sso(openldap): fix bootstrap ldif mount

2026-01-01 11:47:47 -03:00 · 2026-01-01 11:47:47 -03:00 · a4bcaf8912
commit a4bcaf8912
parent 9c6889440c
1 changed files with 22 additions and 2 deletions
--- a/services/openldap/statefulset.yaml
+++ b/services/openldap/statefulset.yaml
@ -20,6 +20,25 @@ spec:
      nodeSelector:
        kubernetes.io/arch: arm64
        node-role.kubernetes.io/worker: "true"
+      initContainers:
+        - name: copy-bootstrap-ldif
+          image: docker.io/library/alpine:3.20
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -euxo pipefail
+              cp -a /bootstrap-src/. /bootstrap-dst/
+              chmod -R 0644 /bootstrap-dst || true
+          volumeMounts:
+            - name: bootstrap-src
+              mountPath: /bootstrap-src
+              readOnly: true
+            - name: bootstrap-ldif
+              mountPath: /bootstrap-dst
      containers:
        - name: openldap
          image: docker.io/osixia/openldap:1.5.0
@ -61,11 +80,12 @@ spec:
              mountPath: /etc/ldap/slapd.d
            - name: bootstrap-ldif
              mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom
-              readOnly: true
      volumes:
-        - name: bootstrap-ldif
+        - name: bootstrap-src
          configMap:
            name: openldap-bootstrap
+        - name: bootstrap-ldif
+          emptyDir: {}
  volumeClaimTemplates:
    - metadata:
        name: ldap-data