Skip to main content
We are excited to be a part of AWS re:Invent 2024. Visit us at booth #1844 in Las Vegas.More info
Loading
Version: Operator 3.4.0

Use LDAP External Authentication for Aerospike on Kubernetes

This example creates a cluster where Aerospike is configured to use the Lightweight Directory Access Protocol (LDAP) for external authentication. For details about LDAP in Aerospike, see Aerospike Access Control.

Prerequisites

Preinstalled LDAP server cluster that is reachable from the Kubernetes pods. This could be internal or external to the Kubernetes cluster.

Aerospike cluster using LDAP

To create an Aerospike Cluster that uses LDAP, see the following aerospikeConfig section from a sample custom resource (CR) file. The security.ldap section here uses demo values from a sample configuration. Adapt this section to use configuration appropriate to your LDAP server. For more details see the available LDAP configuration parameters.

aerospikeConfig:
  service:
    feature-key-file: /etc/aerospike/secret/features.conf
  security:
    ldap:
      query-base-dn: 'dc=example,dc=org'
      server: ldap://openldap.default.svc.cluster.local:1389
      disable-tls: true
      query-user-dn: "cn=admin,dc=example,dc=org"
      query-user-password-file: /etc/aerospike/secret/ldap-passwd.txt
      user-dn-pattern: 'cn=${un},ou=users,dc=example,dc=org'
      role-query-search-ou: true
      role-query-patterns:
        - '(&(objectClass=groupOfNames)(member=cn=${un},ou=users,dc=example,dc=org))'
      polling-period: 10
  network:
    service:
      tls-name: aerospike-a-0.test-runner
      tls-authenticate-client: false
      tls-port: 4333
    heartbeat:
      tls-name: aerospike-a-0.test-runner
      tls-port: 3012
    fabric:
      tls-name: aerospike-a-0.test-runner
      tls-port: 3011
    tls:
      - name: aerospike-a-0.test-runner
        cert-file: /etc/aerospike/secret/svc_cluster_chain.pem
        key-file: /etc/aerospike/secret/svc_key.pem
        ca-file: /etc/aerospike/secret/cacert.pem
  namespaces:
    - name: test
      replication-factor: 2
      storage-engine:
        type: memory
        data-size: 1073741824

For the full CR file, see the example LDAP authentication CR.

This and other example CRs are available in the main Aerospike Kubernetes Operator repository.

Save and exit the CR file, then use kubectl to apply the change.

kubectl apply -f aerospike-cluster.yaml