Allow to extend StatefulSet with initContainers and/or sidecars

[fkalinowski]

Hi,

Problem description

I've configured the OpenLDAP overlay Audit Logging see [OpenLDAP Software 2.4 Administrator's Guide

12.2. Audit Logging](https://www.openldap.org/doc/admin24/overlays.html) so that now all my audit events are written into a specific file. Now I would like to export the content of this audit log file to a remote destination (in my case my ELK stack).

Moreover, since the main slapd process is launched with a non root user (which is fine) the process has no permission to write into the /var/log folder.

Expected solution

It would be very convenient if I could add some extra containers to the Pod template of the StatefulSet. For example, Helm Charts provided by Bitnami always have the ability to declare some (extra) sidecars and initContainers next to the default ones.

With such a feature I could declare an initContainer to set the right permissions to write the auditlog file and also a sidecar to run the necessary logic to export its content at a remote destination.

[jp-gouin]

Hi @fkalinowski , I’m currently refractoring the chart using Bitnami standards 😉 You can track progress here https://github.com/jp-gouin/helm-openldap/tree/refractor-chart

[fkalinowski]

Hi @jp-gouin,

Thanks for your feedback.

In the same order, to align with bitnami best practices, I would also opt for SOFT vs HARD anti-affinity presets as explained in https://docs.bitnami.com/tutorials/assign-pod-nodes-helm-affinity-rules/ wich allow to respectively switch between preferedDuringSchedulingIgnoredDuringExecution vs requiredDuringSchedulingIgnoredDuringExecution see https://github.com/bitnami/charts/blob/66edf04e3e244c343a845f9c684edf4c8ea04406/bitnami/common/templates/_affinities.tpl.

Indeed for testing purpose (with single node cluster) it can be useful to have 3 openLDAP instances collocated on the same node.

[jp-gouin]

Please see the new version of the chart and the refractoring