This documentation is for v0.0-beta.1 and not the latest stable release. View the latest documentation →

Kaniop Documentation

    Quickstart

    This quickstart will guide you through deploying a Kanidm cluster with Kaniop and creating your first identity resources. In about 10 minutes, you’ll have a fully functional identity management system running on Kubernetes.

    Prerequisites

    • A Kubernetes cluster (v1.20+)
    • kubectl configured to access your cluster
    • Helm v3 installed

    Step 1: Install the Operator

    Install the Kaniop operator using Helm:

    helm install --create-namespace --namespace kaniop --wait kaniop oci://ghcr.io/pando85/helm-charts/kaniop

    Verify the operator is running:

    kubectl get pods -n kaniop
# Expected output: kaniop-<release-name> pod in Running state

    Step 2: Deploy a Kanidm Cluster

    Create a simple Kanidm cluster configuration. You can use the basic example from the repository:

    # Use the basic Kanidm example
kubectl apply -f https://raw.githubusercontent.com/pando85/kaniop/master/examples/kanidm-tls.yaml
kubectl apply -f https://raw.githubusercontent.com/pando85/kaniop/master/examples/kanidm.yaml

    Wait for the StatefulSet to be ready:

    kubectl get statefulsets -l kanidm.kaniop.rs/cluster=my-idm
kubectl wait --for=condition=ready pod -l kanidm.kaniop.rs/cluster=my-idm --timeout=300s

    Step 3: Configure OAuth2 Client

    Set up an OAuth2 client using the repository example:

    # Use the OAuth2 client example
kubectl apply -f https://raw.githubusercontent.com/pando85/kaniop/master/examples/oauth2.yaml

    You can verify it with:

    kubectl get kanidmoauth2clients

    Step 4: Create a Group

    Create a group using the repository example:

    # Use the group example
kubectl apply -f https://raw.githubusercontent.com/pando85/kaniop/master/examples/group.yaml

    Verify the group was created:

    kubectl get kanidmgroups

    Step 5: Create a Person Account

    Create a user account using the example from the repository:

    # Use the person example
kubectl apply -f https://raw.githubusercontent.com/pando85/kaniop/master/examples/person.yaml

    Verify the account was created and get the link to set the credentials:

    kubectl get kanidmpersonaccounts
kubectl describe kanidmpersonaccount me

    Next Steps

    🎉 Congratulations! You now have:

    • A running Kanidm cluster managed by Kaniop
    • An OAuth2 client (my-service) for application integration
    • A group (my-group) for organizing users
    • A user account (me) ready for configuration

    Explore More Examples

    The examples/ directory contains additional configurations:

    What’s Next?

    1. Installation Guide: Learn about production-ready configurations
    2. Usage Guide: Dive deeper into managing persons, groups, and OAuth2 clients
    3. Configuration: Customize your Kaniop deployment with Helm values

    Accessing Your Kanidm Instance

    To access the Kanidm web interface:

    kubectl port-forward svc/my-idm 8443:8443 -n default

    Then open https://localhost:8443 in your browser.