Allow defining Providers and Applications via Kubernetes Resources #4119
Comments
|
You should already be able to define those via blueprints. Blueprints are just yaml files, so you can store them as config maps and mount them in the worker container. |
|
That is a good news - i will try to extends the helm-chart with: to collect all the different ConfigMap and Secrets in the Cluster and give them Authentik. like it does grafana for dashboards and datasources: Is there an API to force reload (and not to wait 1h till new blueprints take effect)? |
|
The authentik worker uses ionotify to get events when a blueprint file is created/updated and will trigger the task to deal with it. Removed files are not automatically removed from this event, but there's a scheduled task that deletes blueprint instances in authentik if the file is not able to be fetched (only blueprints that use file based storage) |
|
Thats is good to know, theb i have miss understand that: https://goauthentik.io/developer-docs/blueprints/
|
|
I solve it with this sidecar see HelmChart PR goauthentik/helm#146 |
|
@BeryJu please review |
|
i start also develop an HelmChart which setup an blueprint for an OAuth2 Application here: I setup oidc for weave gitops (https://docs.gitops.weave.works/docs/configuration/oidc-access/) with it here: |
|
Removing has to change the ConfigMap/Secret ;( - for a easy solution i create this issue #5300 |
|
Closing in favor of #5675 |
Maybe it's a good idea to add CRDs to define Authentik Providers and Applications with Kubernetes Resources. Applications could provide these Resources in their Helm Charts and pass all secret information via K8 Secrets.
This would be a big improvement for security and useability reasons.
The text was updated successfully, but these errors were encountered: