---
apiVersion: v1
kind: Secret
metadata:
name: ldap-bind-secrets # default for secretRefs.ldapSecretRef
type: Opaque
data:
# how to generate: base64 encode a random string (reasonable long and mixed characters)
# example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
reva-ldap-bind-password: XXXXXXXXXXXXX
# how to generate: base64 encode a random string (reasonable long and mixed characters)
# example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
idp-ldap-bind-password: XXXXXXXXXXXXX
# how to generate: base64 encode a random string (reasonable long and mixed characters)
# example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
graph-ldap-bind-password: XXXXXXXXXXXXX
---
apiVersion: v1
kind: Secret
metadata:
name: ldap-ca # default for secretRefs.ldapCaRef
type: Opaque
data:
# how to generate: base64 encode the pem-encoded certificate of a (self-signed) x509 certificate authority
# example generation commands:
# - `openssl genrsa -out ldap-ca.key 4096`
# - `openssl req -new -x509 -days 3650 -key ldap-ca.key -out ldap-ca.crt`
# - `cat ldap-ca.crt | base64 | tr -d '\n' && echo`
ldap-ca.crt: XXXXXXXXXXXXX
---
apiVersion: v1
kind: Secret
metadata:
name: ldap-cert # default for secretRefs.ldapCertRef
type: Opaque
data:
# how to generate: base64 encode a private key (eg. ed25519, ensure that you use reasonable long key size)
# example generation commands:
# - `openssl genrsa -out ldap.key 4096`
# - `cat ldap.key | base64 | tr -d '\n' && echo`
ldap.key: XXXXXXXXXXXXX
# how to generate: base64 encode a x509 certificate signed by the above CA, using the above private key.
# example generation commands:
# - `openssl req -new -subj "/CN=idm" -key ldap.key -out ldap.csr`
# - `openssl x509 -req -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:idm")) -days 365 -in ldap.csr -CA ldap-ca.crt -CAkey ldap-ca.key -out ldap.crt -CAcreateserial`
# - `cat ldap.crt | base64 | tr -d '\n' && echo`
ldap.crt: XXXXXXXXXXXXX
---
apiVersion: v1
kind: Secret
metadata:
name: admin-user # default for secreRefs.adminUserSecretRef
type: Opaque
data:
# how to generate: base64 encode a UUID V4
# example generation command: `cat /proc/sys/kernel/random/uuid | tr -d '\n' | base64`
user-id: XXXXXXXXXXXXX
# how to generate: base64 encode a random string (reasonable long and mixed characters)
# example generation command: `tr -cd '[a-zA-Z0-9],.' < /dev/urandom | fold -w 50 | head -n 1 | tr -d '\n' | base64`
password: XXXXXXXXXXXXX
---
apiVersion: v1
kind: Secret
metadata:
name: idp-secrets # default for secretRefs.idpSecretRef
type: Opaque
data:
# how to generate: base64 encode a random 32 byte string (mixed characters)
# example generation command: `openssl rand 32 | base64`
encryption.key: XXXXXXXXXXXXX
# how to generate: base64 encode a private key (eg. RSA, ensure that you use reasonable long key size)
# example generation command: `openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 2> /dev/null | base64 | tr -d '\n'`
private-key.pem: XXXXXXXXXXXXX