81 lines
2.2 KiB
YAML
81 lines
2.2 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: lldap
|
|
namespace: lldap
|
|
labels:
|
|
app.kubernetes.io/name: lldap
|
|
app.kubernetes.io/instance: lldap
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: lldap
|
|
app.kubernetes.io/instance: lldap
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: lldap
|
|
app.kubernetes.io/instance: lldap
|
|
spec:
|
|
topologySpreadConstraints:
|
|
- maxSkew: 1
|
|
topologyKey: kubernetes.io/hostname
|
|
whenUnsatisfiable: DoNotSchedule
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: lldap
|
|
app.kubernetes.io/instance: lldap
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: lldap
|
|
image: lldap/lldap:2025-12-12-alpine-rootless
|
|
env:
|
|
- name: LLDAP_LDAP_BASE_DN
|
|
value: dc=huizinga,dc=dev
|
|
- name: LLDAP_LDAP_USER_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: credentials
|
|
key: admin-pass
|
|
- name: LLDAP_KEY_SEED
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: credentials
|
|
key: key-seed
|
|
- name: LLDAP_JWT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: credentials
|
|
key: jwt-secret
|
|
- name: LLDAP_DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: db-app
|
|
key: uri
|
|
- name: TZ
|
|
value: CET
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /app/lldap
|
|
- healthcheck
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 30
|
|
ports:
|
|
- name: ldap
|
|
containerPort: 3890
|
|
- name: web
|
|
containerPort: 17170
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
runAsNonRoot: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|