-
-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow defining Providers and Applications via Kubernetes Resources #4119
Comments
You should already be able to define those via blueprints. Blueprints are just yaml files, so you can store them as config maps and mount them in the worker container. |
That is a good news - i will try to extends the helm-chart with: to collect all the different ConfigMap and Secrets in the Cluster and give them Authentik. like it does grafana for dashboards and datasources: Is there an API to force reload (and not to wait 1h till new blueprints take effect)? |
The authentik worker uses ionotify to get events when a blueprint file is created/updated and will trigger the task to deal with it. Removed files are not automatically removed from this event, but there's a scheduled task that deletes blueprint instances in authentik if the file is not able to be fetched (only blueprints that use file based storage) |
Thats is good to know, theb i have miss understand that: https://goauthentik.io/developer-docs/blueprints/
|
I solve it with this sidecar see HelmChart PR goauthentik/helm#146 |
@BeryJu please review |
i start also develop an HelmChart which setup an blueprint for an OAuth2 Application here: I setup oidc for weave gitops (https://docs.gitops.weave.works/docs/configuration/oidc-access/) with it here: |
Removing has to change the ConfigMap/Secret ;( - for a easy solution i create this issue #5300 |
Closing in favor of #5675 |
Maybe it's a good idea to add CRDs to define Authentik Providers and Applications with Kubernetes Resources. Applications could provide these Resources in their Helm Charts and pass all secret information via K8 Secrets.
This would be a big improvement for security and useability reasons.
The text was updated successfully, but these errors were encountered: