This repository provides a playground environment for setting up an LDAP server on OpenShift, initializing it via Ansible, integrating it with OAuth authentication, and configuring a CronJob for periodic group imports. The goal is to create a fully declarative and reproducible setup that can be extended using GitOps principles.
- Deploys an LDAP server on OpenShift.
- Initializes LDAP using Ansible playbooks.
- Integrates with OpenShift OAuth, allowing LDAP-based authentication.
- Configures a CronJob to periodically import LDAP groups.
- Uses Sealed Secrets to store and encrypt sensitive data securely.
- Fully declarative for easy GitOps integration.
This repository is for demo and testing purposes only.
- The LDAP setup and secrets included here are for playground use only.
- Sealed Secrets certificates are included for reproducibility. If you need to use your own, you must generate new ones and update the Sealed Secrets controller accordingly.
- This is not intended for production use. Do not use these credentials or configurations in a real environment.
- OpenShift 4.x
- Ansible
- OpenShift CLI (
oc) - Kubeseal
git clone https://github.com/too-common-name/openshift-ldap-playground.git
cd openshift-ldap-playground./setup.sh <ocp-api-server> <admin-username> <admin-password>If you want to use custom Sealed Secrets certificates, follow these steps:
- Delete the existing Sealed Secrets controller.
- Generate a new controller with custom certificates.
- Re-encrypt secrets using the new certificates.
- Apply the new Sealed Secrets to OpenShift.
If you want a more modular approach, you can adapt the deployment using Helm or Kustomize.
- Add Helm chart support.
- Implement CI/CD automation for GitOps workflows.
- Enhance security by integrating a centralized secret management system (e.g., HashiCorp Vault).
Contributions are welcome! If you find issues or have suggestions for improvements, feel free to open a pull request or an issue.
This project is licensed under the MIT License. See the LICENSE file for details.