apiVersion: apps/v1
kind: Deployment
metadata:
  name: openldap
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: openldap
  template:
    metadata:
      annotations:
        ### autocert ###
        autocert.step.sm/name: openldap.default.svc.cluster.local
        autocert.step.sm/duration: 1h
        ### autocert ###
      labels:
        app: openldap
    spec:
      containers:
      - name: openldap
        image: jjregistry.localhost:5000/openldap:2.6.0
        imagePullPolicy: Always
        env:
          - name: LDAP_ADMIN_USERNAME
            value: "admin"
          - name: LDAP_ADMIN_PASSWORD
            valueFrom:
              secretKeyRef:
                key: adminpassword
                name: openldap-secret
          - name: LDAP_USERS
            valueFrom:
              secretKeyRef:
                key: users
                name: openldap-secret
          - name: LDAP_PASSWORDS
            valueFrom:
              secretKeyRef:
                key: passwords
                name: openldap-secret
          - name: LDAP_ROOT
            value: "dc=minotaur"
          - name: LDAP_ENABLE_TLS
            value: "yes"
          - name: LDAP_TLS_CERT_FILE
            value: /var/run/autocert.step.sm/site.crt
          - name: LDAP_TLS_KEY_FILE
            value: /var/run/autocert.step.sm/site.key
          - name: LDAP_TLS_CA_FILE
            value: /var/run/autocert.step.sm/root.crt
        ports:
        - containerPort: 1389
          name: ldap
        - containerPort: 1636
          name: ldaps