apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx-ldap-auth
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: nginx-ldap-auth
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  resourceNames:
  - "nginx-ldap-auth"
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - secrets
  resourceNames:
  - "nginx-ldap-auth"
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: nginx-ldap-auth
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: nginx-ldap-auth
subjects:
- kind: ServiceAccount
  name: nginx-ldap-auth
---
kind: Service
apiVersion: v1
metadata:
  name: nginx-ldap-auth
spec:
  type: ClusterIP
  ports:
  - name: nginx-ldap-auth
    port: 5555
    protocol: TCP
    targetPort: 5555
  selector:
    app: nginx-ldap-auth
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: nginx-ldap-auth
  labels:
    app: nginx-ldap-auth
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-ldap-auth
    spec:
      serviceAccountName: nginx-ldap-auth 
      containers:
      - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.5
        name: nginx-ldap-auth
        command:
        - "/usr/local/bin/nginx-ldap-auth"
        - "--config"
        - "/etc/nginx-ldap-auth/config.yaml"
        ports:
        - name: http
          containerPort: 5555
        volumeMounts:
        - name: config
          mountPath: /etc/nginx-ldap-auth
      volumes:
      - name: config
        secret:
          secretName: nginx-ldap-auth
          items:
          - key: config.yaml
            path: config.yaml