|
|
@@ -11,6 +11,8 @@ Manual changes to the resources in Authentik will be overwritten by the operator
|
|
|
|
| Custom Resource | CRD File | Short Name |
|
|
|
|
| Custom Resource | CRD File | Short Name |
|
|
|
|
| --------------- | ---------------------------------------------------------- | ---------- |
|
|
|
|
| --------------- | ---------------------------------------------------------- | ---------- |
|
|
|
|
| ProxyProvider | [`proxyProvider.yaml`](`artifacts/crd/proxyProvider.yaml`) | pp |
|
|
|
|
| ProxyProvider | [`proxyProvider.yaml`](`artifacts/crd/proxyProvider.yaml`) | pp |
|
|
|
|
|
|
|
|
| Application | [`application.yaml`](`artifacts/crd/application.yaml`) | app |
|
|
|
|
|
|
|
|
| PolicyBinding | [`policyBinding.yaml`](`artifacts/crd/policyBinding.yaml`) | pb |
|
|
|
|
|
|
|
|
|
|
|
|
### ProxyProvider
|
|
|
|
### ProxyProvider
|
|
|
|
|
|
|
|
|
|
|
@@ -36,6 +38,44 @@ spec:
|
|
|
|
|
|
|
|
|
|
|
|
The ProxyProvider will be created in Authentik, but will not be assigned to an outpost or an application (Resources are TBD).
|
|
|
|
The ProxyProvider will be created in Authentik, but will not be assigned to an outpost or an application (Resources are TBD).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Application
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Application only supports a reduced set of fields.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example [`application.yaml`](`artifacts/examples/application.yaml`):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
|
|
|
apiVersion: application.t000-n.de/v1alpha1
|
|
|
|
|
|
|
|
kind: Application
|
|
|
|
|
|
|
|
metadata:
|
|
|
|
|
|
|
|
name: application-example
|
|
|
|
|
|
|
|
spec:
|
|
|
|
|
|
|
|
name: Application Example
|
|
|
|
|
|
|
|
slug: application-example
|
|
|
|
|
|
|
|
# The ID of the provider, which can be retrieved from e.g. the ProxyPRovider via "kubectl get pp proxy-provider-example -o jsonpath='{.status.pk}'"
|
|
|
|
|
|
|
|
provider: 105
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### PolicyBinding
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The PolicyBinding is used to bind a policy to a target, e.g. allow a group or user to access an application.
|
|
|
|
|
|
|
|
The PolicyBinding only supports a reduced set of fields.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example [`policyBinding.yaml`](`artifacts/examples/policyBinding.yaml`):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
|
|
|
apiVersion: policybinding.t000-n.de/v1alpha1
|
|
|
|
|
|
|
|
kind: PolicyBinding
|
|
|
|
|
|
|
|
metadata:
|
|
|
|
|
|
|
|
name: policy-binding-example
|
|
|
|
|
|
|
|
spec:
|
|
|
|
|
|
|
|
group: 14ab813f-a7f9-481b-9b08-781953ae9ebf
|
|
|
|
|
|
|
|
# The ID of the target, e.g. an Application, which can be retrieved from e.g. the Application via "kubectl get app application-example -o jsonpath='{.status.pk}'"
|
|
|
|
|
|
|
|
target: 8dd85627-9c48-49c2-8afc-d73dd122ffc2
|
|
|
|
|
|
|
|
# The order in which the policy is applied. This needs to be unique for each PolicyBinding.
|
|
|
|
|
|
|
|
order: 1
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## Versioning
|
|
|
|
## Versioning
|
|
|
|
|
|
|
|
|
|
|
|
As soon as the operator covers an entire use case, the version will be raised to v1 and follow default versioning rules. Before that, the version will be v1alpha1.
|
|
|
|
As soon as the operator covers an entire use case, the version will be raised to v1 and follow default versioning rules. Before that, the version will be v1alpha1.
|
|
|
|