Version: 1.2

Authentication with OAuth

To configure an external Identity Provider (IdP), such as Microsoft or Authentik, you need to:

Procedure

1. Create a Kubernetes Secret with credentials

Each provider requires a Secret with the necessary credentials.

YAML file for OIDC provider (Authentik):

apiVersion: v1
kind: Secret
metadata:
  name: my-authentik
  namespace: resiliency-system
type: Opaque
stringData:
  clientID: <your-client-id>
  clientSecret: <your-client-secret>
  issuer: https://<your-authentik-domain>/application/o/<your-application-id>/

YAML file for Microsoft:

apiVersion: v1
kind: Secret
metadata:
  name: my-microsoft
  namespace: resiliency-system
type: Opaque
stringData:
  clientID: <your-client-id>
  clientSecret: <your-client-secret>
  tenant: <your-azure-tenant-id>

2. Apply the Secret

Once the YAML is ready, apply it with:

kubectl apply -f my-authentik-secret.yaml
# or
kubectl apply -f my-microsoft-secret.yaml

3. Get current Instance config and save to a file

kubectl get instances.core.resiliency.io resiliency-io \
  -n resiliency-system \
  -o yaml > instance.yaml

4. Edit the file

Apply the following changes to the instance.yaml:

apiVersion: core.resiliency.io/v1alpha1
kind: Instance
metadata:
  name: resiliency-io
  namespace: resiliency-system
spec:
  ...
  auth:
    ssoProviders:
    # You can configure one or both providers below

    # Optional: Microsoft Azure AD
    - microsoft:
        name: Microsoft
        secretName: my-microsoft

    # Optional: Authentik OIDC
    - oidc:
        name: Authentik
        secretName: my-authentik

5. Update

Apply the instance.yaml file with the following command:

kubectl apply -f instance.yaml

Procedure​

1. Create a Kubernetes Secret with credentials​

2. Apply the Secret​

3. Get current Instance config and save to a file​

4. Edit the file​

5. Update​