apiVersion: apps/v1 kind: Deployment metadata: name: lldap namespace: lldap labels: app.kubernetes.io/name: lldap app.kubernetes.io/instance: lldap spec: selector: matchLabels: app.kubernetes.io/name: lldap app.kubernetes.io/instance: lldap template: metadata: labels: app.kubernetes.io/name: lldap app.kubernetes.io/instance: lldap spec: topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app.kubernetes.io/name: lldap app.kubernetes.io/instance: lldap securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: lldap image: lldap/lldap:2025-12-12-alpine-rootless env: - name: LLDAP_LDAP_BASE_DN value: dc=huizinga,dc=dev - name: LLDAP_LDAP_USER_PASS valueFrom: secretKeyRef: name: credentials key: admin-pass - name: LLDAP_KEY_SEED valueFrom: secretKeyRef: name: credentials key: key-seed - name: LLDAP_JWT_SECRET valueFrom: secretKeyRef: name: credentials key: jwt-secret - name: LLDAP_DATABASE_URL valueFrom: secretKeyRef: name: db-app key: uri - name: TZ value: CET livenessProbe: exec: command: - /app/lldap - healthcheck initialDelaySeconds: 5 periodSeconds: 30 ports: - name: ldap containerPort: 3890 - name: web containerPort: 17170 securityContext: allowPrivilegeEscalation: false runAsNonRoot: true capabilities: drop: - ALL