# services/openldap/bootstrap-job.yaml apiVersion: batch/v1 kind: Job metadata: name: openldap-bootstrap-1 namespace: sso spec: backoffLimit: 3 template: spec: restartPolicy: OnFailure nodeSelector: kubernetes.io/arch: arm64 node-role.kubernetes.io/worker: "true" containers: - name: bootstrap image: docker.io/osixia/openldap:1.5.0 imagePullPolicy: IfNotPresent env: - name: LDAP_DOMAIN value: bstein.dev - name: LDAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: openldap-admin key: LDAP_ADMIN_PASSWORD command: ["/bin/sh", "-c"] args: - | set -euo pipefail domain="${LDAP_DOMAIN}" base_dn="$(printf '%s' "${domain}" | awk -F. '{for (i=1;i<=NF;i++) printf("%sdc=%s", (i==1?"":","), $i)}')" admin_dn="cn=admin,${base_dn}" ldap_uri="ldap://openldap.sso.svc.cluster.local:389" echo "Waiting for OpenLDAP..." for i in $(seq 1 60); do if ldapsearch -x -H "${ldap_uri}" -b "${base_dn}" -s base '(objectClass=*)' dn >/dev/null 2>&1; then break fi sleep 2 done ensure_ou() { local ou_name="${1}" local ou_dn="ou=${ou_name},${base_dn}" if ldapsearch -x -H "${ldap_uri}" -D "${admin_dn}" -w "${LDAP_ADMIN_PASSWORD}" -b "${ou_dn}" -s base '(objectClass=organizationalUnit)' dn >/dev/null 2>&1; then echo "OU ${ou_name} exists" return 0 fi echo "Creating OU ${ou_name}" cat <