From e181c97bcc1388e436b01852967a7d8f3ab412e1 Mon Sep 17 00:00:00 2001 From: Timo Behrendt Date: Mon, 18 May 2026 20:48:19 +0200 Subject: [PATCH] docs: update docs --- README.md | 40 +++++++++++++++++++++++++++ artifacts/examples/application.yaml | 8 ++++++ artifacts/examples/policyBinding.yaml | 8 ++++++ 3 files changed, 56 insertions(+) create mode 100644 artifacts/examples/application.yaml create mode 100644 artifacts/examples/policyBinding.yaml diff --git a/README.md b/README.md index df09558..82e5680 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,8 @@ Manual changes to the resources in Authentik will be overwritten by the operator | Custom Resource | CRD File | Short Name | | --------------- | ---------------------------------------------------------- | ---------- | | ProxyProvider | [`proxyProvider.yaml`](`artifacts/crd/proxyProvider.yaml`) | pp | +| Application | [`application.yaml`](`artifacts/crd/application.yaml`) | app | +| PolicyBinding | [`policyBinding.yaml`](`artifacts/crd/policyBinding.yaml`) | pb | ### ProxyProvider @@ -36,6 +38,44 @@ spec: The ProxyProvider will be created in Authentik, but will not be assigned to an outpost or an application (Resources are TBD). +### Application + +The Application only supports a reduced set of fields. + +Example [`application.yaml`](`artifacts/examples/application.yaml`): + +```yaml +apiVersion: application.t000-n.de/v1alpha1 +kind: Application +metadata: + name: application-example +spec: + name: Application Example + slug: application-example + # The ID of the provider, which can be retrieved from e.g. the ProxyPRovider via "kubectl get pp proxy-provider-example -o jsonpath='{.status.pk}'" + provider: 105 +``` + +### PolicyBinding + +The PolicyBinding is used to bind a policy to a target, e.g. allow a group or user to access an application. +The PolicyBinding only supports a reduced set of fields. + +Example [`policyBinding.yaml`](`artifacts/examples/policyBinding.yaml`): + +```yaml +apiVersion: policybinding.t000-n.de/v1alpha1 +kind: PolicyBinding +metadata: + name: policy-binding-example +spec: + group: 14ab813f-a7f9-481b-9b08-781953ae9ebf + # The ID of the target, e.g. an Application, which can be retrieved from e.g. the Application via "kubectl get app application-example -o jsonpath='{.status.pk}'" + target: 8dd85627-9c48-49c2-8afc-d73dd122ffc2 + # The order in which the policy is applied. This needs to be unique for each PolicyBinding. + order: 1 +``` + ## Versioning As soon as the operator covers an entire use case, the version will be raised to v1 and follow default versioning rules. Before that, the version will be v1alpha1. diff --git a/artifacts/examples/application.yaml b/artifacts/examples/application.yaml new file mode 100644 index 0000000..c5d1e1d --- /dev/null +++ b/artifacts/examples/application.yaml @@ -0,0 +1,8 @@ +apiVersion: application.t000-n.de/v1alpha1 +kind: Application +metadata: + name: application-example +spec: + name: Application Example + slug: application-example + provider: 105 diff --git a/artifacts/examples/policyBinding.yaml b/artifacts/examples/policyBinding.yaml new file mode 100644 index 0000000..6bde62d --- /dev/null +++ b/artifacts/examples/policyBinding.yaml @@ -0,0 +1,8 @@ +apiVersion: policybinding.t000-n.de/v1alpha1 +kind: PolicyBinding +metadata: + name: policy-binding-example +spec: + group: 14ab813f-a7f9-481b-9b08-781953ae9ebf + target: 8dd85627-9c48-49c2-8afc-d73dd122ffc2 + order: 1