--- apiVersion: v1 kind: ConfigMap metadata: name: kanidm-config namespace: kanidm labels: app.kubernetes.io/name: kanidm app.kubernetes.io/instance: kanidm data: server.toml: | version = "2" domain = "auth.unkin.net" origin = "https://auth.unkin.net" bindaddress = "[::]:8443" db_path = "/data/kanidm.db" db_arc_size = 2048 tls_chain = "/data/tls/tls.crt" tls_key = "/data/tls/tls.key" log_level = "info" [online_backup] path = "/data/backups/" schedule = "0 22 * * *" versions = 7 [replication] origin = "__REPL_ORIGIN__" bindaddress = "[::]:8444" --- # kanidm-repl-peers is initially empty. # # After first deployment, exchange replication certificates: # kubectl exec -n kanidm kanidm-0 -- kanidmd show-replication-certificate # kubectl exec -n kanidm kanidm-1 -- kanidmd show-replication-certificate # kubectl exec -n kanidm kanidm-2 -- kanidmd show-replication-certificate # # Then populate peers.toml with all nodes' certs and restart pods. # Example peers.toml content: # # [replication."repl://kanidm-0.kanidm-headless.kanidm.svc.cluster.local:8444"] # type = "mutual-pull" # partner_cert = "" # # [replication."repl://kanidm-1.kanidm-headless.kanidm.svc.cluster.local:8444"] # type = "mutual-pull" # partner_cert = "" # # [replication."repl://kanidm-2.kanidm-headless.kanidm.svc.cluster.local:8444"] # type = "mutual-pull" # partner_cert = "" apiVersion: v1 kind: ConfigMap metadata: name: kanidm-repl-peers namespace: kanidm labels: app.kubernetes.io/name: kanidm app.kubernetes.io/instance: kanidm data: peers.toml: ""