Add authentication configurations to the repository to support transparency and reuseΒ #19
Description
π¦ Repository Checklist for Authentik PoC Deployment
To ensure the PoC is:
- β Transparent and reusable
- π Easily reproducible across environments
β οΈ Minimizing manual, error-prone configuration
Please include declarative configurations for the following:
π File Structure & Deployment Manifests
- Create a dedicated folder for the PoC setup (e.g.
/configs/authorization) - Add all deployment manifests:
-
authentik-deploy.yaml - Ingress configuration
- Persistent volume claims
- Secrets templates (e.g.
secrets-template.yaml)
-
βοΈ Configuration Files
- Include relevant Authentik configuration files:
- Initial user setup
- OIDC provider settings
- Application definitions
- Access policies
𧩠Authentik Blueprints (Recommended)
To support declarative setup and reduce manual configuration:
-
Add blueprints for:
- Identity Provider (IDP) sources (e.g. OIDC, LDAP, SAML)
- Claim mappings and scopes
- User/group assignments
- Application definitions and access policies
-
Place blueprints in
/config/authentik -
Name files descriptively (e.g.
oidc-idp-source.yaml,claim-mapping-basic.yaml)
π Documentation
- Add a
README.mdinside/authentik-configexplaining:- Purpose of each file
- Step-by-step deployment instructions
- Required dependencies or assumptions
- How to verify that Authentik is running correctly
Its fine to link to external doc sources if they serve the purpose for reproducibility.
π Reusability & Handover Readiness
- Ensure values are templated
- Avoid hardcoded values unless necessary; document them clearly
- Confirm that another supplier can reproduce the setup without undocumented steps
β Final Review
- Test the deployment from scratch using only the repo contents
- Confirm that documentation is clear, complete, and up to date