e91fe554eb
- Increase replicas from 2 to 3 - Add kanidm-2 headless DNS SAN to TLS certificate - Add PodDisruptionBudget (maxUnavailable: 1) to maintain quorum during node drains - Add requiredDuringSchedulingIgnoredDuringExecution pod anti-affinity on kubernetes.io/hostname to spread replicas across distinct hosts - Update replication peers comment to include kanidm-2 cert exchange step
27 lines
652 B
YAML
27 lines
652 B
YAML
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: kanidm-tls
|
|
namespace: kanidm
|
|
labels:
|
|
app.kubernetes.io/name: kanidm
|
|
app.kubernetes.io/instance: kanidm
|
|
spec:
|
|
secretName: kanidm-tls
|
|
issuerRef:
|
|
kind: ClusterIssuer
|
|
name: vault-issuer
|
|
commonName: auth.unkin.net
|
|
dnsNames:
|
|
- auth.unkin.net
|
|
- au.auth.unkin.net
|
|
- kanidm.k8s.syd1.au.unkin.net
|
|
- kanidm.kanidm.svc.cluster.local
|
|
- kanidm-0.kanidm-headless.kanidm.svc.cluster.local
|
|
- kanidm-1.kanidm-headless.kanidm.svc.cluster.local
|
|
- kanidm-2.kanidm-headless.kanidm.svc.cluster.local
|
|
privateKey:
|
|
algorithm: RSA
|
|
size: 4096
|