diff --git a/apps/base/kanidm/statefulset.yaml b/apps/base/kanidm/statefulset.yaml index 2eaa778..2c89414 100644 --- a/apps/base/kanidm/statefulset.yaml +++ b/apps/base/kanidm/statefulset.yaml @@ -44,13 +44,19 @@ spec: - | set -e cp "/config-template/server-${POD_NAME##*-}.toml" /config/server.toml - for peer in kanidm-0 kanidm-1 kanidm-2; do - [ "${peer}" = "${POD_NAME}" ] && continue + if [ "${POD_NAME}" = "kanidm-0" ]; then + peers="kanidm-1 kanidm-2" + else + peers="kanidm-0" + fi + for peer in ${peers}; do cert_file="/repl-certs/${peer}" [ -s "${cert_file}" ] || continue fqdn="${peer}.kanidm-headless.kanidm.svc.cluster.local" - printf '\n[replication."repl://%s:8444"]\ntype = "mutual-pull"\npartner_cert = "%s"\n' \ - "${fqdn}" "$(cat ${cert_file})" >> /config/server.toml + refresh="" + [ "${peer}" = "kanidm-0" ] && refresh="\nautomatic_refresh = true" + printf '\n[replication."repl://%s:8444"]\ntype = "mutual-pull"\npartner_cert = "%s"%s\n' \ + "${fqdn}" "$(cat ${cert_file})" "${refresh}" >> /config/server.toml done env: - name: POD_NAME