Skip to content

Commit 2f64937

Browse files
sbernauermaltesander
sbernauer
and
maltesander
authored
Add concepts page on AuthenticationClass and TLS server verification (#323)
* Add concepts page on AuthenticationClass and TLS server verification * Update modules/concepts/pages/authenticationclass.adoc Co-authored-by: Malte Sander <malte.sander.it@gmail.com> * Update modules/concepts/pages/authenticationclass.adoc Co-authored-by: Malte Sander <malte.sander.it@gmail.com> * Update modules/concepts/pages/authenticationclass.adoc Co-authored-by: Malte Sander <malte.sander.it@gmail.com> * Update modules/concepts/pages/tls_server_verification.adoc Co-authored-by: Malte Sander <malte.sander.it@gmail.com> * Update modules/concepts/pages/tls_server_verification.adoc Co-authored-by: Malte Sander <malte.sander.it@gmail.com> * Update modules/concepts/pages/tls_server_verification.adoc Co-authored-by: Malte Sander <malte.sander.it@gmail.com> * Update modules/concepts/pages/tls_server_verification.adoc Co-authored-by: Malte Sander <malte.sander.it@gmail.com> * simple-trino-users -> simple-users * Add section on TLS Co-authored-by: Malte Sander <malte.sander.it@gmail.com>
1 parent 1a3ac94 commit 2f64937

15 files changed

+303
-4
lines changed

modules/concepts/examples/authenticationclass-ldap-full.yaml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
apiVersion: authentication.stackable.tech/v1alpha1
2+
kind: AuthenticationClass
3+
metadata:
4+
name: ldap-full
5+
spec:
6+
provider:
7+
ldap:
8+
hostname: my.ldap.server # <1>
9+
port: 389 # <2>
10+
searchBase: ou=users,dc=example,dc=org # <3>
11+
searchFilter: (memberOf=cn=myTeam,ou=teams,dc=example,dc=org) # <4>
12+
ldapFieldNames: # <5>
13+
uid: uid
14+
group: memberof
15+
givenName: givenName
16+
surname: sn
17+
email: mail
18+
bindCredentials:
19+
secretClass: ldap-full-bind # <6>
20+
scope: # <7>
21+
pod: true
22+
node: false
23+
services:
24+
- ldap-full
25+
tls: # <8>
26+
verification:
27+
server:
28+
caCert:
29+
secretClass: ldap-full-ca-cert

modules/concepts/examples/authenticationclass-ldap-openldap-simple.yaml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
apiVersion: authentication.stackable.tech/v1alpha1
2+
kind: AuthenticationClass
3+
metadata:
4+
name: openldap-simple
5+
spec:
6+
provider:
7+
ldap:
8+
hostname: my.openldap.server
9+
port: 1389
10+
searchBase: ou=users,dc=example,dc=org
11+
bindCredentials:
12+
secretClass: openldap-simple-bind # <1>
13+
---
14+
apiVersion: secrets.stackable.tech/v1alpha1
15+
kind: SecretClass
16+
metadata:
17+
name: openldap-simple-bind # <2>
18+
spec:
19+
backend:
20+
k8sSearch:
21+
searchNamespace:
22+
pod: {} # <3>
23+
---
24+
apiVersion: v1
25+
kind: Secret
26+
metadata:
27+
name: openldap-simple-bind # <4>
28+
labels:
29+
secrets.stackable.tech/class: openldap-simple-bind # <5>
30+
stringData:
31+
user: cn=admin,dc=example,dc=org
32+
password: admin

modules/concepts/examples/authenticationclass-ldap-simple.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
apiVersion: authentication.stackable.tech/v1alpha1
2+
kind: AuthenticationClass
3+
metadata:
4+
name: ldap-simple
5+
spec:
6+
provider:
7+
ldap:
8+
hostname: my.ldap.server # <1>
9+
port: 389 # <2>
10+
searchBase: ou=users,dc=example,dc=org # <3>

modules/concepts/examples/authenticationclass-static-authenticationclass.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
apiVersion: authentication.stackable.tech/v1alpha1
2+
kind: AuthenticationClass
3+
metadata:
4+
name: simple-users
5+
spec:
6+
provider:
7+
static:
8+
userCredentialsSecret:
9+
name: simple-users-credentials # <1>

modules/concepts/examples/authenticationclass-static-secret.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
apiVersion: v1
2+
kind: Secret
3+
metadata:
4+
name: simple-users-credentials # <1>
5+
namespace: default # <2>
6+
type: kubernetes.io/opaque
7+
stringData:
8+
admin: admin
9+
alice: superpass
10+
bob: secret

modules/concepts/examples/authenticationclass-tls.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
apiVersion: authentication.stackable.tech/v1alpha1
2+
kind: AuthenticationClass
3+
metadata:
4+
name: client-auth-tls
5+
spec:
6+
provider:
7+
tls:
8+
clientCertSecretClass: client-auth-tls

modules/concepts/examples/tls-mutual-verification.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
tls:
2+
verification:
3+
mutual:
4+
certSecretClass: openldap-tls

modules/concepts/examples/tls-no-verification.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
tls:
2+
verification:
3+
none: {}

modules/concepts/examples/tls-server-verification-custom-ca.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
tls:
2+
verification:
3+
server:
4+
caCert:
5+
secretClass: openldap-tls-ca

modules/concepts/examples/tls-server-verification-webpki.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
tls:
2+
verification:
3+
server:
4+
caCert:
5+
webPki: {}

0 commit comments

Comments
 (0)