--- apiVersion: apps/v1 kind: StatefulSet metadata: name: kanidm namespace: kanidm annotations: reloader.stakater.com/auto: "true" labels: app.kubernetes.io/name: kanidm app.kubernetes.io/instance: kanidm spec: serviceName: kanidm-headless replicas: 1 selector: matchLabels: app.kubernetes.io/name: kanidm app.kubernetes.io/instance: kanidm template: metadata: labels: app.kubernetes.io/name: kanidm app.kubernetes.io/instance: kanidm spec: serviceAccountName: kanidm securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true fsGroup: 1000 containers: - name: kanidm image: kanidm/server:1.10.3 command: ["/sbin/kanidmd"] args: ["server", "-c", "/config/server.toml"] ports: - name: https containerPort: 8443 protocol: TCP volumeMounts: - name: data mountPath: /data - name: config mountPath: /config/server.toml subPath: server-0.toml readOnly: true - name: tls mountPath: /data/tls readOnly: true securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false resources: requests: memory: 256Mi cpu: 100m limits: memory: 1Gi cpu: 500m readinessProbe: tcpSocket: port: 8443 initialDelaySeconds: 15 periodSeconds: 10 livenessProbe: tcpSocket: port: 8443 initialDelaySeconds: 30 periodSeconds: 30 volumes: - name: config configMap: name: kanidm-config - name: tls secret: secretName: kanidm-tls volumeClaimTemplates: - metadata: name: data spec: accessModes: [ReadWriteOnce] storageClassName: cephrbd-fast-delete resources: requests: storage: 10Gi