From 5563a63f56baf4581b3f84b9f60f47d90648c58e Mon Sep 17 00:00:00 2001
From: Vegard Hagen <vegard@stonegarden.dev>
Date: Sun, 19 Jan 2025 10:11:39 +0100
Subject: [PATCH] feat(lldap): add cnpg database for persistence

---
 k8s/infra/auth/lldap/cnpg-db.yaml       | 39 +++++++++++++++++++++++++
 k8s/infra/auth/lldap/deployment.yaml    |  6 ++++
 k8s/infra/auth/lldap/kustomization.yaml |  1 +
 tofu/kubernetes/main.tf                 |  4 +++
 4 files changed, 50 insertions(+)
 create mode 100644 k8s/infra/auth/lldap/cnpg-db.yaml

diff --git a/k8s/infra/auth/lldap/cnpg-db.yaml b/k8s/infra/auth/lldap/cnpg-db.yaml
new file mode 100644
index 0000000..295be56
--- /dev/null
+++ b/k8s/infra/auth/lldap/cnpg-db.yaml
@@ -0,0 +1,39 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: lldap-postgres
+  namespace: lldap
+spec:
+  instances: 1
+  affinity:
+    nodeSelector:
+      topology.kubernetes.io/zone: euclid
+  monitoring:
+    enablePodMonitor: true
+  postgresql:
+    parameters:
+      timezone: Europe/Oslo
+  bootstrap:
+    initdb:
+      database: lldap
+      owner: lldap
+  managed:
+    services:
+      disabledDefaultServices: [ "ro", "r" ]
+#      additional:
+#        - selectorType: rw
+#          updateStrategy: patch
+#          serviceTemplate:
+#            metadata:
+#              name: lldap-postgres-db
+#              annotations:
+#                io.cilium/lb-ipam-ips: 192.168.1.241
+#            spec:
+#              type: LoadBalancer
+  storage:
+    size: 1G
+    pvcTemplate:
+      storageClassName: proxmox-csi
+      volumeName: pv-lldap-postgres
+      accessModes:
+        - ReadWriteOnce
diff --git a/k8s/infra/auth/lldap/deployment.yaml b/k8s/infra/auth/lldap/deployment.yaml
index cb07269..b4e44f7 100644
--- a/k8s/infra/auth/lldap/deployment.yaml
+++ b/k8s/infra/auth/lldap/deployment.yaml
@@ -40,6 +40,12 @@ spec:
                 name: lldap-credentials
             - secretRef:
                 name: smtp-credentials
+          env:
+            - name: LLDAP_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: lldap-postgres-app
+                  key: uri
           ports:
             - name: ldap
               containerPort: 3890
diff --git a/k8s/infra/auth/lldap/kustomization.yaml b/k8s/infra/auth/lldap/kustomization.yaml
index d054d4b..279e776 100644
--- a/k8s/infra/auth/lldap/kustomization.yaml
+++ b/k8s/infra/auth/lldap/kustomization.yaml
@@ -26,6 +26,7 @@ configMapGenerator:
 resources:
   - ns.yaml
   - svc.yaml
+  - cnpg-db.yaml
   - lldap-credentials.yaml
   - lldap-config.yaml
   - smtp-credentials.yaml
diff --git a/tofu/kubernetes/main.tf b/tofu/kubernetes/main.tf
index 8efe907..c7c78f9 100644
--- a/tofu/kubernetes/main.tf
+++ b/tofu/kubernetes/main.tf
@@ -132,6 +132,10 @@ module "volumes" {
       node = "euclid"
       size = "1G"
     }
+    pv-lldap-postgres = {
+      node = "euclid"
+      size = "1G"
+    }
     pv-keycloak-postgres = {
       node = "euclid"
       size = "2G"