apiVersion: apps/v1 kind: Deployment metadata: name: "{{ tpl .Values.identifier . }}" labels: app: openldap spec: replicas: 1 strategy: # Delete old pod before starting the new one - slapd doesn't react well # with two instances hitting the same database. type: "Recreate" selector: matchLabels: app: "{{ tpl .Values.identifier . }}-openldap" template: metadata: labels: app: "{{ tpl .Values.identifier . }}-openldap" spec: initContainers: - name: wait-for-cert image: busybox command: - "sh" - "-c" - "until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done" volumeMounts: - name: "{{ tpl .Values.identifier . }}-letsencrypt-certs" mountPath: /etc/letsencrypt containers: - name: "openldap" image: "ungleich/openldap:{{ .Chart.AppVersion }}" args: ["--loglevel", "trace"] ports: - name: ldap containerPort: 389 protocol: TCP - name: ldaps containerPort: 636 protocol: TCP livenessProbe: tcpSocket: port: 389 initialDelaySeconds: 10 periodSeconds: 10 readinessProbe: tcpSocket: port: 389 initialDelaySeconds: 10 periodSeconds: 10 env: - name: HOSTNAME value: "{{ tpl .Values.fqdn . }}" - name: LDAP_LOG_LEVEL value: "{{ tpl .Values.ldap.logLevel . }}" - name: LDAP_ORGANISATION value: "{{ tpl .Values.ldap.organisation . }}" - name: LDAP_DOMAIN value: "{{ tpl .Values.ldap.domain . }}" - name: LDAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: "{{ tpl .Values.ldap.adminPasswordSecretRef . }}" key: "{{ tpl .Values.ldap.adminPasswordSecretKey . }}" - name: LDAP_CONFIG_PASSWORD valueFrom: secretKeyRef: name: "{{ tpl .Values.ldap.adminPasswordSecretRef . }}" key: "{{ tpl .Values.ldap.adminPasswordSecretKey . }}" - name: LDAP_TLS_CRT_FILENAME value: "live/{{ tpl .Values.fqdn . }}/cert.pem" - name: LDAP_TLS_KEY_FILENAME value: "live/{{ tpl .Values.fqdn . }}/privkey.pem" - name: LDAP_TLS_CA_CRT_FILENAME value: "live/{{ tpl .Values.fqdn . }}/fullchain.pem" - name: LDAP_TLS_VERIFY_CLIENT value: "try" - name: LDAP_REPLICATION value: "{{ .Values.ldap.enableReplication }}" - name: LDAP_REPLICATION_HOSTS value: "{{ tpl .Values.ldap.replicationHosts . }}" - name: LDAP_REPLICATION_CONFIG_SYNCPROV value: "{{ tpl .Values.ldap.replicationConfigSyncprov . }}" - name: LDAP_REPLICATION_DB_SYNCPROV value: "{{ tpl .Values.ldap.replicationDbSyncprov . }}" volumeMounts: - name: "{{ tpl .Values.identifier . }}-openldap-data" mountPath: "/etc/ldap/slapd.d" subPath: configuration - name: "{{ tpl .Values.identifier . }}-openldap-data" mountPath: "/var/lib/ldap" subPath: database - name: "{{ tpl .Values.identifier . }}-letsencrypt-certs" mountPath: /container/service/slapd/assets/certs volumes: - name: "{{ tpl .Values.identifier . }}-openldap-data" persistentVolumeClaim: claimName: "{{ tpl .Values.identifier . }}-openldap-data" - name: "{{ tpl .Values.identifier . }}-letsencrypt-certs" persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs --- apiVersion: batch/v1 kind: Job metadata: name: {{ tpl .Values.identifier . }}-getcert spec: template: metadata: labels: app: {{ tpl .Values.identifier . }}-openldap spec: restartPolicy: Never containers: - name: certbot image: ungleich/ungleich-certbot ports: - containerPort: 80 env: - name: ONLYGETCERT value: "yes" - name: DOMAIN value: "{{ tpl .Values.fqdn . }}" - name: EMAIL value: "{{ .Values.letsencryptEmail }}" {{ if not .Values.letsencryptStaging }} - name: STAGING value: "no" {{ end }} volumeMounts: - name: "{{ tpl .Values.identifier . }}-letsencrypt-certs" mountPath: /etc/letsencrypt volumes: - name: "{{ tpl .Values.identifier . }}-letsencrypt-certs" persistentVolumeClaim: claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs backoffLimit: 3