benvin/kanidm #159

Merged
unkinben merged 4 commits from benvin/kanidm into main 2026-05-24 19:55:23 +10:00
5 changed files with 32 additions and 2 deletions
Showing only changes of commit e91fe554eb - Show all commits
+1
View File
@@ -20,6 +20,7 @@ spec:
- kanidm.kanidm.svc.cluster.local
- kanidm-0.kanidm-headless.kanidm.svc.cluster.local
- kanidm-1.kanidm-headless.kanidm.svc.cluster.local
- kanidm-2.kanidm-headless.kanidm.svc.cluster.local
privateKey:
algorithm: RSA
size: 4096
+6 -1
View File
@@ -34,8 +34,9 @@ data:
# After first deployment, exchange replication certificates:
# kubectl exec -n kanidm kanidm-0 -- kanidmd show-replication-certificate
# kubectl exec -n kanidm kanidm-1 -- kanidmd show-replication-certificate
# kubectl exec -n kanidm kanidm-2 -- kanidmd show-replication-certificate
#
# Then populate peers.toml with both nodes' certs and restart pods.
# Then populate peers.toml with all nodes' certs and restart pods.
# Example peers.toml content:
#
# [replication."repl://kanidm-0.kanidm-headless.kanidm.svc.cluster.local:8444"]
@@ -45,6 +46,10 @@ data:
# [replication."repl://kanidm-1.kanidm-headless.kanidm.svc.cluster.local:8444"]
# type = "mutual-pull"
# partner_cert = "<base64-cert-from-kanidm-1>"
#
# [replication."repl://kanidm-2.kanidm-headless.kanidm.svc.cluster.local:8444"]
# type = "mutual-pull"
# partner_cert = "<base64-cert-from-kanidm-2>"
apiVersion: v1
kind: ConfigMap
metadata:
+1
View File
@@ -9,6 +9,7 @@ resources:
- configmap.yaml
- service.yaml
- statefulset.yaml
- poddisruptionbudget.yaml
- gateway.yaml
- httproute.yaml
- tlsroute.yaml
+15
View File
@@ -0,0 +1,15 @@
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: kanidm
namespace: kanidm
labels:
app.kubernetes.io/name: kanidm
app.kubernetes.io/instance: kanidm
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/name: kanidm
app.kubernetes.io/instance: kanidm
+9 -1
View File
@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/instance: kanidm
spec:
serviceName: kanidm-headless
replicas: 2
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: kanidm
@@ -21,6 +21,14 @@ spec:
app.kubernetes.io/instance: kanidm
spec:
serviceAccountName: kanidm
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: kanidm
app.kubernetes.io/instance: kanidm
topologyKey: kubernetes.io/hostname
securityContext:
runAsUser: 1000
runAsGroup: 1000