# services/openldap/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: openldap
  namespace: sso
  labels:
    app: openldap
spec:
  serviceName: openldap
  replicas: 1
  selector:
    matchLabels:
      app: openldap
  template:
    metadata:
      labels:
        app: openldap
    spec:
      nodeSelector:
        kubernetes.io/arch: arm64
        node-role.kubernetes.io/worker: "true"
      containers:
        - name: openldap
          image: docker.io/osixia/openldap:1.5.0
          imagePullPolicy: IfNotPresent
          ports:
            - name: ldap
              containerPort: 389
            - name: ldaps
              containerPort: 636
          env:
            - name: LDAP_ORGANISATION
              value: Atlas
            - name: LDAP_DOMAIN
              value: bstein.dev
            - name: LDAP_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: openldap-admin
                  key: LDAP_ADMIN_PASSWORD
            - name: LDAP_CONFIG_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: openldap-admin
                  key: LDAP_CONFIG_PASSWORD
          readinessProbe:
            tcpSocket:
              port: ldap
            initialDelaySeconds: 10
            periodSeconds: 10
          livenessProbe:
            tcpSocket:
              port: ldap
            initialDelaySeconds: 30
            periodSeconds: 20
          volumeMounts:
            - name: ldap-data
              mountPath: /var/lib/ldap
            - name: slapd-config
              mountPath: /etc/ldap/slapd.d
  volumeClaimTemplates:
    - metadata:
        name: ldap-data
      spec:
        accessModes:
          - ReadWriteOnce
        storageClassName: astreae
        resources:
          requests:
            storage: 1Gi
    - metadata:
        name: slapd-config
      spec:
        accessModes:
          - ReadWriteOnce
        storageClassName: astreae
        resources:
          requests:
            storage: 1Gi