---
apiVersion: v1
kind: Secret
metadata:
  name: openldap-admin
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "openldap-admin") | default dict }}
  {{- $secretData := (get $secretObj "data") | default dict }}
  {{- $pass := (get $secretData "password") | default (randAlphaNum 32 | b64enc) }}
  password: {{ $pass | quote }}
---
apiVersion: v1
kind: Secret
metadata:
  name: openldap-config
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "openldap-config") | default dict }}
  {{- $secretData := (get $secretObj "data") | default dict }}
  {{- $pass := (get $secretData "password") | default (randAlphaNum 32 | b64enc) }}
  password: {{ $pass | quote }}
---
apiVersion: v1
kind: Secret
metadata:
  name: openldap-ro
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "openldap-ro") | default dict }}
  {{- $secretData := (get $secretObj "data") | default dict }}
  {{- $pass := (get $secretData "password") | default (randAlphaNum 32 | b64enc) }}
  password: {{ $pass | quote }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: openldap
  labels:
    app.kubernetes.io/name: openldap
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: openldap
  replicas: 1
  template:
    metadata:
      labels:
        app.kubernetes.io/name: openldap
    spec:
      # securityContext:
      #   fsGroup: 0
      containers:
        - name: openldap
          image: osixia/openldap
          imagePullPolicy: "Always"
          env:
            - name: LDAP_ORGANISATION
              value: {{ .Values.homey.organization }}
            - name: LDAP_DOMAIN
              value: {{ .Values.homey.url | quote}}
            - name: LDAP_ADMIN_USERNAME
              value: "admin"
            - name: LDAP_READONLY_USER
              value: "true"
            - name: LDAP_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: openldap-admin
            - name: LDAP_CONFIG_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: openldap-config
            - name: LDAP_READONLY_USER_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: password
                  name: openldap-ro
          ports:
            - name: tcp-ldap
              containerPort: 389
            - name: ssl-ldap
              containerPort: 636
          volumeMounts:
            - mountPath: /etc/ldap/slapd.d
              subPath: backup/openldap/etc/ldap/slapd.d
              name: openldap-volume
            - mountPath: /var/lib/ldap
              subPath: backup/openldap/var/lib/ldap
              name: openldap-volume
      volumes:
      - name: openldap-volume
        persistentVolumeClaim:
           claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
  name: openldap
  labels:
    app.kubernetes.io/name: openldap
spec:
  type: ClusterIP
  ports:
    - name: tcp-ldap
      port: 389
      targetPort: tcp-ldap
    - name: ssl-ldap
      port: 636
      targetPort: ssl-ldap
  selector:
    app.kubernetes.io/name: openldap