'전체 글'에 해당되는 글 24건

  1. 2020.06.08 LDAP install on minikube
  2. 2020.06.08 Keycloak install on minikube
  3. 2020.05.18 ssh key로 서버 접속

# openldap, phpldapadmin install

 

 

# 작업 directory 및 namespace 생성

root@minik8s:~# mkdir ldap
root@minik8s:~# cd ldap/
root@minik8s:~/ldap# ls
root@minik8s:~/ldap# kubectl create namespace ldap
namespace/ldap created
root@minik8s:~/ldap#

# helm repo 연결 및 config.yaml 생성

root@minik8s:~/ldap# helm repo add stable https://kubernetes-charts.storage.googleapis.com
"stable" has been added to your repositories
root@minik8s:~/ldap# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "codecentric" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
root@minik8s:~/ldap# helm inspect values stable/openldap > config.yaml

# config.yaml 수정

- LDAP_DOMAIN : ldap.cloudpak.com

- adminPassword : 주석제거, 암호지정

- storageClass -> 'standard' ( minikube의 storageclass )

- size : 8Gi -> 5Gi -> minikube vm의 volume이 적어서 변경

 

# helm install

root@minik8s:~/ldap# helm install ldap -f config.yaml stable/openldap -n ldap

 

# phpldapadmin 설치 -> ldap에 console로 접근해서 관리 용도

root@minik8s:~/ldap# helm repo add cetic https://cetic.github.io/helm-charts
"cetic" has been added to your repositories
root@minik8s:~/ldap# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "cetic" chart repository
...Successfully got an update from the "codecentric" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
root@minik8s:~/ldap# helm inspect values cetic/phpldapadmin > phpldapadmin.yaml

# phpldapadmin.yaml 수정

- LDAP_HOST : 앞에 설치한 openldap의 service 명( 동일 namespace 경우 ) 

- ClusterIP로 지정하고, 배포후 NordPort 변경 또는 ingress 생성

# helm install

helm install ldapadmin -f phpldapadmin.yaml cetic/phpldapadmin -n ldap

# ingress 생성

 

# web 접근 및 로그인

- openldap 생성시 지정한 계정명+도메인명으로 로그인 ( cn=admin,dc=ldap,dc=cloudpak,dc=com )

'Open Source' 카테고리의 다른 글

docker install on CentOS 8.x  (0) 2021.09.29
Keycloak(User Federation) - LDAP 연계  (0) 2020.06.08
Keycloak install on minikube  (0) 2020.06.08
install tekton on minikube  (0) 2020.04.21
Presto db 접근 방법  (0) 2020.03.31
Posted by jerymy
,

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

www.keycloak.org/about.html

 

Keycloak - About

About Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. This page gives a brief introduction to Keycloak and some of th

www.keycloak.org

Keycloak 기능

  • SSO
  • User Federation : LDAP, AD...
  • Account Management Console
  • Standard Protocols : OIDC, OAuth 2.0, SAML

# namespace 생성 및 helm repo 추가

root@minik8s:~# kubectl create ns keycloak
namespace/keycloak created
root@minik8s:~# helm repo add codecentric https://codecentric.github.io/helm-charts
"codecentric" has been added to your repositories

# keycloak config 설정을 위해 values.yaml 생성

root@minik8s:~# mkdir keycloak && cd keycloak
root@minik8s:~/keycloak# helm show values codecentric/keycloak > values.yaml

# values.yaml 내용 수정

- keycloak 계정 암호 지정

- ingress, route 생성시 true로 변경 ( 이 문서에서는 false로 설치 함 )

- DB 지정

- PVC 지정

- 생성된 PVC

# 설치 후 확인

root@minik8s:~/keycloak# kubectl get all -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
pod/keycloak-0              1/1     Running   0          2m13s
pod/keycloak-postgresql-0   1/1     Running   0          2m13s


NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
service/keycloak-headless              ClusterIP   None             <none>        80/TCP,8443/TCP   2m15s
service/keycloak-http                  ClusterIP   10.104.146.230   <none>        80/TCP,8443/TCP   2m14s
service/keycloak-postgresql            ClusterIP   10.106.34.115    <none>        5432/TCP          2m14s
service/keycloak-postgresql-headless   ClusterIP   None             <none>        5432/TCP          2m15s


NAME                                   READY   AGE
statefulset.apps/keycloak              1/1     2m14s
statefulset.apps/keycloak-postgresql   1/1     2m14s

- values.yaml에서 ingress를 true로 하지 않아서 외부 접근 안됨 -> ClusterIP를 NodePort로 변경해서 접근 가능함

# clusterIP를 NodePort 로 변경후 확인
root@minik8s:~/keycloak# kubectl edit svc keycloak-http -n keycloak
service/keycloak-http edited
root@minik8s:~/keycloak# kubectl get all -n keycloak
NAME                        READY   STATUS    RESTARTS   AGE
pod/keycloak-0              1/1     Running   0          5m15s
pod/keycloak-postgresql-0   1/1     Running   0          5m15s


NAME                                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                       AGE
service/keycloak-headless              ClusterIP   None             <none>        80/TCP,8443/TCP               5m17s
service/keycloak-http                  NodePort    10.104.146.230   <none>        80:30478/TCP,8443:32572/TCP   5m16s
service/keycloak-postgresql            ClusterIP   10.106.34.115    <none>        5432/TCP                      5m16s
service/keycloak-postgresql-headless   ClusterIP   None             <none>        5432/TCP                      5m17s


NAME                                   READY   AGE
statefulset.apps/keycloak              1/1     5m16s
statefulset.apps/keycloak-postgresql   1/1     5m16s

 

# URL접근( http://<VM IP>:<NodePort>

# administration console 눌러서 login 화면 이동 -> values.yaml에서 지정한 계정/암호(keycloak / password)로 로그인

# Master Realm 은 default로 생성됨

- realm을 생성하고, clients(연계 대상 : jenkins 등)을 생성해서 연계함

'Open Source' 카테고리의 다른 글

Keycloak(User Federation) - LDAP 연계  (0) 2020.06.08
LDAP install on minikube  (0) 2020.06.08
install tekton on minikube  (0) 2020.04.21
Presto db 접근 방법  (0) 2020.03.31
mongodb 로그인, 조회 명령  (0) 2020.03.13
Posted by jerymy
,

ssh key로 서버 접속

etc 2020. 5. 18. 21:39

 

# ssh key 생성

# SSH key 생성 
$ ssh-keygen -b 4096 -f ~/.ssh/id_rsa -N "" 

# ssh key를 접속할 서버로 copy(계정 및 password 필요)
$ ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<node_ip_address> 

 

# ~/.ssh/ 하위에 config 파일 확인(없으면 생성)

$ ls -al .ssh/
total 32
drwx------   6 root  staff   192  5  8 00:08 .
drwxr-xr-x+ 34 root  staff  1088  5  8 00:08 ..
-rwx------   1 root  staff   100  5  8 00:08 config
-rw-------   1 root  staff  1856  3  8 17:41 id_rsa
-rw-r--r--   1 root  staff   418  3  8 17:41 id_rsa.pub
-rw-r--r--   1 root  staff  1399  4 19 14:06 known_hosts

 

# config 파일 내용


### minikube
Host minikube
    HostName 123.123.123.123
    #Port 22222 포트 변경 필요시
    User root
    IdentityFile ~/.ssh/id_rsa

$ ssh minikube 로 서버 접속

 

 

'etc' 카테고리의 다른 글

bash Prompt 설정  (0) 2020.05.18
ubuntu user 생성  (0) 2020.04.20
git command  (0) 2020.03.16
ansible로 ubuntu user 생성  (0) 2020.02.19
Posted by jerymy
,