Drop from 3 replicas to 1. Remove init container, repl-certs secret, replication port, podAntiAffinity, server-1/2 configs, and replication stanza from server-0.toml. Mount configmap directly via subPath. Reviewed-on: #185
- Store per-pod replication certs in Vault (kv/kubernetes/namespace/kanidm/default/repl-certs) - VaultAuth + VaultStaticSecret sync certs to kanidm-repl-certs Secret - busybox config-init init container injects peer certs from Secret into server.toml at startup - Remove hardcoded partner_cert entries from per-pod server.toml templates - Add automatic_refresh = true to all replication configs - Add reloader.stakater.com/auto annotation to trigger rolling restart on ConfigMap/Secret changes - Document domain UUID mismatch resolution and cert rotation in README Reviewed-on: #176
- split to per-server configs - remove init containers that attempted to automate the replication config - add README.md Reviewed-on: #169
Reviewed-on: #159