feat(lldap): add cnpg database for persistence

k8s/infra/auth/lldap/cnpg-db.yaml

@@ -0,0 +1,39 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: lldap-postgres
+  namespace: lldap
+spec:
+  instances: 1
+  affinity:
+    nodeSelector:
+      topology.kubernetes.io/zone: euclid
+  monitoring:
+    enablePodMonitor: true
+  postgresql:
+    parameters:
+      timezone: Europe/Oslo
+  bootstrap:
+    initdb:
+      database: lldap
+      owner: lldap
+  managed:
+    services:
+      disabledDefaultServices: [ "ro", "r" ]
+#      additional:
+#        - selectorType: rw
+#          updateStrategy: patch
+#          serviceTemplate:
+#            metadata:
+#              name: lldap-postgres-db
+#              annotations:
+#                io.cilium/lb-ipam-ips: 192.168.1.241
+#            spec:
+#              type: LoadBalancer
+  storage:
+    size: 1G
+    pvcTemplate:
+      storageClassName: proxmox-csi
+      volumeName: pv-lldap-postgres
+      accessModes:
+        - ReadWriteOnce

k8s/infra/auth/lldap/deployment.yaml

@@ -40,6 +40,12 @@ spec:
                 name: lldap-credentials
             - secretRef:
                 name: smtp-credentials
+          env:
+            - name: LLDAP_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: lldap-postgres-app
+                  key: uri
           ports:
             - name: ldap
               containerPort: 3890

k8s/infra/auth/lldap/kustomization.yaml

@@ -26,6 +26,7 @@ configMapGenerator:
 resources:
   - ns.yaml
   - svc.yaml
+  - cnpg-db.yaml
   - lldap-credentials.yaml
   - lldap-config.yaml
   - smtp-credentials.yaml

tofu/kubernetes/main.tf

@@ -132,6 +132,10 @@ module "volumes" {
       node = "euclid"
       size = "1G"
     }
+    pv-lldap-postgres = {
+      node = "euclid"
+      size = "1G"
+    }
     pv-keycloak-postgres = {
       node = "euclid"
       size = "2G"