# services/openldap/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: openldap namespace: sso labels: app: openldap spec: serviceName: openldap replicas: 1 selector: matchLabels: app: openldap template: metadata: labels: app: openldap spec: nodeSelector: kubernetes.io/arch: arm64 node-role.kubernetes.io/worker: "true" initContainers: - name: copy-bootstrap-ldif image: docker.io/library/alpine:3.20 securityContext: runAsUser: 0 runAsGroup: 0 command: - /bin/sh - -c - | set -euxo pipefail cp -a /bootstrap-src/. /bootstrap-dst/ chmod -R 0644 /bootstrap-dst || true volumeMounts: - name: bootstrap-src mountPath: /bootstrap-src readOnly: true - name: bootstrap-ldif mountPath: /bootstrap-dst containers: - name: openldap image: docker.io/osixia/openldap:1.5.0 imagePullPolicy: IfNotPresent ports: - name: ldap containerPort: 389 - name: ldaps containerPort: 636 env: - name: LDAP_ORGANISATION value: Atlas - name: LDAP_DOMAIN value: bstein.dev - name: LDAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: openldap-admin key: LDAP_ADMIN_PASSWORD - name: LDAP_CONFIG_PASSWORD valueFrom: secretKeyRef: name: openldap-admin key: LDAP_CONFIG_PASSWORD readinessProbe: tcpSocket: port: ldap initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: tcpSocket: port: ldap initialDelaySeconds: 30 periodSeconds: 20 volumeMounts: - name: ldap-data mountPath: /var/lib/ldap - name: slapd-config mountPath: /etc/ldap/slapd.d - name: bootstrap-ldif mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom volumes: - name: bootstrap-src configMap: name: openldap-bootstrap - name: bootstrap-ldif emptyDir: {} volumeClaimTemplates: - metadata: name: ldap-data spec: accessModes: - ReadWriteOnce storageClassName: astreae resources: requests: storage: 1Gi - metadata: name: slapd-config spec: accessModes: - ReadWriteOnce storageClassName: astreae resources: requests: storage: 1Gi