docs

README.md

@@ -2,4 +2,36 @@
 
 Authentik Kubernetes Operator allows to manage Authentik resources directly in Kubernetes using Custom Kubernetes Resources.
 
-## Features
+The custom resources of this operator ultimately will mirror the Authentik resources. New resources will be added as there is a need for them.
+
+Manual changes to the resources in Authentik will be overwritten by the operator. So always manage the resources in Kubernetes.
+
+## Custom Resources
+
+| Custom Resource | CRD File                                                   | Short Name |
+| --------------- | ---------------------------------------------------------- | ---------- |
+| ProxyProvider   | [`proxyProvider.yaml`](`artifacts/crd/proxyProvider.yaml`) | pp         |
+
+### ProxyProvider
+
+Currently only the "Forward Single" ProxyProvider is supported and only a reduced set of fields are exposed by the custom resources.
+
+Example [`proxyProvider.yaml`](`artifacts/examples/proxyProvider.yaml`):
+
+```yaml
+apiVersion: proxyprovider.t000-n.de/v1
+kind: ProxyProvider
+metadata:
+  name: proxy-provider-example
+  namespace: kube-system
+spec:
+  name: proxy-provider-example
+  # The ID of the authorization flow. In this example: "default-provider-authorization-implicit-consent (Authorize Application)"
+  authorization_flow: 16896c6d-b326-42d1-8d3f-93f32921962e
+  # The ID of the invalidation flow. In this example: "default-provider-invalidation-flow (Logged out of application)"
+  invalidation_flow: 7acac1ef-19e3-4a6f-8d8d-14ca7031d184
+  # The external host of your application.
+  external_host: https://example.t00n.de
+```
+
+The ProxyProvider will be created in Authentik, but will not be assigned to an outpost or an application (Resources are TBD).