On Linux by default the notes.ini is in the data directory. On Windows it is per default in the binary directory. You could move it to the data directory, which would make sense from backup point of view in many cases anyway. But what if you have it in the program directory and install a new major version where you get rid of all your binaries as a best practice?

Quite interesting results.. I have been looking into different hash algorithms to see the overhead today. It turns out that SHA256 is the slowest option and SHA1 is the winner. But it is interesting, that SHA384/SHA512 are also faster then SHA256

Domino waits for 10 seconds after shutdown before are restart for some legacy reason. There is a notes.ini variable to reduce the number of seconds. I tested with Domino 12.0.x that it can be reduced to 1 second.

Domino certificate manager works like a charm and is the best option for native Domino 12 certificate management. But in a K8s environment you might want to better have certificates deployed outside Domino in front of your Domino K8s service. Mostly you will use a so called Ingress controller, which offloads your TLS traffic. I took a look into https://cert-manager.io/docs/concepts/certificate last night. It turned out the issues I ran into only occurred because of a messed up k3s installation. After I re-created my server, I was ready to go in minutes.