feat: Added lldap

apps/lldap/base/cluster.yaml

@@ -0,0 +1,10 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: db
+  namespace: lldap
+  # TODO: Add labels?
+spec:
+  storage:
+    size: 8Gi
+    storageClass: local-path

apps/lldap/base/deployment.yaml

@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lldap
+  namespace: lldap
+  labels:
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/instance: lldap
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: lldap
+      app.kubernetes.io/instance: lldap
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: lldap
+        app.kubernetes.io/instance: lldap
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: DoNotSchedule
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: lldap
+              app.kubernetes.io/instance: lldap
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: lldap
+          image: lldap/lldap:2025-12-12-alpine-rootless
+          env:
+            - name: LLDAP_LDAP_BASE_DN
+              value: dc=huizinga,dc=dev
+            - name: LLDAP_LDAP_USER_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: credentials
+                  key: admin-pass
+            - name: LLDAP_KEY_SEED
+              valueFrom:
+                secretKeyRef:
+                  name: credentials
+                  key: key-seed
+            - name: LLDAP_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: credentials
+                  key: jwt-secret
+            - name: LLDAP_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: db-app
+                  key: uri
+            - name: TZ
+              value: CET
+          livenessProbe:
+            exec:
+              command:
+                - /app/lldap
+                - healthcheck
+            initialDelaySeconds: 5
+            periodSeconds: 30
+          ports:
+            - name: ldap
+              containerPort: 3890
+            - name: web
+              containerPort: 17170
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL

apps/lldap/base/http-route.yaml

@@ -0,0 +1,13 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: lldap
+  namespace: lldap
+spec:
+  parentRefs:
+    - name: gateway
+      namespace: default
+  rules:
+    - backendRefs:
+        - name: lldap
+          port: 17170

apps/lldap/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - cluster.yaml
+  - deployment.yaml
+  - service.yaml
+  - http-route.yaml

apps/lldap/base/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: lldap

apps/lldap/base/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lldap
+  namespace: lldap
+  labels:
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/instance: lldap
+spec:
+  selector:
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/instance: lldap
+  ports:
+    - name: ldap
+      port: 3890
+      targetPort: ldap
+    - name: web
+      port: 17170
+      targetPort: web