infra/foundation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Added lldap
Some checks failed
kustomization/flux-system/fffa8587 reconciliation succeeded
kustomization/cilium/fffa8587 reconciliation succeeded
kustomization/cilium-config/fffa8587 reconciliation succeeded
kustomization/lldap/fffa8587 health check failed
kustomization/reflector/fffa8587 health check failed

Browse Source
This commit is contained in:
Dreaded_X
2025-12-17 01:56:24 +01:00
parent 258eefe675
commit 548d382a3f
22 changed files with 398 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apps/lldap/base/cluster.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: lldap-db
namespace: lldap
# TODO: Add labels?
spec:
storage:
size: 8Gi
storageClass: local-path
plugins:
- name: barman-cloud.cloudnative-pg.io
isWALArchiver: true
parameters:
barmanObjectName: garage-store

80
apps/lldap/base/deployment.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: lldap
namespace: lldap
labels:
app.kubernetes.io/name: lldap
app.kubernetes.io/instance: lldap
spec:
selector:
matchLabels:
app.kubernetes.io/name: lldap
app.kubernetes.io/instance: lldap
template:
metadata:
labels:
app.kubernetes.io/name: lldap
app.kubernetes.io/instance: lldap
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: lldap
app.kubernetes.io/instance: lldap
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: lldap
image: lldap/lldap:2025-12-12-alpine-rootless
env:
- name: LLDAP_LDAP_BASE_DN
value: dc=huizinga,dc=dev
- name: LLDAP_LDAP_USER_PASS
valueFrom:
secretKeyRef:
name: credentials
key: admin-pass
- name: LLDAP_KEY_SEED
valueFrom:
secretKeyRef:
name: credentials
key: key-seed
- name: LLDAP_JWT_SECRET
valueFrom:
secretKeyRef:
name: credentials
key: jwt-secret
- name: LLDAP_DATABASE_URL
valueFrom:
secretKeyRef:
name: lldap-db-app
key: uri
- name: TZ
value: CET
livenessProbe:
exec:
command:
- /app/lldap
- healthcheck
initialDelaySeconds: 5
periodSeconds: 30
ports:
- name: ldap
containerPort: 3890
- name: web
containerPort: 17170
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
capabilities:
drop:
- ALL

13
apps/lldap/base/http-route.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: lldap
namespace: lldap
spec:
parentRefs:
- name: gateway
namespace: default
rules:
- backendRefs:
- name: lldap
port: 17170

11
apps/lldap/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- cluster.yaml
- schedule-backup.yaml
- deployment.yaml
- service.yaml
- http-route.yaml
- secret-s3-garage.yaml
- object-store.yaml

4
apps/lldap/base/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: lldap

18
apps/lldap/base/object-store.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: barmancloud.cnpg.io/v1
kind: ObjectStore
metadata:
name: garage-store
namespace: lldap
spec:
configuration:
destinationPath: s3://cnpg-backup/
endpointURL: http://192.178.1.1:3900
s3Credentials:
accessKeyId:
name: s3-garage
key: ACCESS_KEY_ID
secretAccessKey:
name: s3-garage
key: ACCESS_SECRET_KEY
wal:
compression: gzip

13
apps/lldap/base/schedule-backup.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: daily-backup
namespace: lldap
spec:
schedule: "0 0 0 * * *"
backupOwnerReference: self
method: plugin
pluginConfiguration:
name: barman-cloud.cloudnative-pg.io
cluster:
name: db

9
apps/lldap/base/secret-s3-garage.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: s3-garage
namespace: cnpg-system
annotations:
reflector.v1.k8s.emberstack.com/reflects: "cnpg-system/s3-garage"
type: Opaque
data: {}

19
apps/lldap/base/service.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: lldap
namespace: lldap
labels:
app.kubernetes.io/name: lldap
app.kubernetes.io/instance: lldap
spec:
selector:
app.kubernetes.io/name: lldap
app.kubernetes.io/instance: lldap
ports:
- name: ldap
port: 3890
targetPort: ldap
- name: web
port: 17170
targetPort: web