Skip to content
Visit booth 3171 at Google Cloud Next to see how to unlock real-time decisions at scaleMore info

Use LDAP External Authentication for Aerospike on Kubernetes

This example creates a cluster where Aerospike is configured to use the Lightweight Directory Access Protocol (LDAP) for external authentication. For details about LDAP in Aerospike, see Aerospike Access Control.

Prerequisites

Preinstalled LDAP server cluster that is reachable from the Kubernetes pods. This could be internal or external to the Kubernetes cluster.

Aerospike cluster using LDAP

To create an Aerospike Cluster that uses LDAP, see the following aerospikeConfig section from a sample custom resource (CR) file. The security.ldap section here uses demo values from a sample configuration. Adapt this section to use configuration appropriate to your LDAP server. For more details see the available LDAP configuration parameters.

aerospikeConfig:
  service:
    feature-key-file: /etc/aerospike/secret/features.conf
  security:
    ldap:
      query-base-dn: 'dc=example,dc=org'
      server: ldap://openldap.default.svc.cluster.local:1389
      disable-tls: true
      query-user-dn: "cn=admin,dc=example,dc=org"
      query-user-password-file: /etc/aerospike/secret/ldap-passwd.txt
      user-dn-pattern: 'cn=${un},ou=users,dc=example,dc=org'
      role-query-search-ou: true
      role-query-patterns:
        - '(&(objectClass=groupOfNames)(member=cn=${un},ou=users,dc=example,dc=org))'
      polling-period: 10
  network:
    service:
      tls-name: aerospike-a-0.test-runner
      tls-authenticate-client: false
      tls-port: 4333
    heartbeat:
      tls-name: aerospike-a-0.test-runner
      tls-port: 3012
    fabric:
      tls-name: aerospike-a-0.test-runner
      tls-port: 3011
    tls:
      - name: aerospike-a-0.test-runner
        cert-file: /etc/aerospike/secret/svc_cluster_chain.pem
        key-file: /etc/aerospike/secret/svc_key.pem
        ca-file: /etc/aerospike/secret/cacert.pem
  namespaces:
    - name: test
      replication-factor: 2
      storage-engine:
        type: memory
        data-size: 1073741824

For the full CR file, see the example LDAP authentication CR.

This and other example CRs are available in the main Aerospike Kubernetes Operator repository.

Save and exit the CR file, then use kubectl to apply the change.

Terminal window
kubectl apply -f aerospike-cluster.yaml
Feedback

Was this page helpful?

What type of feedback are you giving?

What would you like us to know?

+Capture screenshot

Can we reach out to you?