diff --git a/Chart.yaml b/Chart.yaml index 2a0ef33..74a2fe6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ldap-stack description: OpenLDAP + phpLDAPadmin + Keycloak stack for centralized identity management with SSO support type: application -version: 1.3.1 -appVersion: "2.6.0" +version: 1.4.0 +appVersion: "2.6.1" annotations: artifacthub.io/signKey: | fingerprint: 35D9AD8B98D2FB5AF685CABA019335D0A0561140 @@ -19,20 +19,24 @@ annotations: url: https://github.com/start-codex/ldap-stack-helm-chart artifacthub.io/images: | - name: openldap - image: startcodex/openldap:2.0.0 + image: startcodex/openldap:2.1.0 - name: phpldapadmin - image: osixia/phpldapadmin:latest + image: phpldapadmin/phpldapadmin:latest - name: keycloak image: quay.io/keycloak/keycloak:latest - name: ldap-sync-google image: startcodex/ldap-sync-google:latest - artifacthub.io/containsSecurityUpdates: "false" + artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/prerelease: "false" artifacthub.io/changes: | - - kind: added - description: Add support for extraInitContainers, extraVolumes, and extraVolumeMounts in Keycloak - - kind: added - description: Enable custom provider JARs and themes in Keycloak via init containers + - kind: changed + description: "BREAKING: Replace osixia/phpldapadmin with phpldapadmin/phpldapadmin (port 80 -> 8080)" + - kind: changed + description: Upgrade openldap image to 2.1.0 with security patches (0 critical CVEs) + - kind: security + description: Eliminate 122 critical CVEs by replacing abandoned phpldapadmin image + - kind: security + description: Patch OpenSSL, MariaDB, glibc, BIND CVEs in openldap image keywords: - ldap - openldap diff --git a/README.md b/README.md index 2790046..4118dfd 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ helm install ldap ldap-stack/ldap-stack \ |-----------|-------------|---------| | `openldap.enabled` | Enable OpenLDAP | `true` | | `openldap.image.repository` | Image repository | `startcodex/openldap` | -| `openldap.image.tag` | Image tag | `2.0.0` | +| `openldap.image.tag` | Image tag | `2.1.0` | | `openldap.service.type` | Service type | `ClusterIP` | | `openldap.service.ldapPort` | LDAP port | `389` | | `openldap.service.ldapsPort` | LDAPS port | `636` | @@ -122,7 +122,7 @@ helm install ldap ldap-stack/ldap-stack \ |-----------|-------------|---------| | `phpldapadmin.enabled` | Enable phpLDAPadmin | `true` | | `phpldapadmin.service.type` | Service type | `ClusterIP` | -| `phpldapadmin.service.port` | Service port | `80` | +| `phpldapadmin.service.port` | Service port | `8080` | | `phpldapadmin.ingress.enabled` | Enable Ingress | `false` | ### Keycloak Parameters @@ -160,7 +160,7 @@ helm install ldap ldap-stack/ldap-stack \ ```bash # phpLDAPadmin -kubectl port-forward svc/-phpldapadmin 8080:80 +kubectl port-forward svc/-phpldapadmin 8080:8080 # Keycloak kubectl port-forward svc/-keycloak 8081:8080 diff --git a/templates/phpldapadmin-deployment.yaml b/templates/phpldapadmin-deployment.yaml index dbb4381..0405095 100644 --- a/templates/phpldapadmin-deployment.yaml +++ b/templates/phpldapadmin-deployment.yaml @@ -25,13 +25,15 @@ spec: imagePullPolicy: {{ .Values.phpldapadmin.image.pullPolicy }} ports: - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP env: - - name: PHPLDAPADMIN_LDAP_HOSTS + - name: LDAP_HOST value: {{ include "ldap-stack.openldap.fullname" . }} - - name: PHPLDAPADMIN_HTTPS - value: "false" + - name: LDAP_PORT + value: "389" + - name: APP_KEY + value: "base64:{{ randAlphaNum 32 | b64enc }}" livenessProbe: httpGet: path: / diff --git a/values.yaml b/values.yaml index b9f6b8f..70607d3 100644 --- a/values.yaml +++ b/values.yaml @@ -21,7 +21,7 @@ openldap: image: repository: startcodex/openldap - tag: "2.0.0" + tag: "2.1.0" pullPolicy: IfNotPresent # LDAP Configuration (REQUIRED - no defaults) @@ -145,14 +145,14 @@ phpldapadmin: enabled: true image: - repository: osixia/phpldapadmin + repository: phpldapadmin/phpldapadmin tag: "latest" pullPolicy: IfNotPresent # Service configuration service: type: ClusterIP # ClusterIP, NodePort, LoadBalancer - port: 80 + port: 8080 # NodePort settings (only when type: NodePort) nodePort: "" # e.g., 30080 # LoadBalancer settings (only when type: LoadBalancer)