Version: 1.4

Authentication with OAuth using Authentik

To configure an external Identity Provider (IdP), such as Authentik, you need to:

Procedure

1. Create a Kubernetes Secret with credentials

The provider requires a Secret with the necessary credentials.

YAML file for OIDC provider (Authentik):

apiVersion: v1
kind: Secret
metadata:
  name: my-authentik
  namespace: resiliency-system
type: Opaque
stringData:
  clientID: <your-client-id>
  clientSecret: <your-client-secret>
  issuer: https://<your-authentik-domain>/application/o/<your-application-id>/

2. Apply the Secret

Once the YAML is ready, apply it with:

kubectl apply -f my-authentik-secret.yaml

3. Get current Instance config and save to a file

kubectl get instances.core.resiliency.io resiliency-io \
  -n resiliency-system \
  -o yaml > instance.yaml

4. Edit the file

Apply the following changes to the instance.yaml:

apiVersion: core.resiliency.io/v1alpha1
kind: Instance
metadata:
  name: resiliency-io
  namespace: resiliency-system
spec:
  ...
  auth:
    ssoProviders:
    # You have to configure authentik provider
    
    - oidc:
        name: Authentik
        secretName: my-authentik

5. Update

Apply the instance.yaml file with the following command:

kubectl apply -f instance.yaml

Procedure​

1. Create a Kubernetes Secret with credentials​

2. Apply the Secret​

3. Get current Instance config and save to a file​

4. Edit the file​

5. Update​