apiVersion: apps/v1
kind: Deployment
metadata:
  name: hydra-ldap
  labels:
    app.kubernetes.io/name: hydra-ldap
    app.kubernetes.io/version: "v1.2.2"
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: hydra-ldap
  template:
    metadata:
      labels:
        app.kubernetes.io/name: hydra-ldap
        app.kubernetes.io/version: "v1.2.2"
    spec:
      containers:
      - name: werther
        image: reg.cadoles.com/cadoles/hydra-werther:2023.12.6-stable.1421.15a4717
        imagePullPolicy: IfNotPresent
        envFrom:
        - configMapRef:
            name: hydra-ldap-env
        env:
        - name: WERTHER_WEB_DIR
          value: "/usr/share/werther/login/"
        - name: WERTHER_LDAP_BINDDN
          valueFrom:
            secretKeyRef:
              name: hydra-ldap-sc
              key: WERTHER_LDAP_BINDDN
        - name: WERTHER_LDAP_BINDPW
          valueFrom:
            secretKeyRef:
              name: hydra-ldap-sc
              key: WERTHER_LDAP_BINDPW
        ports:
        - containerPort: 8080
          name: hydra-ldap-http
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 100