feat(kanidm): vault-managed replication certs with auto-restart #176

Merged
unkinben merged 2 commits from benvin/kanidm-vault-repl into main 2026-05-30 23:00:46 +10:00
Owner
  • Store per-pod replication certs in Vault (kv/kubernetes/namespace/kanidm/default/repl-certs)
  • VaultAuth + VaultStaticSecret sync certs to kanidm-repl-certs Secret
  • busybox config-init init container injects peer certs from Secret into server.toml at startup
  • Remove hardcoded partner_cert entries from per-pod server.toml templates
  • Add automatic_refresh = true to all replication configs
  • Add reloader.stakater.com/auto annotation to trigger rolling restart on ConfigMap/Secret changes
  • Document domain UUID mismatch resolution and cert rotation in README
- Store per-pod replication certs in Vault (kv/kubernetes/namespace/kanidm/default/repl-certs) - VaultAuth + VaultStaticSecret sync certs to kanidm-repl-certs Secret - busybox config-init init container injects peer certs from Secret into server.toml at startup - Remove hardcoded partner_cert entries from per-pod server.toml templates - Add automatic_refresh = true to all replication configs - Add reloader.stakater.com/auto annotation to trigger rolling restart on ConfigMap/Secret changes - Document domain UUID mismatch resolution and cert rotation in README
unkinben added 1 commit 2026-05-30 22:55:28 +10:00
feat(kanidm): vault-managed replication certs with auto-restart
ci/woodpecker/pr/kubeconform Pipeline is pending
ci/woodpecker/pr/pre-commit Pipeline is pending
db7f8f63a3
- Store per-pod replication certs in Vault (kv/kubernetes/namespace/kanidm/default/repl-certs)
- VaultAuth + VaultStaticSecret sync certs to kanidm-repl-certs Secret
- busybox config-init init container injects peer certs from Secret into server.toml at startup
- Remove hardcoded partner_cert entries from per-pod server.toml templates
- Add automatic_refresh = true to all replication configs
- Add reloader.stakater.com/auto annotation to trigger rolling restart on ConfigMap/Secret changes
- Document domain UUID mismatch resolution and cert rotation in README
unkinben added 1 commit 2026-05-30 22:55:33 +10:00
Merge branch 'main' into benvin/kanidm-vault-repl
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
ec9f2b51cd
unkinben merged commit 4d594fbde7 into main 2026-05-30 23:00:46 +10:00
unkinben deleted branch benvin/kanidm-vault-repl 2026-05-30 23:00:47 +10:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/argocd-apps#176