easylinux/Maison
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initialisation depot

Browse Source
This commit is contained in:
Serge NOEL
2026-02-10 12:12:11 +01:00
commit c3176e8d79
818 changed files with 52573 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
samba-api/k8s/configmap.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v1
kind: Secret
metadata:
name: samba-api-secrets
namespace: samba-api
type: Opaque
stringData:
SECRET_KEY: "your-secret-key-change-in-production-minimum-32-characters"
SAMBA_ADMIN_PASSWORD: "admin-password"
LDAP_BIND_PASSWORD: "admin-password"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: samba-api-config
namespace: samba-api
data:
HOST: "0.0.0.0"
PORT: "8000"
DEBUG: "false"
ACCESS_TOKEN_EXPIRE_MINUTES: "30"
ALGORITHM: "HS256"
ALLOWED_HOSTS: '["*"]'
SAMBA_DOMAIN: "example.com"
SAMBA_DC: "samba-dc.samba-api.svc.cluster.local"
SAMBA_ADMIN_USER: "Administrator"
SAMBA_BASE_DN: "DC=example,DC=com"
LDAP_SERVER: "ldap://samba-dc.samba-api.svc.cluster.local:389"
LDAP_USE_SSL: "false"
LDAP_BIND_DN: "Administrator@example.com"
LOG_LEVEL: "INFO"

55
samba-api/k8s/deploy.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/bin/bash
# Kubernetes deployment script
set -e
NAMESPACE="samba-api"
IMAGE_TAG=${1:-latest}
echo "Deploying Samba API to Kubernetes..."
# Apply namespace first
echo "Creating namespace..."
kubectl apply -f k8s/namespace.yaml
# Apply RBAC
echo "Applying RBAC configuration..."
kubectl apply -f k8s/rbac.yaml
# Apply ConfigMap and Secrets
echo "Applying configuration..."
kubectl apply -f k8s/configmap.yaml
# Apply Samba DC StatefulSet
echo "Deploying Samba DC..."
kubectl apply -f k8s/samba-dc.yaml
# Wait for Samba DC to be ready
echo "Waiting for Samba DC to be ready..."
kubectl wait --for=condition=Ready pod -l app=samba-dc -n ${NAMESPACE} --timeout=300s
# Apply API deployment
echo "Deploying Samba API..."
kubectl apply -f k8s/deployment.yaml
# Apply services
echo "Applying services..."
kubectl apply -f k8s/service.yaml
# Apply HPA and PDB
echo "Applying autoscaling configuration..."
kubectl apply -f k8s/hpa.yaml
# Wait for deployment to be ready
echo "Waiting for deployment to be ready..."
kubectl wait --for=condition=Available deployment/samba-api -n ${NAMESPACE} --timeout=300s
echo "Deployment completed successfully!"
# Show deployment status
kubectl get all -n ${NAMESPACE}
echo ""
echo "To access the API:"
echo "kubectl port-forward svc/samba-api-service 8000:80 -n ${NAMESPACE}"
echo "Then visit: http://localhost:8000/docs"

158
samba-api/k8s/deployment.yaml Normal file
View File

@@ -0,0 +1,158 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: samba-api
namespace: samba-api
labels:
app: samba-api
version: v1
spec:
replicas: 3
selector:
matchLabels:
app: samba-api
version: v1
template:
metadata:
labels:
app: samba-api
version: v1
spec:
containers:
- name: samba-api
image: samba-api:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
name: http
protocol: TCP
env:
- name: HOST
valueFrom:
configMapKeyRef:
name: samba-api-config
key: HOST
- name: PORT
valueFrom:
configMapKeyRef:
name: samba-api-config
key: PORT
- name: DEBUG
valueFrom:
configMapKeyRef:
name: samba-api-config
key: DEBUG
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: samba-api-secrets
key: SECRET_KEY
- name: ACCESS_TOKEN_EXPIRE_MINUTES
valueFrom:
configMapKeyRef:
name: samba-api-config
key: ACCESS_TOKEN_EXPIRE_MINUTES
- name: ALGORITHM
valueFrom:
configMapKeyRef:
name: samba-api-config
key: ALGORITHM
- name: ALLOWED_HOSTS
valueFrom:
configMapKeyRef:
name: samba-api-config
key: ALLOWED_HOSTS
- name: SAMBA_DOMAIN
valueFrom:
configMapKeyRef:
name: samba-api-config
key: SAMBA_DOMAIN
- name: SAMBA_DC
valueFrom:
configMapKeyRef:
name: samba-api-config
key: SAMBA_DC
- name: SAMBA_ADMIN_USER
valueFrom:
configMapKeyRef:
name: samba-api-config
key: SAMBA_ADMIN_USER
- name: SAMBA_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: samba-api-secrets
key: SAMBA_ADMIN_PASSWORD
- name: SAMBA_BASE_DN
valueFrom:
configMapKeyRef:
name: samba-api-config
key: SAMBA_BASE_DN
- name: LDAP_SERVER
valueFrom:
configMapKeyRef:
name: samba-api-config
key: LDAP_SERVER
- name: LDAP_USE_SSL
valueFrom:
configMapKeyRef:
name: samba-api-config
key: LDAP_USE_SSL
- name: LDAP_BIND_DN
valueFrom:
configMapKeyRef:
name: samba-api-config
key: LDAP_BIND_DN
- name: LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
name: samba-api-secrets
key: LDAP_BIND_PASSWORD
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: samba-api-config
key: LOG_LEVEL
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
volumeMounts:
- name: tmp
mountPath: /tmp
- name: logs
mountPath: /app/logs
volumes:
- name: tmp
emptyDir: {}
- name: logs
emptyDir: {}
securityContext:
fsGroup: 1000
restartPolicy: Always

49
samba-api/k8s/hpa.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: samba-api-pdb
namespace: samba-api
spec:
minAvailable: 1
selector:
matchLabels:
app: samba-api
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: samba-api-hpa
namespace: samba-api
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: samba-api
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleUp:
stabilizationWindowSeconds: 60
policies:
- type: Percent
value: 100
periodSeconds: 15
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 50
periodSeconds: 60

6
samba-api/k8s/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: samba-api
labels:
app: samba-api

34
samba-api/k8s/rbac.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: samba-api
namespace: samba-api
labels:
app: samba-api
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: samba-api
name: samba-api-role
rules:
- apiGroups: [""]
resources: ["pods", "services", "endpoints"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: samba-api-rolebinding
namespace: samba-api
subjects:
- kind: ServiceAccount
name: samba-api
namespace: samba-api
roleRef:
kind: Role
name: samba-api-role
apiGroup: rbac.authorization.k8s.io

140
samba-api/k8s/samba-dc.yaml Normal file
View File

@@ -0,0 +1,140 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: samba-dc
namespace: samba-api
labels:
app: samba-dc
spec:
serviceName: samba-dc
replicas: 1
selector:
matchLabels:
app: samba-dc
template:
metadata:
labels:
app: samba-dc
spec:
containers:
- name: samba-dc
image: nowsci/samba-domain:4.16.0
env:
- name: DOMAIN
value: "example.com"
- name: DOMAINPASS
valueFrom:
secretKeyRef:
name: samba-api-secrets
key: SAMBA_ADMIN_PASSWORD
- name: DNSFORWARDER
value: "8.8.8.8"
- name: HOSTIP
valueFrom:
fieldRef:
fieldPath: status.podIP
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 88
name: kerberos
protocol: TCP
- containerPort: 88
name: kerberos-udp
protocol: UDP
- containerPort: 135
name: rpc
- containerPort: 139
name: netbios
- containerPort: 389
name: ldap
- containerPort: 445
name: smb
- containerPort: 464
name: kpasswd
- containerPort: 636
name: ldaps
- containerPort: 3268
name: gc
- containerPort: 3269
name: gc-ssl
volumeMounts:
- name: samba-data
mountPath: /var/lib/samba
- name: samba-config
mountPath: /etc/samba
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi"
cpu: "1000m"
volumeClaimTemplates:
- metadata:
name: samba-data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: "standard"
resources:
requests:
storage: 10Gi
- metadata:
name: samba-config
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: "standard"
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: samba-dc
namespace: samba-api
labels:
app: samba-dc
spec:
type: ClusterIP
clusterIP: None
ports:
- port: 53
name: dns
protocol: UDP
- port: 53
name: dns-tcp
protocol: TCP
- port: 88
name: kerberos
protocol: TCP
- port: 88
name: kerberos-udp
protocol: UDP
- port: 135
name: rpc
- port: 139
name: netbios
- port: 389
name: ldap
- port: 445
name: smb
- port: 464
name: kpasswd
- port: 636
name: ldaps
- port: 3268
name: gc
- port: 3269
name: gc-ssl
selector:
app: samba-dc

46
samba-api/k8s/service.yaml Normal file
View File

@@ -0,0 +1,46 @@
apiVersion: v1
kind: Service
metadata:
name: samba-api-service
namespace: samba-api
labels:
app: samba-api
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8000
protocol: TCP
name: http
selector:
app: samba-api
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: samba-api-ingress
namespace: samba-api
labels:
app: samba-api
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- samba-api.yourdomain.com
secretName: samba-api-tls
rules:
- host: samba-api.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: samba-api-service
port:
number: 80