From ffc30c3de07d2ea8cae786ff2d7cdb8c883b24c2 Mon Sep 17 00:00:00 2001 From: Guillaume Perrin Date: Wed, 10 Jan 2024 16:06:01 +0100 Subject: [PATCH] Allow to disable port on services. When using service as load balancer, if we setup ldap to be on secure port only we don't want to expose the insecure port. Currently there is no way to do that. With this modification, users can enable or disable exposition of insecure or secure port on the service. Default values keep the current behaviour. Signed-off-by: Guillaume Perrin --- Chart.yaml | 2 +- README.md | 2 ++ templates/service.yaml | 4 ++++ templates/svc-headless.yaml | 9 ++++++++- values.yaml | 5 +++++ 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 52325c8..9a3c749 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -13,7 +13,7 @@ dependencies: - bitnami-common version: ~2 home: https://www.openldap.org -version: 4.2.2 +version: 4.2.3 appVersion: 2.6.6 description: Community developed LDAP software icon: https://raw.githubusercontent.com/jp-gouin/helm-openldap/master/logo.png diff --git a/README.md b/README.md index 35b5bde..74deb22 100755 --- a/README.md +++ b/README.md @@ -125,6 +125,8 @@ Parameters related to Kubernetes. | `extraDeploy` | extraDeploy Array of extra objects to deploy with the release | `""` | | `service.annotations` | Annotations to add to the service | `{}` | | `service.externalIPs` | Service external IP addresses | `[]` | +| `service.enableLdapPort` | Enable LDAP port on the service and headless service | `true` | +| `service.enableSslLdapPort` | Enable SSL LDAP port on the service and headless service | `true` | | `service.ldapPortNodePort` | Nodeport of External service port for LDAP if service.type is NodePort | `nil` | | `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | | `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | diff --git a/templates/service.yaml b/templates/service.yaml index 5c65c45..a43ba11 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -24,6 +24,7 @@ spec: loadBalancerSourceRanges: {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: + {{- if .Values.service.enableLdapPort }} - name: ldap-port protocol: TCP port: {{ .Values.global.ldapPort }} @@ -33,6 +34,8 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} + {{- end }} + {{- if .Values.service.enableSslLdapPort }} - name: ssl-ldap-port protocol: TCP port: {{ .Values.global.sslLdapPort }} @@ -42,6 +45,7 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} + {{- end }} sessionAffinity: {{ .Values.service.sessionAffinity }} selector: app.kubernetes.io/component: {{ template "openldap.fullname" . }} diff --git a/templates/svc-headless.yaml b/templates/svc-headless.yaml index 3c755b8..1e6cdac 100755 --- a/templates/svc-headless.yaml +++ b/templates/svc-headless.yaml @@ -9,12 +9,19 @@ metadata: heritage: {{ .Release.Service }} spec: ports: + {{- if .Values.service.enableLdapPort }} - port: {{ .Values.global.ldapPort }} name: ldap-port targetPort: ldap-port + {{- end }} + {{- if .Values.service.enableSslLdapPort }} + - port: {{ .Values.global.sslLdapPort }} + name: ssl-ldap-port + targetPort: ssl-ldap-port + {{- end }} clusterIP: None selector: app.kubernetes.io/component: {{ template "openldap.fullname" . }} release: {{ .Release.Name }} type: ClusterIP - sessionAffinity: None \ No newline at end of file + sessionAffinity: None diff --git a/values.yaml b/values.yaml index e6554a9..fa22361 100644 --- a/values.yaml +++ b/values.yaml @@ -79,6 +79,11 @@ service: ## If service type NodePort, define the value here #ldapPortNodePort: #sslLdapPortNodePort: + + # Disable if you do not want to expose port on service + enableLdapPort: true + enableSslLdapPort: true + ## List of IP addresses at which the service is available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ##