Here are the deployment steps required to use Code Dx with LDAP:
Note: If you're using a GitOps deployment, refer to these LDAP instructions.
- Complete the guided setup to determine the setup command(s) for deploying Code Dx on your Kubernetes cluster. End the guided setup by using one of the options to save your setup command to a file.
Note: If you're planning to use LDAPS and your LDAP server uses either a self-signed certificate or a certificate issued by a CA other than a well-known one, you must select a custom cacerts file and add the certificate for your LDAP server.
- Create a file named
codedx-ldap-creds-propsand add your LDAP codedx.props values. For example, you can set the LDAP URL, systemUsername, systemPassword, and authenticationMechanism by adding these values to yourcodedx-ldap-creds-propsfile:
auth.ldap.url = ldap://10.0.1.27
auth.ldap.systemUsername = CN=Code Dx Service Account,CN=Managed Service Accounts,DC=dc,DC=codedx,DC=local
auth.ldap.systemPassword = ************
auth.ldap.authenticationMechanism = simple
Note: If you're planning to use LDAPS, switch
ldap://toldaps://.
- If necessary, pre-create the Kubernetes Code Dx namespace you specified during the guided setup. This will be the value of the
-namespaceCodeDxsetup.ps1 parameter. For example, to create the cdx-app namespace, run this command:
kubectl create ns cdx-app
- Generate a Kubernetes secret named
codedx-ldapin the Code Dx namespace. For example, if your Code Dx namespace is cdx-app, run the following command (otherwise, replace cdx-app with your Code Dx namespace):
kubectl -n cdx-app create secret generic codedx-ldap --from-file=codedx-ldap-creds-props
- Open your
codedx-extra-props.yamlfile and merge the following content after specifying your own userSearchTemplate value. If you do not yet have acodedx-extra-props.yamlfile, create a new one and add the following content after specifying your own userSearchTemplate value.
Note: You can use multiple
codedx-extra-props.yamlfiles, but avoid specifying overlapping configuration that could get lost at install-time. For example, do not specify codedxProps.extra sections in multiple files.
# set ldap/ldaps to false when not using network policies
networkPolicy:
codedx:
ldap: true
ldaps: true
codedxProps:
extra:
- type: secret
name: codedx-ldap
key: codedx-ldap-creds-props
# Add some less-sensitive config in the chart itself for easier configuration
- type: values
key: codedx-ldap-props
values:
- "auth.ldap.userSearchTemplate = cn={0},cn=Users,dc=dc,dc=codedx,dc=local"
Note: Use spaces for the indents shown above. Indenting with tab characters will cause a failure at install-time.
- Locate the run-setup.ps1 file generated by guided-setup.ps1 and make a copy named run-setup-custom.ps1. Edit run-setup-custom.ps1 by appending the following parameter to the setup.ps1 command line, specifying the path to your codedx-extra-props.yaml file:
-extraCodeDxValuesPaths '/path/to/codedx-extra-props.yaml'
- Follow the instructions provided at the end of guided-setup.ps1, but replace the run-setup.ps1 reference with run-setup-custom.ps1:
pwsh "/path/to/run-prereqs.ps1"
pwsh "/path/to/run-setup-custom.ps1"
Note: You will have a run-prereqs.ps1 file if you selected the Save command with Kubernetes secret(s) option when saving your setup command.