{{- if .Values.ldapUserManager.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ldap-user-manager
name: {{ .Release.Name }}-ldap-user-manager
spec:
replicas: 1
selector:
matchLabels:
app: ldap-user-manager
strategy: {}
template:
metadata:
labels:
app: ldap-user-manager
spec:
containers:
- image: wheelybird/ldap-user-manager:v1.8
name: ldap-user-manager
env:
- name: SERVER_HOSTNAME
value: "{{ .Values.ldapUserManager.env.SERVER_HOSTNAME }}"
- name: LDAP_URI
value: "ldap://{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local"
- name: LDAP_BASE_DN
value: "{{ .Values.ldapUserManager.env.LDAP_BASE_DN }}"
- name: LDAP_REQUIRE_STARTTLS
value: "{{ .Values.ldapUserManager.env.LDAP_REQUIRE_STARTTLS }}"
- name: LDAP_ADMINS_GROUP
value: "{{ .Values.ldapUserManager.env.LDAP_ADMINS_GROUP }}"
- name: LDAP_ADMIN_BIND_DN
value: "{{ .Values.ldapUserManager.env.LDAP_ADMIN_BIND_DN }}"
- name: LDAP_ADMIN_BIND_PWD
value: "{{ .Values.ldapUserManager.env.LDAP_ADMIN_BIND_PWD }}"
- name: LDAP_IGNORE_CERT_ERRORS
value: "{{ .Values.ldapUserManager.env.LDAP_IGNORE_CERT_ERRORS }}"
- name: NO_HTTPS
value: "{{ .Values.ldapUserManager.env.NO_HTTPS }}"
- name: EMAIL_DOMAIN
value: "{{ .Values.ldapUserManager.env.EMAIL_DOMAIN }}"
- name: ORGANISATION_NAME
value: "{{ .Values.ldapUserManager.env.ORGANISATION_NAME }}"
- name: LDAP_USER_OU
value: "{{ .Values.ldapUserManager.env.LDAP_USER_OU }}"
- name: LDAP_GROUP_OU
value: "{{ .Values.ldapUserManager.env.LDAP_GROUP_OU }}"
- name: SERVER_PATH
value: "{{ .Values.ldapUserManager.env.SERVER_PATH }}"
- name: LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES
value: "{{ .Values.ldapUserManager.env.LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES }}"
- name: LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES
value: "{{ .Values.ldapUserManager.env.LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES }}"
- name: LDAP_GROUP_ADDITIONAL_OBJECTCLASSES
value: "{{ .Values.ldapUserManager.env.LDAP_GROUP_ADDITIONAL_OBJECTCLASSES }}"
- name: LDAP_GROUP_ADDITIONAL_ATTRIBUTES
value: "{{ .Values.ldapUserManager.env.LDAP_GROUP_ADDITIONAL_ATTRIBUTES }}"
- name: ACCEPT_WEAK_PASSWORDS
value: "{{ .Values.ldapUserManager.env.ACCEPT_WEAK_PASSWORDS }}"
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
resources:
limits:
cpu: "{{ .Values.ldapUserManager.resources.limits.cpu }}"
memory: "{{ .Values.ldapUserManager.resources.limits.memory }}"
requests:
cpu: "{{ .Values.ldapUserManager.resources.requests.cpu }}"
memory: "{{ .Values.ldapUserManager.resources.requests.memory }}"
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-ldap-user-manager-svc
labels:
app: ldap-user-manager-svc
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 80
- name: https
port: 8443
protocol: TCP
targetPort: 443
selector:
app: ldap-user-manager
type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ldap-user-manager-ingress
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/users`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-ldap-user-manager-svc
passHostHeader: true
port: 8080
{{- end }}