{{- if .Values.ldapUserManager.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ldap-user-manager
  name: {{ .Release.Name }}-ldap-user-manager
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ldap-user-manager
  strategy: {}
  template:
    metadata:
      labels:
        app: ldap-user-manager
    spec:
      containers:
      - image: wheelybird/ldap-user-manager:v1.8
        name: ldap-user-manager
        env:
        - name: SERVER_HOSTNAME
          value: "{{ .Values.ldapUserManager.env.SERVER_HOSTNAME }}"
        - name: LDAP_URI
          value: "ldap://{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local"
        - name: LDAP_BASE_DN
          value: "{{ .Values.ldapUserManager.env.LDAP_BASE_DN }}"
        - name: LDAP_REQUIRE_STARTTLS
          value: "{{ .Values.ldapUserManager.env.LDAP_REQUIRE_STARTTLS }}"
        - name: LDAP_ADMINS_GROUP
          value: "{{ .Values.ldapUserManager.env.LDAP_ADMINS_GROUP }}"
        - name: LDAP_ADMIN_BIND_DN
          value: "{{ .Values.ldapUserManager.env.LDAP_ADMIN_BIND_DN }}"
        - name: LDAP_ADMIN_BIND_PWD
          value: "{{ .Values.ldapUserManager.env.LDAP_ADMIN_BIND_PWD }}"
        - name: LDAP_IGNORE_CERT_ERRORS
          value: "{{ .Values.ldapUserManager.env.LDAP_IGNORE_CERT_ERRORS }}"
        - name: NO_HTTPS
          value: "{{ .Values.ldapUserManager.env.NO_HTTPS }}"
        - name: EMAIL_DOMAIN
          value: "{{ .Values.ldapUserManager.env.EMAIL_DOMAIN }}"
        - name: ORGANISATION_NAME
          value: "{{ .Values.ldapUserManager.env.ORGANISATION_NAME }}"
        - name: LDAP_USER_OU
          value: "{{ .Values.ldapUserManager.env.LDAP_USER_OU }}"
        - name: LDAP_GROUP_OU
          value: "{{ .Values.ldapUserManager.env.LDAP_GROUP_OU }}"
        - name: SERVER_PATH
          value: "{{ .Values.ldapUserManager.env.SERVER_PATH }}"
        - name: LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES
          value: "{{ .Values.ldapUserManager.env.LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES }}"
        - name: LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES
          value: "{{ .Values.ldapUserManager.env.LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES }}"
        - name: LDAP_GROUP_ADDITIONAL_OBJECTCLASSES
          value: "{{ .Values.ldapUserManager.env.LDAP_GROUP_ADDITIONAL_OBJECTCLASSES }}"
        - name: LDAP_GROUP_ADDITIONAL_ATTRIBUTES
          value: "{{ .Values.ldapUserManager.env.LDAP_GROUP_ADDITIONAL_ATTRIBUTES }}"
        - name: ACCEPT_WEAK_PASSWORDS
          value: "{{ .Values.ldapUserManager.env.ACCEPT_WEAK_PASSWORDS }}"
        ports:
          - name: http
            containerPort: 80
            protocol: TCP
          - name: https
            containerPort: 443
            protocol: TCP
        resources:
          limits:
            cpu: "{{ .Values.ldapUserManager.resources.limits.cpu }}"
            memory: "{{ .Values.ldapUserManager.resources.limits.memory }}"
          requests:
            cpu: "{{ .Values.ldapUserManager.resources.requests.cpu }}"
            memory: "{{ .Values.ldapUserManager.resources.requests.memory }}"

---
apiVersion: v1
kind: Service
metadata:
  name: {{ .Release.Name }}-ldap-user-manager-svc
  labels:
    app: ldap-user-manager-svc
spec:
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 80
  - name: https
    port: 8443
    protocol: TCP
    targetPort: 443
  selector:
    app: ldap-user-manager
  type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: ldap-user-manager-ingress
spec:
  entryPoints:
    - web
  routes:                           
    - kind: Rule
      match:  Host(`{{ .Values.host }}`) &&  PathPrefix(`/users`)
      priority: 10                    
      services:
      - kind: Service
        name: {{ .Release.Name }}-ldap-user-manager-svc
        passHostHeader: true
        port: 8080
{{- end }}