unkinben
4b1fbe1fe1
feat(kanidm): scale down to single replica, remove replication ( #185 )
...
Drop from 3 replicas to 1. Remove init container, repl-certs secret,
replication port, podAntiAffinity, server-1/2 configs, and replication
stanza from server-0.toml. Mount configmap directly via subPath.
Reviewed-on: #185
2026-06-02 22:41:28 +10:00
unkinben
f11ec1056d
fix(kanidm): remove invalid automatic_refresh from replication config ( #179 )
...
Reviewed-on: #179
2026-05-30 23:20:48 +10:00
unkinben
4d594fbde7
feat(kanidm): vault-managed replication certs with auto-restart ( #176 )
...
- Store per-pod replication certs in Vault (kv/kubernetes/namespace/kanidm/default/repl-certs)
- VaultAuth + VaultStaticSecret sync certs to kanidm-repl-certs Secret
- busybox config-init init container injects peer certs from Secret into server.toml at startup
- Remove hardcoded partner_cert entries from per-pod server.toml templates
- Add automatic_refresh = true to all replication configs
- Add reloader.stakater.com/auto annotation to trigger rolling restart on ConfigMap/Secret changes
- Document domain UUID mismatch resolution and cert rotation in README
Reviewed-on: #176
2026-05-30 23:00:46 +10:00
unkinben
d358098fff
chore: update replication certs ( #170 )
...
- add replication certs for kanidm-0, kanidm-1 and kanidm-2
Reviewed-on: #170
2026-05-25 23:52:06 +10:00
unkinben
201e601737
feat: update kanidm replicaiton ( #169 )
...
- split to per-server configs
- remove init containers that attempted to automate the replication config
- add README.md
Reviewed-on: #169
2026-05-25 23:25:48 +10:00