7d2e0dfa0f
Remove the data keys from kanidm-repl-certs in git so ArgoCD never takes SSA ownership of them. Add ignoreDifferences for /data on that ConfigMap in the ApplicationSet template so ArgoCD doesn't flag sidecar-patched cert values as out-of-sync.
41 lines
817 B
YAML
41 lines
817 B
YAML
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: kanidm-config
|
|
namespace: kanidm
|
|
labels:
|
|
app.kubernetes.io/name: kanidm
|
|
app.kubernetes.io/instance: kanidm
|
|
data:
|
|
server.toml: |
|
|
version = "2"
|
|
|
|
domain = "auth.unkin.net"
|
|
origin = "https://auth.unkin.net"
|
|
bindaddress = "[::]:8443"
|
|
db_path = "/data/kanidm.db"
|
|
db_arc_size = 2048
|
|
tls_chain = "/data/tls/tls.crt"
|
|
tls_key = "/data/tls/tls.key"
|
|
log_level = "info"
|
|
|
|
[online_backup]
|
|
path = "/data/backups/"
|
|
schedule = "0 22 * * *"
|
|
versions = 7
|
|
|
|
[replication]
|
|
origin = "__REPL_ORIGIN__"
|
|
bindaddress = "[::]:8444"
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: kanidm-repl-certs
|
|
namespace: kanidm
|
|
labels:
|
|
app.kubernetes.io/name: kanidm
|
|
app.kubernetes.io/instance: kanidm
|
|
data: {}
|