Files
argocd-apps/apps/base/kanidm/certificate.yaml
T
unkinben e91fe554eb feat(kanidm): 3 replicas, PDB maxUnavailable=1, host anti-affinity
- Increase replicas from 2 to 3
- Add kanidm-2 headless DNS SAN to TLS certificate
- Add PodDisruptionBudget (maxUnavailable: 1) to maintain quorum during
  node drains
- Add requiredDuringSchedulingIgnoredDuringExecution pod anti-affinity
  on kubernetes.io/hostname to spread replicas across distinct hosts
- Update replication peers comment to include kanidm-2 cert exchange step
2026-05-24 19:42:32 +10:00

27 lines
652 B
YAML

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kanidm-tls
namespace: kanidm
labels:
app.kubernetes.io/name: kanidm
app.kubernetes.io/instance: kanidm
spec:
secretName: kanidm-tls
issuerRef:
kind: ClusterIssuer
name: vault-issuer
commonName: auth.unkin.net
dnsNames:
- auth.unkin.net
- au.auth.unkin.net
- kanidm.k8s.syd1.au.unkin.net
- kanidm.kanidm.svc.cluster.local
- kanidm-0.kanidm-headless.kanidm.svc.cluster.local
- kanidm-1.kanidm-headless.kanidm.svc.cluster.local
- kanidm-2.kanidm-headless.kanidm.svc.cluster.local
privateKey:
algorithm: RSA
size: 4096