From d70b685f2794564086f9ffc5c5f0fe6980b8b9b7 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Fri, 2 Jan 2026 13:50:02 -0300
Subject: [PATCH] sso: remove openldap bootstrap job

---
 services/openldap/bootstrap-job.yaml | 69 ----------------------------
 services/openldap/kustomization.yaml |  1 -
 2 files changed, 70 deletions(-)
 delete mode 100644 services/openldap/bootstrap-job.yaml

diff --git a/services/openldap/bootstrap-job.yaml b/services/openldap/bootstrap-job.yaml
deleted file mode 100644
index bbfaf5f..0000000
--- a/services/openldap/bootstrap-job.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
-# services/openldap/bootstrap-job.yaml
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: openldap-bootstrap-3
-  namespace: sso
-spec:
-  backoffLimit: 3
-  template:
-    spec:
-      restartPolicy: OnFailure
-      nodeSelector:
-        kubernetes.io/arch: arm64
-        node-role.kubernetes.io/worker: "true"
-      containers:
-        - name: bootstrap
-          image: docker.io/osixia/openldap:1.5.0
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: LDAP_DOMAIN
-              value: bstein.dev
-            - name: LDAP_ADMIN_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: openldap-admin
-                  key: LDAP_ADMIN_PASSWORD
-          command: ["/bin/sh", "-c"]
-          args:
-            - |
-              set -eu
-
-              base_dn="dc=bstein,dc=dev"
-              admin_dn="cn=admin,${base_dn}"
-              ldap_uri="ldap://openldap-0.openldap.sso.svc.cluster.local:389"
-
-              echo "Waiting for OpenLDAP..."
-              i=0
-              while [ "${i}" -lt 60 ]; do
-                if ldapsearch -x -H "${ldap_uri}" -b "${base_dn}" -s base '(objectClass=*)' dn >/dev/null 2>&1; then
-                  echo "OpenLDAP is ready"
-                  break
-                fi
-                sleep 2
-                i=$((i+1))
-              done
-              if ! ldapsearch -x -H "${ldap_uri}" -b "${base_dn}" -s base '(objectClass=*)' dn >/dev/null 2>&1; then
-                echo "OpenLDAP did not become ready in time" >&2
-                exit 1
-              fi
-
-              ensure_ou() {
-                ou_name="${1}"
-                ou_dn="ou=${ou_name},${base_dn}"
-
-                if ldapsearch -x -H "${ldap_uri}" -D "${admin_dn}" -w "${LDAP_ADMIN_PASSWORD}" -b "${ou_dn}" -s base '(objectClass=organizationalUnit)' dn >/dev/null 2>&1; then
-                  echo "OU ${ou_name} exists"
-                  return 0
-                fi
-
-                echo "Creating OU ${ou_name}"
-                cat <<EOF | ldapadd -x -H "${ldap_uri}" -D "${admin_dn}" -w "${LDAP_ADMIN_PASSWORD}"
-              dn: ${ou_dn}
-              objectClass: organizationalUnit
-              ou: ${ou_name}
-              EOF
-              }
-
-              ensure_ou users
-              ensure_ou groups
diff --git a/services/openldap/kustomization.yaml b/services/openldap/kustomization.yaml
index c161661..798f7e8 100644
--- a/services/openldap/kustomization.yaml
+++ b/services/openldap/kustomization.yaml
@@ -5,4 +5,3 @@ namespace: sso
 resources:
   - service.yaml
   - statefulset.yaml
-  - bootstrap-job.yaml