes See https://github.com/Evantage-WS/lldap-kubernetes for a LLDAP deployment for Kubernetes

38
example_configs/podman-quadlets/lldap-db.container Normal file
View File

@@ -0,0 +1,38 @@
###
### lldap-db - podman quadlet file
### https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
###
[Unit]
Description=LLDAP-DB container
Documentation=https://hub.docker.com/_/postgres
# likely only needed for Podman < 5.3 (see containers/podman#22197 and #24637)
After=podman-user-wait-network-online.service
[Service]
Restart=on-failure
[Container]
AutoUpdate=registry
ContainerName=lldap-db
Image=docker.io/postgres:17
# this is optional to keep db/web services separate
Network=backend.network
# health check
HealthCmd=pg_isready -U lldapuser -d lldap
HealthInterval=5s
HealthRetries=3
HealthStartPeriod=15s
HealthTimeout=30s
# environment variables
Environment=POSTGRES_DB=lldap
Environment=POSTGRES_PASSWORD=lldappass
Environment=POSTGRES_USER=lldapuser
Volume=lldap-db.volume:/var/lib/postgresql/data:Z
[Install]
WantedBy=default.target

71
example_configs/podman-quadlets/lldap.container Normal file
View File

@@ -0,0 +1,71 @@
###
### lldap - podman quadlet file
### https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
###
[Unit]
Description=LLDAP container
Documentation=https://github.com/lldap/lldap
Requires=lldap-db.service
[Service]
Restart=on-failure
[Container]
AutoUpdate=registry
ContainerName=lldap
Image=docker.io/lldap/lldap:stable-debian
# using multiple networks for traefik and db, not essential
Network=frontend.network
Network=backend.network
# environment variables
Environment=UID=1000
Environment=GID=1000
Environment=LLDAP_LDAP_BASE_DN=dc=example,dc=com
Environment=LLDAP_DATABASE_URL=postgres://lldapuser:lldappass@lldap-db/lldap
Environment=LLDAP_LDAP_USER_EMAIL=admin@example.com
# set secrets in files, see below for environment variable method
Environment=LLDAP_KEY_SEED_FILE=/run/secrets/lldap-key-seed
Environment=LLDAP_JWT_SECRET_FILE=/run/secrets/lldap-jwt-secret
Environment=LLDAP_LDAP_USER_PASS_FILE=/run/secrets/lldap-ldap-user-pass
# bootstrap.sh environment variables
# Environment=LLDAP_URL=http://localhost:17170
# Environment=LLDAP_ADMIN_USERNAME=admin
# Environment=LLDAP_ADMIN_PASSWORD_FILE=/run/secrets/lldap-ldap-user-pass
# health check
HealthCmd=/app/lldap healthcheck
HealthInterval=30s
HealthRetries=3
HealthStartPeriod=15s
HealthTimeout=30s
# if using traefik, automatically configure to proxy the web service
# Label=traefik.enable="true"
# Label=traefik.http.routers.lldap.rule="Host(`lldap.example.com`)"
# Label=traefik.http.routers.lldap.middlewares="authelia@docker"
# Label=traefik.http.services.lldap.loadbalancer.server.port=17170
# secrets
# file based secrets
Secret=lldap-jwt-secret,type=mount,uid=1000
Secret=lldap-key-seed,type=mount,uid=1000
Secret=lldap-ldap-user-pass,type=mount,uid=1000
# env variable secrets
# Secret=lldap-jwt-secret,type=env,target=LLDAP_JWT_SECRET
# Secret=lldap-key-seed,type=env,target=LLDAP_KEY_SEED
# Secret=lldap-ldap-user-pass,type=env,target=LLDAP_LDAP_USER_PASS
# for bootstrap.sh script
# Secret=lldap-ldap-user-pass,type=env,target=LLDAP_ADMIN_PASSWORD
# volumes - only needed for bootstrap.sh
# Volume=%h/containers/lldap:/bootstrap:ro,Z
[Install]
WantedBy=default.target