feat(ldap): add lldap as ldap server

k8s/infra/auth/lldap/deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lldap
+  namespace: lldap
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: lldap
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      namespace: lldap
+      labels:
+        app: lldap
+    spec:
+      nodeSelector:
+        topology.kubernetes.io/zone: abel
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1001
+        runAsGroup: 1001
+        fsGroup: 1001
+        fsGroupChangePolicy: OnRootMismatch
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: lldap
+          image: ghcr.io/lldap/lldap:2024-09-02-debian-rootless # renovate: docker=ghcr.io/lldap/lldap
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: [ "ALL" ]
+          envFrom:
+            - configMapRef:
+                name: common-env
+            - secretRef:
+                name: lldap-credentials
+          ports:
+            - name: ldap
+              containerPort: 3890
+            - name: ldaps
+              containerPort: 6360
+            - name: web
+              containerPort: 17170
+          volumeMounts:
+            - name: lldap-data
+              mountPath: /data
+      volumes:
+        - name: lldap-data
+          emptyDir: { }
+        #  persistentVolumeClaim:
+        #    claimName: lldap-data

k8s/infra/auth/lldap/http-route.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: lldap
+  namespace: lldap
+spec:
+  parentRefs:
+    - name: internal
+      namespace: gateway
+  hostnames:
+    - "lldap.stonegarden.dev"
+  rules:
+    - backendRefs:
+        - name: lldap
+          port: 80

k8s/infra/auth/lldap/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+configMapGenerator:
+  - name: common-env
+    namespace: lldap
+    literals:
+      - TZ="Europe/Oslo"
+      - GID="1001"
+      - UID="1001"
+
+resources:
+  - ns.yaml
+  - svc.yaml
+  - lldap-credentials.yaml
+  - deployment.yaml
+  - http-route.yaml

k8s/infra/auth/lldap/lldap-credentials.yaml

@@ -0,0 +1,14 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: lldap-credentials
+  namespace: lldap
+spec:
+  encryptedData:
+    LLDAP_JWT_SECRET: AgAYACrLdCEj5X3SHscaHrBGSGUMaoQ7GstvSF15jtvftUMpJAAIvYoShtutcV/EEWF+kRql4dlETzx0v58fBHNuw81pt/UeHolWiQ1XQDp7cVVe53m5DcWlI390BXF148iQ5qdt0FohBh2nzfkZN4PvIvRpkN6EPmk/3h/h8TqEVKKZSxGaXnEMT9lkMlANwfGQ2mEPkwwpbye1QaOI4u7p3hY0deXx/uodgzwx9pEAkFaW9NS+k3mveJfoLdwpKeKP6zXysesvCGzK0v6IFeQZP2WjyQmynkSZ5QzGbNE6UjFQ/60GG+oXLw/BUMjMBDJdKMJb+7IFwogdFQ4TXCeTkUqHNbHqvfbz6v0hBPxacyxLj3GAzoFIBnVYzo/fLROLeboYuu1e2p5+4NNRYUHku9n1WIQaEJnk47CclIsV7R10Tk6fEB6PNwSv8HU3aBse0Xnc7/K/X07OUzhnZxZC7peOXe7pOgAVmBBsQXi4jktWlWZA8+i7ETgIbcQHpyri0qVTZNnOjnd61XHbmOlh3LZ6fXdLOdOAbLM5KvaK26itotWeG44Uz1Yq207HOUkMf14fziw3Mhrw2uqEaiIS28tteQSQSHwSLfMS6cNk7tEzCWYTRcVVOqeMwxXMYY3FltSGN9iU0KoERRYjRLAej/y7TanARNULt/CwHaWfvzkoBelqg1Efgr6M72KU9AwazFlgomEgbSqeYvNlzF2HViTh7jXQtcgR0Z8iSn1zzw==
+    LLDAP_LDAP_BASE_DN: AgBjxfYu1/55vlqnaoeAGlVAa3J6ZrHG0FsT4Vo2rqz+HY7ZAwedNcNlI/Jq5rVJXGOuZvGVUXYq4OVd9HY1jwjH7nsTmDQ90eV+yq8n/TlB93lIfg5y8zWVkerrG6ywX76Q3pHMJsbSETByZli3Pz1/DYBVl9h6ps8kUuLQS+fmiL1ilMN4i+W9+SkhJLj3vQ0w8FufEHqIKNvL+ghp6HC1IDqAs7+b2y0xBR8RPSQbfdNF6DCEkWPJ/y0YyOs4B7NvBoK60kH1R+bJhqICCdXSf1bfbh+eVyWOXT7EOQYlofmNZQqnfib5V+puP5xbQPY6inrF9U60KWqD44N9BAD9EvXiE85P1H0pISUfDDrdl6zLBBZFbFB+NFkgDP1lLIfR7EngDfztrvtv3iTDOSpDJ4sXDEwN3sPLkKQidnR5+J1wApnl2RXap4XSRJgYuVSxiOsymoBtObIDkmoc/1c5k8KE1u6cGE7bm7P3xrgBLm1+VwptWWF98NJ8/rl9gdX/RIooDGGiIIZpNvsKvSDWwfhtMZqPxzTaClvV6+SJpzsi7NanzZ+E+n8Ex0kKovDmqLFeGo3Ga7B8pIYcOnWRJuiL6WmamvfG7jUc/eOkW4IqwEIVUojzXlG4Q1pEW1XA2mEYpIjgdYvsEP3yWUt7xd+AP3ZRUk+w3KjTPbY5m3Nfsrp4kxKTQHjUDvcuvLu6zcSA3aowkDOehfljHsXTn4c1ANk=
+    LLDAP_LDAP_USER_PASS: AgCZzAPr6wyPehQZDLJErDsZduO7VD+jU/OSgeYnZ7XJgez2vqSnw+wineYMomz3Ch0HVk6ab0qoJxLyyWpRmJyjFewPOZGcTXmLDUEIdceXMlK1MCBagVbhZjJXNSfwjVHjYpwSIg7xGVkfjqvL3/i7OwJnHkw23x5C6Beplwtb+ixM0dsBGXMETNfxl9G5zB0Y4FN/XfR+AtXrqavDurxN26l82yr38KP9sIu2GG+TRZeOL9G9MLapd8HZ78M/El3q5kySK8E8+1uHRlr7wWiRhksFvWJ71G9S8J6CqhFkiEuRhL3JazXuhl5NJYPbL79o+1NzRJzCtocq2thqtZZxiyeQoa72WnWU1voczX0kEpEdB+15j1E5onlkLhyz+lA3EjLD1e2fBc+acnf3b9/rSXkEhla0+IKl41ME1/mLor8RvGc8lvx0Vdd2lnPQ/UCG4Tc3I4dMQ5YMliHPVbcsxwPqZ6CTIMNfXbh7Ro3I04VTStNKiDqxeixKiPlr8/0qANaLm9B3XwLKmOjSSEmTTQ2JMYKFraQL5myzOfBb2deTJdFEeE4RtsrFAkFBC9938uUeKqDJJEfZH/g6fdko1Ci7XWEGKsGmRjV0faDURy3VK5UH2+mymow5V8FMRwyKpkDcdoRomhOTMGTbYyCHX6UtZDxZBuxdxdfg58exxvnjGYxF1G5ZKp4yDdUqQI2nFV2CdrrpliCcKjoKxD1D/sk8DRPixNilh/vNxhNzMg==
+  template:
+    metadata:
+      name: lldap-credentials
+      namespace: lldap

k8s/infra/auth/lldap/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: lldap

k8s/infra/auth/lldap/pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lldap-data
+  namespace: lldap
+spec:
+  storageClassName: proxmox-csi
+  volumeName: pv-lldap
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1G

k8s/infra/auth/lldap/svc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lldap
+  namespace: lldap
+spec:
+  type: ClusterIP
+  selector:
+    app: lldap
+  ports:
+    - name: web
+      port: 80
+      targetPort: web

k8s/infra/auth/project.yaml

@@ -11,6 +11,8 @@ spec:
       server: '*'
     - namespace: 'keycloak'
       server: '*'
+    - namespace: 'lldap'
+      server: '*'
     - namespace: 'netbird'
       server: '*'
   clusterResourceWhitelist: