ungleich-public/ungleich-k8s
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ungleich-k8s/apps/fnux-playground/openldap/templates/deployment.yaml

138 lines
4.9 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ tpl .Values.identifier . }}"
labels:
app: openldap
spec:
replicas: 1
strategy:
# Delete old pod before starting the new one - slapd doesn't react well
# with two instances hitting the same database.
type: "Recreate"
selector:
matchLabels:
app: "{{ tpl .Values.identifier . }}-openldap"
template:
metadata:
labels:
app: "{{ tpl .Values.identifier . }}-openldap"
spec:
initContainers:
- name: wait-for-cert
image: busybox
command:
- "sh"
- "-c"
- "until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 5; done"
volumeMounts:
- name: "{{ tpl .Values.identifier . }}-letsencrypt-certs"
mountPath: /etc/letsencrypt
containers:
- name: "openldap"
image: "ungleich/openldap:{{ .Chart.AppVersion }}"
args: ["--loglevel", "trace"]
ports:
- name: ldap
containerPort: 389
protocol: TCP
- name: ldaps
containerPort: 636
protocol: TCP
livenessProbe:
tcpSocket:
port: 389
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 389
initialDelaySeconds: 10
periodSeconds: 10
env:
- name: HOSTNAME
value: "{{ tpl .Values.fqdn . }}"
- name: LDAP_LOG_LEVEL
value: "{{ tpl .Values.ldap.logLevel . }}"
- name: LDAP_ORGANISATION
value: "{{ tpl .Values.ldap.organisation . }}"
- name: LDAP_DOMAIN
value: "{{ tpl .Values.ldap.domain . }}"
- name: LDAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl .Values.ldap.adminPasswordSecretRef . }}"
key: "{{ tpl .Values.ldap.adminPasswordSecretKey . }}"
- name: LDAP_CONFIG_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl .Values.ldap.adminPasswordSecretRef . }}"
key: "{{ tpl .Values.ldap.adminPasswordSecretKey . }}"
- name: LDAP_TLS_CRT_FILENAME
value: "live/{{ tpl .Values.fqdn . }}/cert.pem"
- name: LDAP_TLS_KEY_FILENAME
value: "live/{{ tpl .Values.fqdn . }}/privkey.pem"
- name: LDAP_TLS_CA_CRT_FILENAME
value: "live/{{ tpl .Values.fqdn . }}/fullchain.pem"
- name: LDAP_TLS_VERIFY_CLIENT
value: "try"
- name: LDAP_REPLICATION
value: "{{ .Values.ldap.enableReplication }}"
- name: LDAP_REPLICATION_HOSTS
value: "{{ tpl .Values.ldap.replicationHosts . }}"
- name: LDAP_REPLICATION_CONFIG_SYNCPROV
value: "{{ tpl .Values.ldap.replicationConfigSyncprov . }}"
- name: LDAP_REPLICATION_DB_SYNCPROV
value: "{{ tpl .Values.ldap.replicationDbSyncprov . }}"
volumeMounts:
- name: "{{ tpl .Values.identifier . }}-openldap-data"
mountPath: "/etc/ldap/slapd.d"
subPath: configuration
- name: "{{ tpl .Values.identifier . }}-openldap-data"
mountPath: "/var/lib/ldap"
subPath: database
- name: "{{ tpl .Values.identifier . }}-letsencrypt-certs"
mountPath: /container/service/slapd/assets/certs
volumes:
- name: "{{ tpl .Values.identifier . }}-openldap-data"
persistentVolumeClaim:
claimName: "{{ tpl .Values.identifier . }}-openldap-data"
- name: "{{ tpl .Values.identifier . }}-letsencrypt-certs"
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ tpl .Values.identifier . }}-getcert
spec:
template:
metadata:
labels:
app: {{ tpl .Values.identifier . }}-openldap
spec:
restartPolicy: Never
containers:
- name: certbot
image: ungleich/ungleich-certbot
ports:
- containerPort: 80
env:
- name: ONLYGETCERT
value: "yes"
- name: DOMAIN
value: "{{ tpl .Values.fqdn . }}"
- name: EMAIL
value: "{{ .Values.letsencryptEmail }}"
{{ if not .Values.letsencryptStaging }}
- name: STAGING
value: "no"
{{ end }}
volumeMounts:
- name: "{{ tpl .Values.identifier . }}-letsencrypt-certs"
mountPath: /etc/letsencrypt
volumes:
- name: "{{ tpl .Values.identifier . }}-letsencrypt-certs"
persistentVolumeClaim:
claimName: {{ tpl .Values.identifier . }}-letsencrypt-certs
backoffLimit: 3
Reference in a new issue View git blame Copy permalink