Reorganized lldap

infra/lldap/deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: lldap
+  name: lldap
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: lldap
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: lldap
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: DoNotSchedule
+          labelSelector:
+            matchLabels:
+              app: lldap
+      containers:
+        - env:
+            - name: GID
+              value: "1001"
+            - name: LLDAP_LDAP_BASE_DN
+              value: dc=huizinga,dc=dev
+            - name: LLDAP_LDAP_USER_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: lldap-credentials
+                  key: lldap-ldap-user-pass
+            - name: LLDAP_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: lldap-credentials
+                  key: lldap-jwt-secret
+            - name: LLDAP_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-app
+                  key: uri
+            - name: TZ
+              value: CET
+            - name: UID
+              value: "1001"
+          image: nitnelave/lldap:latest
+          name: lldap
+          ports:
+            - containerPort: 3890
+            - containerPort: 17170
+      restartPolicy: Always

infra/lldap/ingress-route.yaml

@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: lldap
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`users.${domain}`)
+      kind: Rule
+      services:
+        - name: lldap
+          port: 17170
+  tls:
+    secretName: ${domain//./-}-tls

infra/lldap/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: lldap
+resources:
+  - ./namespace.yaml
+  - ./secret-lldap-credentials.yaml
+  - ./deployment.yaml
+  - ./service.yaml
+  - ./ingress-route.yaml
+  - ../../common/postgres

infra/lldap/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: lldap

infra/lldap/secret-lldap-credentials.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: lldap-credentials
+type: Opaque
+data:
+    lldap-jwt-secret: ENC[AES256_GCM,data:099Cx7Wcf4yUmIE6npIiz7axzHyuHbbKpRII9pLqyY34FksvBPUy7XFJg4U=,iv:mHviMV32LkimVcUAEKJESBJHs/sH4UMARg0uA9DAyzs=,tag:YmczpX3ESNY87jG59SJfDA==,type:str]
+    lldap-ldap-user-pass: ENC[AES256_GCM,data:pldPC+/edFlkrobV+Gag4w==,iv:S+teTMFsodKzLCDEa2OjcKFI02gMYB6qZowRiQff4EQ=,tag:L12bhCKkQ713sCM2z76RZA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-06T23:49:59Z"
+    mac: ENC[AES256_GCM,data:ZOqHwRCaVup2NvSTgbE74T1tdCQl46pi3HSPCVGJBWpVTEdjjKs++X8g2EgXFPdJtOolhDrKYqx8EGpCeFXDdOvYolTfGNdTEMmddqeVAS9R/TBiga4HWM4cOu5utLSHgIFRVIrXvbcJzpR36zNy6qau9LStsaP4eXQ/U1Z+Ft8=,iv:j3aczsmvBge7i1AQZciVbSK6DU5wSkYamjpLhQYR5Zw=,tag:EZo+cThfGIiWkqGBA5JMow==,type:str]
+    pgp:
+        - created_at: "2024-11-14T23:59:47Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7pKPTYH5bqOARAAy0sTvrlpxosTb7LM+8tekjo4F+gcTC1WNRv2CY52vcWM
+            hBAiXr0jkO/Aes5I+KrMcA3SnsISxE3sKYQx3WNO9jHrdPGDRRBs784tIzdOc7wy
+            tx+4hmD9ufVL9WaFizJkCIgSX7PNkIBzHp0QwOmWqfdQeR31YS6ZUNIsVT4DdbBQ
+            le4IO8G65RssLvWxISBvHsXCDVnyUENoDW3RAD9kCkHH6CRLT0IyhdNRLulCLnEb
+            JukEZvMBJhOnK86M4NDeyw8ni0EpDtIvBa+sErGwhiS/981NI/5MxTwaOI22DIS0
+            wRYSLFnOEgclpI8Ydhhg6f6rm6RCBCrQk3lVt3p+dv4UChh6JwELBcaMd4/OpGe8
+            KAb607Ne0PcEiUf/DIPs/k6SaPOProrp5wh6L3JIDqbvDe8o6KjAAv7nPOyx5b3d
+            ibgeHH6N4bMq2OCn6wz6pWAJpCjWI+oJE03bBl+ktW5Un3XJJLqoN/hecfP6sQuY
+            rcuBdCyr5cRbPCV4oqyhUGIj1uwBrH8xnkFnIW3DJjgZGmem2vSSlkLsEaVtWt3p
+            WZayHq52HL+xscVjc2ROVQIRwERBt5Jl7FpRHd/InXi3QgByk408IKO8V09+Rxn0
+            uZsiZfwW/Kl0Qv37I8E0E5A8wR7m5eMvSgoFuYxwZirA+fdGUUDbPYbkZ3PxurXU
+            aAEJAhDbAASkSWMikZ+uU3a3TSWsx4nSTz/kg+ACWslXB9HA8mTf6c1GaKadaJZa
+            98dFlV+Asvr01fqfAh1ojhyLBH3O5glmF9kbGWMswqhZTin9/sEQhAm4Qaesrexc
+            u0uT6VhgM9bO
+            =7lYz
+            -----END PGP MESSAGE-----
+          fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
+        - created_at: "2024-11-14T23:59:47Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA51kG++kLewoARAAvbVzG8Ieo2WZtu6cGWIurq2Ga1bQpY41JS/k5ov1SrIE
+            6CxQbBLR4h9rZUqAxGNrMYSELj6JGv9ZN9EviMnG+J8NTC79ZpjLtIiCh4EjwbrK
+            rrfHW3P6s92jwKEUuqY/CCFrULDaWqSfgJkCtUnqdkWJDx0OYnFYLF7FuRNTsihx
+            FSZ+g4oa0WdlwMdClK7kzxxTHbCnjtlRgXYuPIYRxM4P3dwLKkH5X/+V+8aBmu/e
+            CYGDe6mg12VVtGYNd+JYtK80fGBQpaBtYXRcd2rjgSfv1BzhRP2dl+wqWetqfPMa
+            Fz3r6uYO896FFlHyYVAVDlXgnVO43qy+ksrDdwAzrNWzqcL4PTAtMVgitFLogsXe
+            uMwPO1CVTHaplzJphX0vOHZzSrna/c/GTuXGI5rBVJ24hwCjJ5JUQzfLcYhlzhNw
+            VPYpMLyUpfozwteYOBxtk6pa80Dl4q1KCUMtRZweP1O8oIuVnQYGx7ZFtC6zjpWg
+            LUxayJkmttCXgw6/ciwDW1zoVWlogYJsPeqR13UGkQFavZVU7KmaQjMDi09g3V4W
+            pwGnne5fukA1H9JhV8wfViK4tsE82DB4+Z7ttMI99wyr4Qsy5dVYTHjQrdgZ/XyX
+            s8GySe1o1b7Fo3MoXYo6NnMppJCQZ2qNlddP7UzqKa2nOgRm6bzNa0Ob3cNCNCPS
+            XgFLCSDziuYGYEFScAE+qjrSK0YjHibu6FL4YC+SVY9mrGEIoI0nkJwcdLtDxuy4
+            +w+t2muI4QJ0N5cAKMqPLJu2bhoWm7px1SPKtkqdUHpihVZxAjUrmyuKexyncmc=
+            =6Xk0
+            -----END PGP MESSAGE-----
+          fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1

infra/lldap/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lldap
+spec:
+  ports:
+    - name: "3890"
+      port: 3890
+      targetPort: 3890
+    - name: "17170"
+      port: 17170
+      targetPort: 17170
+  selector:
+    app: lldap