test(lldap): enable ldaps

k8s/infra/auth/lldap/cert.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cert
+  namespace: lldap
+spec:
+  dnsNames:
+    - lldap.stonegarden.dev
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: cloudflare-cluster-issuer
+  secretName: cert
+  usages:
+    - digital signature
+    - key encipherment

k8s/infra/auth/lldap/deployment.yaml

@@ -56,6 +56,16 @@ spec:
           volumeMounts:
             - name: lldap-data
               mountPath: /data
+            - name: cert
+              mountPath: /cert
       volumes:
+        - name: cert
+          secret:
+            secretName: cert
+            items:
+              - key: tls.key
+                path: tls.key
+              - key: tls.crt
+                path: tls.crt
         - name: lldap-data
           emptyDir: { }

k8s/infra/auth/lldap/kustomization.yaml

@@ -12,6 +12,9 @@ configMapGenerator:
     namespace: lldap
     literals:
       - LLDAP_HTTP_URL="https://lldap.stonegarden.dev"
+      - LLDAP_LDAPS_OPTIONS__ENABLED="true"
+      - LLDAP_LDAPS_OPTIONS__CERT_FILE="/cert/tls.crt"
+      - LLDAP_LDAPS_OPTIONS__KEY_FILE="/cert/tls.key"
   - name: bootstrap-env
     namespace: lldap
     literals:
@@ -27,6 +30,7 @@ resources:
   - ns.yaml
   - svc.yaml
   - cnpg-db.yaml
+  - cert.yaml
   - lldap-credentials.yaml
   - lldap-config.yaml
   - smtp-credentials.yaml

k8s/infra/auth/lldap/svc.yaml

@@ -3,8 +3,10 @@ kind: Service
 metadata:
   name: lldap
   namespace: lldap
+  annotations:
+    io.cilium/lb-ipam-ips: 192.168.1.242
 spec:
-  type: ClusterIP
+  type: LoadBalancer
   selector:
     app: lldap
   ports:
@@ -14,3 +16,6 @@ spec:
     - name: ldap
       port: 389
       targetPort: ldap
+    - name: ldaps
+      port: 636
+      targetPort: ldaps