Skip to main content
Loading
Version: Operator 3.1.0

Use LDAP External Authentication for Aerospike on Kubernetes

This example creates a cluster where Aerospike is configured to use the Lightweight Directory Access Protocol (LDAP) for external authentication. For details about LDAP in Aerospike, see Aerospike Access Control.

Prerequisites

Preinstalled LDAP server cluster that is reachable from the Kubernetes pods. This could be internal or external to the Kubernetes cluster.

Aerospike cluster using LDAP

To create an Aerospike Cluster that uses LDAP, see the following aerospikeConfig section from a sample custom resource (CR) file. The security.ldap section here uses demo values from a sample configuration. Adapt this section to use configuration appropriate to your LDAP server. For more details see the available LDAP configuration parameters.

.
.
.

aerospikeConfig:
service:
feature-key-file: /etc/aerospike/secret/features.conf
security:
ldap:
query-base-dn: 'dc=example,dc=org'
server: ldap://openldap.default.svc.cluster.local:1389
disable-tls: true
query-user-dn: "cn=admin,dc=example,dc=org"
query-user-password-file: /etc/aerospike/secret/ldap-passwd.txt
user-dn-pattern: 'cn=${un},ou=users,dc=example,dc=org'
role-query-search-ou: true
role-query-patterns:
- '(&(objectClass=groupOfNames)(member=cn=${un},ou=users,dc=example,dc=org))'
polling-period: 10
network:
service:
tls-name: aerospike-a-0.test-runner
tls-authenticate-client: false
tls-port: 4333
heartbeat:
tls-name: aerospike-a-0.test-runner
tls-port: 3012
fabric:
tls-name: aerospike-a-0.test-runner
tls-port: 3011
tls:
- name: aerospike-a-0.test-runner
cert-file: /etc/aerospike/secret/svc_cluster_chain.pem
key-file: /etc/aerospike/secret/svc_key.pem
ca-file: /etc/aerospike/secret/cacert.pem
namespaces:
- name: test
memory-size: 3000000000
replication-factor: 2
storage-engine:
type: memory

For the full CR file, see the example LDAP authentication CR.

This and other example CRs are stored in the main Aerospike Kubernetes Operator repository.

Save and exit the CR file, then use kubectl to apply the change.

kubectl apply -f aerospike-cluster.yaml