# services/openldap/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: openldap namespace: sso labels: app: openldap spec: serviceName: openldap replicas: 1 selector: matchLabels: app: openldap template: metadata: labels: app: openldap annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "sso" vault.hashicorp.com/agent-inject-secret-openldap-env: "kv/data/atlas/sso/openldap-admin" vault.hashicorp.com/agent-inject-template-openldap-env: | {{- with secret "kv/data/atlas/sso/openldap-admin" -}} export LDAP_ADMIN_PASSWORD="{{ .Data.data.LDAP_ADMIN_PASSWORD }}" export LDAP_CONFIG_PASSWORD="{{ .Data.data.LDAP_CONFIG_PASSWORD }}" {{- end -}} spec: nodeSelector: kubernetes.io/arch: arm64 node-role.kubernetes.io/worker: "true" serviceAccountName: sso-vault containers: - name: openldap image: docker.io/osixia/openldap:1.5.0 imagePullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: - | set -eu . /vault/secrets/openldap-env exec /usr/bin/python3 -u /container/tool/run ports: - name: ldap containerPort: 389 - name: ldaps containerPort: 636 env: - name: LDAP_ORGANISATION value: Atlas - name: LDAP_DOMAIN value: bstein.dev readinessProbe: tcpSocket: port: ldap initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: tcpSocket: port: ldap initialDelaySeconds: 30 periodSeconds: 20 volumeMounts: - name: ldap-data mountPath: /var/lib/ldap - name: slapd-config mountPath: /etc/ldap/slapd.d volumeClaimTemplates: - metadata: name: ldap-data spec: accessModes: - ReadWriteOnce storageClassName: astreae resources: requests: storage: 1Gi - metadata: name: slapd-config spec: accessModes: - ReadWriteOnce storageClassName: astreae resources: requests: storage: 1Gi