apiVersion: {{ template "statefulset.apiVersion" . }} kind: StatefulSet metadata: name: {{ template "openldap.fullname" . }} labels: app: {{ template "openldap.fullname" . }} chart: {{ template "openldap.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- if .Values.extraLabels }} {{ toYaml .Values.extraLabels | indent 4 }} {{- end }} spec: replicas: {{ .Values.replicaCount }} {{- if .Values.strategy }} strategy: {{ toYaml .Values.strategy | indent 4 }} {{- end }} selector: matchLabels: app: {{ template "openldap.fullname" . }} release: {{ .Release.Name }} serviceName: {{ template "openldap.fullname" . }}-headless template: metadata: annotations: checksum/configmap-env: {{ include (print $.Template.BasePath "/configmap-env.yaml") . | sha256sum }} {{- if .Values.customLdifFiles}} checksum/configmap-customldif: {{ include (print $.Template.BasePath "/configmap-customldif.yaml") . | sha256sum }} {{- end }} {{- if .Values.podAnnotations}} {{ toYaml .Values.podAnnotations | indent 8}} {{- end }} labels: app: {{ template "openldap.fullname" . }} release: {{ .Release.Name }} spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - -l - {{ .Values.logLevel }} {{- if .Values.customLdifFiles }} - --copy-service {{- end }} ports: - name: ldap-port containerPort: 389 - name: ssl-ldap-port containerPort: 636 envFrom: - configMapRef: name: {{ template "openldap.fullname" . }}-env - secretRef: name: {{ template "openldap.secretName" . }} volumeMounts: - name: data mountPath: /var/lib/ldap subPath: data - name: data mountPath: /etc/ldap/slapd.d subPath: config-data - name: data mountPath: /container/service/slapd/assets/certs {{- if .Values.customLdifFiles }} - name: custom-ldif-files mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom {{- end }} env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name #- name: HOSTNAME # value: $(POD_NAME).{{ template "openldap.fullname" . }}-headless {{- if .Values.tls.enabled }} - name: LDAP_TLS_CRT_FILENAME value: tls.crt - name: LDAP_TLS_KEY_FILENAME value: tls.key {{- if .Values.tls.CA.enabled }} - name: LDAP_TLS_CA_CRT_FILENAME value: ca.crt {{- end }} {{- end }} livenessProbe: tcpSocket: port: ldap-port initialDelaySeconds: 20 periodSeconds: 10 failureThreshold: 10 readinessProbe: tcpSocket: port: ldap-port initialDelaySeconds: 20 periodSeconds: 10 failureThreshold: 10 resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app.kubernetes.io/component: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- if .Values.customLdifFiles }} volumes: - name: custom-ldif-files configMap: name: {{ template "openldap.fullname" . }}-customldif {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - metadata: name: data annotations: {{- range $key, $value := .Values.persistence.annotations }} {{ $key }}: {{ $value }} {{- end }} spec: accessModes: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} {{- if .Values.persistence.storageClass }} {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} {{- else }} - name: data emptyDir: {} {{- end }}