Skip to content

S
samba-ad-dc
Commit 3f535d7c authored by Dan Thomson's avatar Dan Thomson
Browse files
Options

Merge branch 'refactor' into 'master' 

Refactor

See merge request !2
parents e4f38d47 35608876
Pipeline #27692 passed with stages
      in 7 seconds
      Hide whitespace changes
      Inline Side-by-side
      Showing with 102 additions and 167 deletions
      .gitlab-ci.yml
      View file @ 3f535d7c
      stages:
      - test
      - show_results
      - deploy
      - cleanup
      variables:
      NAMESPACE: "${CI_PROJECT_NAME}-${CI_PIPELINE_ID}"
      DEPLOYMENT_NAME: "${CI_PROJECT_NAME}-${CI_PIPELINE_ID}"
      REGISTRY_HOSTNAME: kube-registry.triumf.ca
      REGISTRY_YAML: registry-values.yaml
      cleanup:
      stage: cleanup
      tags:
      - minikube-runner
      script:
      - rm -f $REGISTRY_YAML
      - helm delete "${DEPLOYMENT_NAME}" || true
      - kubectl delete namespace "${NAMESPACE}" || true
      when: always
      test_lint:
      - release
      include:
      - project: "gitlab/ci/templates"
      ref: "master"
      file: "k8s/HelmLint.gitlab-ci.yml"
      - project: "gitlab/ci/templates"
      ref: "master"
      file: "k8s/HelmKubeval.gitlab-ci.yml"
      - project: "gitlab/ci/templates"
      ref: "master"
      file: "k8s/HelmTag.gitlab-ci.yml"
      lint:
      extends: .helm_lint
      stage: test
      image:
      name: alpine/helm
      entrypoint: ["/bin/sh", "-c"]
      tags:
      - docker-runner
      script:
      - helm lint .
      test_deploy:
      kubeval:
      extends: .helm_kubeval
      stage: test
      tags:
      - minikube-runner
      script:
      - |
      echo -e "registry:\n name: ${CI_REGISTRY}\n user: gitlab-ci-token\n password: ${CI_JOB_TOKEN}\n" > $REGISTRY_YAML
      - set -ev
      - |
      if ! ls tests; then
      exit 0
      fi
      # We now need to create a namespace before deployment with Helm version 3+
      - |
      for i in tests/*.yaml; do
      echo "Installing test config $i"
      kubectl create namespace "${NAMESPACE}"
      helm upgrade --install --namespace=$NAMESPACE "${DEPLOYMENT_NAME}" --wait \
      -f $REGISTRY_YAML \
      -f $i \
      --set "imagePullPolicy=Always" \
      --set "cpuLimit=null" \
      --set "memoryLimit=null" .
      ENDPOINTS=$(kubectl --namespace=$NAMESPACE describe services "${DEPLOYMENT_NAME}" | grep Endpoints:|sed 's/Endpoint:\s+//')
      if [ -z "${ENDPOINTS}" ] || [ "${ENDPOINTS}" = "<none>" ]; then
      echo "Samba service has no valid endpoints!"
      exit 1
      fi
      helm delete "${DEPLOYMENT_NAME}" || true
      kubectl delete namespace "${NAMESPACE}"
      done
      after_script:
      - |
      if helm delete "${DEPLOYMENT_NAME}"; then
      echo "Helm deployment ${DEPLOYMENT_NAME} not deleted"
      fi
      only:
      - master
      - branches
      display_state:
      stage: show_results
      tags:
      - minikube-runner
      script:
      - helm list
      - kubectl --namespace=$NAMESPACE get pods
      - kubectl --namespace=$NAMESPACE describe pods
      - kubectl --namespace=$NAMESPACE get cm -o yaml
      - |
      for p in $(kubectl --namespace=$NAMESPACE get pods -l app=glassfish -o jsonpath='{.items[*].metadata.name}'); do
      kubectl --namespace=$NAMESPACE logs $p || true
      done
      when: on_failure
      - docker-runner
      trigger_build:
      stage: deploy
      release:
      extends: .helm_tag
      stage: release
      tags:
      - docker-runner
      script:
      - |
      if [ ! -z "${PUBLIC_CHARTS_PIPELINE_TOKEN}" ] ; then
      curl -X POST -F token="${PUBLIC_CHARTS_PIPELINE_TOKEN}" -F ref="master" https://gitlab.triumf.ca/api/v4/projects/374/trigger/pipeline
      fi
      only:
      - tags
      Chart.yaml
      View file @ 3f535d7c
      ---
      apiVersion: v1
      name: samba-ad-dc
      version: 0.0.2
      version: "0.0.3"
      appVersion: "4.5.16"
      description: Samba Active Directory Domain Controller Deployment
      maintainers:
      - name: Dan Thomson
      ......
      templates/_helpers.tpl
      View file @ 3f535d7c
      ......@@ -5,14 +5,20 @@ Create a default fully qualified app name.
      We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
      */}}
      {{- define "fullname" -}}
      {{- $name := default .Chart.Name .Values.nameOverride -}}
      {{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
      {{- define "samba-ad-dc.fullname" -}}
      {{- printf "%s" (default .Chart.Name .Values.nameOverride | trunc 64 | trimSuffix "-") -}}
      {{- end -}}
      {{/*
      Helper function to combine registry authentication values into an appropriate Secret object
      */}}
      {{- define "imagePullSecret" }}
      {{- define "samba-ad-dc.imagePullSecret" }}
      {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.registry.name (printf "%s:%s" .Values.registry.user .Values.registry.password | b64enc) | b64enc }}
      {{- end }}
      {{/*
      Helper function for printing the full Docker image path from values
      */}}
      {{- define "samba-ad-dc.image" }}
      {{- printf "%s/%s:%s" (.Values.image.registry | default "docker.io") .Values.image.repository .Values.image.tag }}
      {{- end }}
      templates/cm.yaml
      View file @ 3f535d7c
      ......@@ -2,7 +2,7 @@
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: {{ template "fullname" . }}
      name: {{ template "samba-ad-dc.fullname" . }}
      data:
      ad.domain: {{ .Values.ad.domain }}
      ad.realm: {{ .Values.ad.realm }}
      ......
      templates/deploy.yaml
      View file @ 3f535d7c
      apiVersion: apps/v1
      kind: Deployment
      metadata:
      name: {{ template "fullname" . }}
      namespace: {{ .Release.Namespace }}
      name: {{ template "samba-ad-dc.fullname" . }}
      labels:
      app: samba-ad-dc
      triumf.ca/ad-domain: {{ .Values.ad.domain | quote }}
      ......@@ -22,52 +21,45 @@ spec:
      spec:
      {{- if and .Values.registry.password .Values.registry.user | and .Values.registry.name }}
      imagePullSecrets:
      - name: {{ template "fullname" . }}-imagepull
      - name: {{ template "samba-ad-dc.fullname" . }}-imagepull
      {{- end }}
      containers:
      - name: samba-ad-dc
      image: "{{ .Values.image }}:{{ .Values.imageTag }}"
      imagePullPolicy: {{ .Values.imagePullPolicy }}
      image: {{ include "samba-ad-dc.image" . }}
      imagePullPolicy: {{ .Values.image.pullPolicy }}
      env:
      - name: AD_DISABLE_STRONG_AUTH
      valueFrom:
      configMapKeyRef:
      name: {{ template "fullname" . }}
      key: ad.disableStrongAuth
      - name: AD_HOST_NAME
      valueFrom:
      configMapKeyRef:
      name: {{ template "fullname" . }}
      key: ad.hostName
      - name: AD_HOST_IP
      valueFrom:
      configMapKeyRef:
      name: {{ template "fullname" . }}
      key: ad.hostIP
      - name: AD_DOMAIN
      valueFrom:
      configMapKeyRef:
      name: {{ template "fullname" . }}
      key: ad.domain
      - name: AD_REALM
      valueFrom:
      configMapKeyRef:
      name: {{ template "fullname" . }}
      key: ad.realm
      - name: AD_RFC2307
      valueFrom:
      configMapKeyRef:
      name: {{ template "fullname" . }}
      key: ad.rfc2307
      resources:
      {{- if or .Values.cpuLimit .Values.memoryLimit }}
      limits:
      {{- if .Values.cpuLimit }}
      cpu: {{ .Values.cpuLimit }}
      {{- end }}
      {{- if .Values.memoryLimit }}
      memory: {{ .Values.memoryLimit }}
      {{- end }}
      - name: AD_DISABLE_STRONG_AUTH
      valueFrom:
      configMapKeyRef:
      name: {{ template "samba-ad-dc.fullname" . }}
      key: ad.disableStrongAuth
      - name: AD_HOST_NAME
      valueFrom:
      configMapKeyRef:
      name: {{ template "samba-ad-dc.fullname" . }}
      key: ad.hostName
      - name: AD_HOST_IP
      valueFrom:
      configMapKeyRef:
      name: {{ template "samba-ad-dc.fullname" . }}
      key: ad.hostIP
      - name: AD_DOMAIN
      valueFrom:
      configMapKeyRef:
      name: {{ template "samba-ad-dc.fullname" . }}
      key: ad.domain
      - name: AD_REALM
      valueFrom:
      configMapKeyRef:
      name: {{ template "samba-ad-dc.fullname" . }}
      key: ad.realm
      - name: AD_RFC2307
      valueFrom:
      configMapKeyRef:
      name: {{ template "samba-ad-dc.fullname" . }}
      key: ad.rfc2307
      {{- with .Values.resources }}
      resources: {{ . | toYaml | nindent 12 }}
      {{- end }}
      ports:
      - containerPort: 389
      ......@@ -114,6 +106,7 @@ spec:
      if [ $AD_DISABLE_STRONG_AUTH = "yes" ] && ! grep -q 'ldap server require strong auth = no' /etc/samba/smb.conf; then
      sed -i 's/\[global\]/[global]\n\tldap server require strong auth = no/' /etc/samba/smb.conf
      samba-tool domain passwordsettings set --complexity=off
      fi
      for nfile in $(find /var/lib/newusers -maxdepth 1 \( -type f -o -type l \) -iregex '^/var/lib/newusers/newusers[0-9]+$'); do
      ......@@ -123,10 +116,6 @@ spec:
      fi
      done
      # if [ -f /newusers ] && [ "$(stat --printf='%s' /newusers)" -gt 0 ]; then
      # /create-users.sh /newusers
      # fi
      exec /usr/sbin/samba -i </dev/null
      volumeMounts:
      - name: samba-data
      ......@@ -137,10 +126,10 @@ spec:
      - name: samba-data
      {{- if and .Values.persistence.enabled .Values.persistence.storageClass | and .Values.persistence.size }}
      persistentVolumeClaim:
      claimName: {{ template "fullname" . }}
      claimName: {{ template "samba-ad-dc.fullname" . }}
      {{- else }}
      emptyDir: {}
      {{- end }}
      - name: newusers
      secret:
      secretName: {{ template "fullname" . }}-newusers
      secretName: {{ template "samba-ad-dc.fullname" . }}-newusers
      templates/secrets.yaml
      View file @ 3f535d7c
      {{- if and .Values.registry.user .Values.registry.password | and .Values.registry.name }}
      {{- if and .Values.image.registryUser .Values.image.registryPassword | and .Values.image.repository }}
      ---
      apiVersion: v1
      metadata:
      name: {{ template "fullname" . }}-imagepull
      name: {{ template "samba-ad-dc.fullname" . }}-imagepull
      namespace: {{ .Release.Namespace }}
      data:
      .dockerconfigjson: {{ template "imagePullSecret" . }}
      .dockerconfigjson: {{ template "samba-ad-dc.imagePullSecret" . }}
      kind: Secret
      type: kubernetes.io/dockerconfigjson
      {{- end }}
      ---
      apiVersion: v1
      metadata:
      name: {{ template "fullname" . }}
      name: {{ template "samba-ad-dc.fullname" . }}
      data:
      adminPassword: {{ printf "%s" (default "" .Values.adminPassword) | quote | b64enc }}
      kind: Secret
      ......@@ -31,7 +31,7 @@ in a base64 encoded secret.
      */}}
      apiVersion: v1
      metadata:
      name: {{ template "fullname" . }}-newusers
      name: {{ template "samba-ad-dc.fullname" . }}-newusers
      data:
      {{ range $idx, $user := .Values.newUsers }}
      newusers{{ $idx }}: {{ printf "%s:%s\n" $user.username $user.password | b64enc }}
      ......
      templates/svc.yaml
      View file @ 3f535d7c
      ---
      kind: Service
      apiVersion: v1
      metadata:
      name: {{ template "fullname" . }}
      name: {{ template "samba-ad-dc.fullname" . }}
      labels:
      app: samba-ad-dc
      triumf.ca/ad-domain: {{ .Values.ad.domain | quote }}
      ......@@ -10,12 +11,11 @@ spec:
      app: samba-ad-dc
      triumf.ca/ad-domain: {{ .Values.ad.domain | quote }}
      ports:
      - name: ldap
      protocol: TCP
      port: 389
      targetPort: 389
      - name: ldaps
      protocol: TCP
      port: 686
      targetPort: 686
      ---
      - name: ldap
      protocol: TCP
      port: 389
      targetPort: 389
      - name: ldaps
      protocol: TCP
      port: 686
      targetPort: 686
      values.yaml
      View file @ 3f535d7c
      image: samba-ad-dc
      imageTag: latest
      cpuLimit: 500m
      memoryLimit: 1Gi
      ---
      image:
      registry: registry.triumf.ca
      repository: docker/samba-ad-dc
      tag: latest
      registryUser: null
      registryPassword: null
      resources:
      limits:
      cpu: 500m
      memory: 1Gi
      adminPassword: null
      persistence:
      enabled: false
      ......
      Markdown is supported
      0% or
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment