A Rundeck Deployment in Kubernetes + LDAP or Active Directory to autentication.
In my sample, I used to Kubernetes Sercrets to protect my data. I strongly advise you to do the same. To understand how to handle secrets in Kubernetes look here. I've created the secret file rundeck-secretes and encode the values using base64
Example to enconde:
$ echo -n 'myvalue' | openssl ba64
bXl2YWx1ZQ==
To decode:
echo -n 'bXl2YWx1ZQ==' | base64 --decode
The file rundeck-admin-role.yaml is used to create a policy that allow your Active Directory users use the Rundeck features, in this file gave the admin permitions to users. To manage policy you can check here. In my deployment this policy is provide via secret.
RUNDECK_DATABASE_DRIVER
RUNDECK_DATABASE_PASSWORD
RUNDECK_DATABASE_URL
RUNDECK_DATABASE_USERNAME
RUNDECK_GRAILS_URL
RUNDECK_JAAS_MODULES_0
RUNDECK_LOGGING_AUDIT_ENABLED
RUNDECK_SERVER_FORWARDED
It's necessary creat at AD user to bind the authentication validation of the user. And you need set your Active Direcotry florest to vars, follow a example bellow:
RUNDECK_JAAS_LDAP_BINDDN=rundeckuser@mycompany.foo
RUNDECK_JAAS_LDAP_BINDPASSWORD=somepassword
RUNDECK_JAAS_LDAP_FLAG=sufficient
RUNDECK_JAAS_LDAP_PROVIDERURL=ldap://0.0.0.0:389
RUNDECK_JAAS_LDAP_ROLEBASEDN=OU=RundeckRoles,OU=Users,OU=MYCOMPANY,DC=mycompany,DC=foo
RUNDECK_JAAS_LDAP_ROLEMEMBERATTRIBUTE=member
RUNDECK_JAAS_LDAP_ROLEOBJECTCLASS=group
RUNDECK_JAAS_LDAP_USERBASEDN=OU=Users,OU=MYCOMPANY,DC=foo,DC=mycompany
RUNDECK_JAAS_LDAP_USERIDATTRIBUTE=sAMAccountName
RUNDECK_JAAS_LDAP_USERRDNATTRIBUTE=sAMAccountName
RUNDECK_JAAS_MODULES_0=JettyCombinedLdapLoginModule
Author: Weyder
💻 SRE | DevOps Culture | AWS
📍 LinkedIn: @weyderfs
📧 Email: weyderfs@gmail.com
☕ You can support me with a coffee.