Install Kerberos operator on Kubernetes
In your offline pack, there are charts for Kerberos operator and Kerberos Config and an image for Kerberos operator. You need to extract and push them to your registry as described in the Offline package usage article.
Kerberos operator installation
-
Prepare a file for Kerberos operator installation:
ko-values.yamlreplicas: 1 image: registry: hub.arenadata.io (1) repository: adc-enterprise/kerberos-operator (2) pullPolicy: IfNotPresent tag: <tag> (3) serviceAccount: create: true automount: true service: type: ClusterIP port: 8443 payloadNamespaces: names: (4) - kerberos-prod - kerberos-staging allowClusterRole: false (5) deleteProtection: true (6) avoidCreation: false (7) terminationGracePeriodSeconds: 101 Your image storage URL. 2 Path to the Kerberos operator image repository within your storage. 3 Version of the image that Kubernetes will use. 4 List of namespaces the operator manages. 5 Explicit opt-in for cluster-wide access. When trueandpayloadNamespaces.namesis empty, the chart createsClusterRole/ClusterRoleBindingfor access to all namespaces.6 Add the helm.sh/resource-policy: keepannotation to payload namespaces to prevent deletion onhelm uninstall.7 Skip creating namespace resources. Use only when namespaces already exist (e.g. created by Kerberos operator). -
Install Kerberos operator:
$ helm upgrade --install kerberos-operator oci://"$PRIVATE_REGISTRY"/adc-enterprise/charts/kerberos-operator --version <chart_version> -f ko-values.yaml --namespace kerberos-operator --create-namespacewhere
<chart_version>is the version of the Kerberos operator chart that will be used for installation. -
Check that the Kerberos operator is running:
$ kubectl get pods -n kerberos-operatorThe expected output is:
NAME READY STATUS RESTARTS AGE kerberos-operator-79897dddf5-2xgjj 1/1 Running 0 129m
Kerberos config installation
-
Prepare a file for Kerberos config installation:
kc-values.yamlldapSecret: enabled: true provider: freeipa (1) address: ldap://tsn-freeipa.ru-central1.internal (2) adminUser: uid=admin,cn=users,cn=accounts,dc=ru-central1,dc=internal (3) adminPassword: bigdata (4) baseDN: cn=services,cn=accounts,dc=ru-central1,dc=internal (5) ca: | <pem-certificate> (6) kdcConfig: labelSelector: env: prod libdefaults: debug: 'false' default_realm: RU-CENTRAL1.INTERNAL dns_lookup_kdc: 'false' dns_lookup_realm: 'false' udp_preference_limit: '1' realm: RU-CENTRAL1.INTERNAL (7) domainRealm: ru-central1.internal: RU-CENTRAL1.INTERNAL realms: RU-CENTRAL1.INTERNAL: | kdc = tsn-freeipa.ru-central1.internal (8) admin_server = tsn-freeipa.ru-central1.internal (9)1 Type of Kerberos provider. Can be one of the following: ad,samba,freeipa.2 LDAP connection URL. 3 Administrator username. 4 Administrator password. 5 Search base. 6 CA certificate used to trust the LDAP server’s TLS certificate. 7 Kerberos realm. 8 Host with KDC available. 9 Host with kadminavailable. -
Install Kerberos config:
$ helm upgrade --install kerberos-config oci://"$PRIVATE_REGISTRY"/adc-enterprise/charts/kerberos-config --version <chart_version> -f kc-values.yaml --namespace kerberos-operator --create-namespacewhere
<chart_version>is the version of the Kerberos config chart that will be used for installation. -
Verify the installation:
$ kubectl get secrets -n kerberos-operatorThe expected output should be similar to:
NAME TYPE DATA AGE kerberos-config-ldap-credentials krb5.arenadata.io/ldap-credentials 5 7d14h
Delete instances
|
IMPORTANT
Delete the operator only after all the resources it manages have been deleted. |
To delete the Kerberos operator, run the command below:
$ helm uninstall kerberos-operator --namespace kerberos-operatorTo delete the Kerberos config, run the command below:
$ helm uninstall kerberos-config --namespace kerberos-operator