From 3b003eafce7f23be4405262a5815fadedd6f4a3d Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Tue, 18 Mar 2025 02:24:01 +0100
Subject: [PATCH] Added Kubernetes manifests

---
 manifests/cluster-role-binding.yaml | 11 +++++++
 manifests/cluster-role.yaml         | 25 ++++++++++++++++
 manifests/deployment.yaml           | 45 +++++++++++++++++++++++++++++
 manifests/kustomization.yaml        |  8 +++++
 manifests/service-account.yaml      |  8 +++++
 5 files changed, 97 insertions(+)
 create mode 100644 manifests/cluster-role-binding.yaml
 create mode 100644 manifests/cluster-role.yaml
 create mode 100644 manifests/deployment.yaml
 create mode 100644 manifests/kustomization.yaml
 create mode 100644 manifests/service-account.yaml

diff --git a/manifests/cluster-role-binding.yaml b/manifests/cluster-role-binding.yaml
new file mode 100644
index 0000000..b921484
--- /dev/null
+++ b/manifests/cluster-role-binding.yaml
@@ -0,0 +1,11 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: lldap-controller
+subjects:
+  - kind: ServiceAccount
+    name: lldap-controller
+roleRef:
+  kind: ClusterRole
+  name: lldap-controller
+  apiGroup: rbac.authorization.k8s.io
diff --git a/manifests/cluster-role.yaml b/manifests/cluster-role.yaml
new file mode 100644
index 0000000..2c11ad8
--- /dev/null
+++ b/manifests/cluster-role.yaml
@@ -0,0 +1,25 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: lldap-controller
+rules:
+  - apiGroups:
+      - lldap.huizinga.dev
+    resources:
+      - serviceusers
+      - serviceusers/status
+      - serviceusers/finalizers
+    verbs:
+      - "*"
+  - apiGroups:
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - "*"
diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml
new file mode 100644
index 0000000..7b63296
--- /dev/null
+++ b/manifests/deployment.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lldap-controller
+  labels:
+    app: lldap-controller
+    app.kubernetes.io/name: lldap-controller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: lldap-controller
+  template:
+    metadata:
+      labels:
+        app: lldap-controller
+      annotations:
+        kubectl.kubernetes.io/default-container: lldap-controller
+    spec:
+      serviceAccountName: lldap-controller
+      securityContext: {}
+      containers:
+        - name: lldap-controller
+          image: git.huizinga.dev/dreaded_x/lldap-controller:sha-${SHA_SHORT}
+          imagePullPolicy: IfNotPresent
+          securityContext: {}
+          resources:
+            limits:
+              cpu: 200m
+              memory: 256Mi
+            requests:
+              cpu: 50m
+              memory: 100Mi
+          env:
+            - name: RUST_LOG
+              value: info,lldap_controller=debug
+            - name: LLDAP_URL
+              value: "http://lldap:17170"
+            - name: LLDAP_USERNAME
+              value: admin
+            - name: LLDAP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: lldap-credentials
+                  key: lldap-ldap-user-pass
diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml
new file mode 100644
index 0000000..c40ff6d
--- /dev/null
+++ b/manifests/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: lldap
+resources:
+  - ./service-account.yaml
+  - ./cluster-role.yaml
+  - ./cluster-role-binding.yaml
+  - ./deployment.yaml
diff --git a/manifests/service-account.yaml b/manifests/service-account.yaml
new file mode 100644
index 0000000..45cca68
--- /dev/null
+++ b/manifests/service-account.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: lldap-controller
+  labels:
+    app: lldap-controller
+    app.kubernetes.io/name: lldap-controller
+automountServiceAccountToken: true