A side-car container providing LDAP access to containers based on the DLS python-copier-tempate
| Source | https://github.com/DiamondLightSource/account-sync-sidecar |
|---|---|
| Docker | docker run ghcr.io/diamondlightsource/account-sync-sidecar:latest |
| Releases | https://github.com/DiamondLightSource/account-sync-sidecar/releases |
This side-car shares the nslcd socket with the main container, using libnss-ldapd to load users and groups from remote LDAP directories.
This allows containerised programs running as non-root users in the DLS clusters to know the username of the user they are running as. This is necessary to e.g. deploy VSCode server in the cluster.
A how-to can be found here.
If the main container is templated from a release of python-copier-template, this release's version should be equal to the version of the account-sync-sidecar, which will ensure that the underlying Debian image is mutually compatible with nss-ldapd. To find python-copier-template version, check /.copier-answers.yml for a _commit field.