I'd be very interested to know as well. Although the last time I attempted to run kanidm in a containerized fashion it left a lot to be desired.
The software is (perhaps expectedly) not really built to support semi-ephemeral lifetimes, so it took quite a few hacks to get it running in Kubernetes the last time I tried.
As I recall, the primary issue I had was with exposing the certman-provided Let's Encrypt certificates to the kanidm process inside the container in a reasonable fashion. I don't think I found an elegant way of signalling to the kanidm process that the certificates had been renewed and should be reloaded.
The software is (perhaps expectedly) not really built to support semi-ephemeral lifetimes, so it took quite a few hacks to get it running in Kubernetes the last time I tried.
As I recall, the primary issue I had was with exposing the certman-provided Let's Encrypt certificates to the kanidm process inside the container in a reasonable fashion. I don't think I found an elegant way of signalling to the kanidm process that the certificates had been renewed and should be reloaded.