t.behrendt/authentik-kubernetes-operator
1
0
Fork 0
Code Issues 3 Pull Requests 4 Actions 2 Packages Activity

feat: vertical slice application -> provider -> binding (#4)
CD / Create tag (push) Successful in 11s
Details
CD / Build and push (amd64) (push) Successful in 1m32s
Details
CD / Create manifest (push) Successful in 7s
Details

Browse Source 
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
This commit was merged in pull request #4.
This commit is contained in:
Timo Behrendt
2026-05-25 17:14:35 +02:00
committed by t.behrendt
parent 2a091df8b9
commit 26bd576690
65 changed files with 4912 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+43 -1
View File
@@ -11,6 +11,8 @@ Manual changes to the resources in Authentik will be overwritten by the operator
| Custom Resource | CRD File | Short Name |
| --------------- | ---------------------------------------------------------- | ---------- |
| ProxyProvider | [`proxyProvider.yaml`](`artifacts/crd/proxyProvider.yaml`) | pp |
| Application | [`application.yaml`](`artifacts/crd/application.yaml`) | app |
| PolicyBinding | [`policyBinding.yaml`](`artifacts/crd/policyBinding.yaml`) | pb |
### ProxyProvider
@@ -32,9 +34,49 @@ spec:
invalidation_flow: 7acac1ef-19e3-4a6f-8d8d-14ca7031d184
# The external host of your application.
external_host: https://example.t00n.de
# The ID of the outpost, which at current point in time can only be retrieved from Authentik directly. In this example: "Proxy-Forward-Auth-Auto"
outpost: e004ffe7-4af6-4ac1-9e9d-522354799e1f
```
The ProxyProvider will be created in Authentik, but will not be assigned to an outpost or an application (Resources are TBD).
The ProxyProvider will be created in Authentik and assigned to the configured outpost.
### Application
The Application only supports a reduced set of fields.
Example [`application.yaml`](`artifacts/examples/application.yaml`):
```yaml
apiVersion: application.t000-n.de/v1alpha1
kind: Application
metadata:
name: application-example
spec:
name: Application Example
slug: application-example
# The ID of the provider, which can be retrieved from e.g. the ProxyPRovider via "kubectl get pp proxy-provider-example -o jsonpath='{.status.pk}'"
provider: 105
```
### PolicyBinding
The PolicyBinding is used to bind a policy to a target, e.g. allow a group or user to access an application.
The PolicyBinding only supports a reduced set of fields.
Example [`policyBinding.yaml`](`artifacts/examples/policyBinding.yaml`):
```yaml
apiVersion: policybinding.t000-n.de/v1alpha1
kind: PolicyBinding
metadata:
name: policy-binding-example
spec:
group: 14ab813f-a7f9-481b-9b08-781953ae9ebf
# The ID of the target, e.g. an Application, which can be retrieved from e.g. the Application via "kubectl get app application-example -o jsonpath='{.status.pk}'"
target: 8dd85627-9c48-49c2-8afc-d73dd122ffc2
# The order in which the policy is applied. This needs to be unique for each PolicyBinding.
order: 1
```
## Versioning