docs auth

2026-03-16 11:14:12 +01:00
parent d02da33700
commit ae075bbc48
4 changed files with 847 additions and 36 deletions
--- a/README.md
+++ b/README.md
@@ -70,6 +70,7 @@ This repository contains the complete GitOps configuration for our Kubernetes cl
 ✅ **Self-Healing**: Manual cluster changes are reverted
 ✅ **Multi-Source**: Separate chart templates from configuration
 ✅ **Policy Enforcement**: Kyverno ensures security and compliance
+✅ **Authentication**: Automatic sidecar injection (token & OIDC support)
 ✅ **TLS Everywhere**: Automatic Let's Encrypt certificates
 ✅ **Full Observability**: Prometheus, Grafana, Loki integration

@@ -189,6 +190,40 @@ git commit -m "Add myapp credentials"
 git push
 ```

+### Enable Authentication
+
+**See detailed guide**: [Developer Guide - Enabling Authentication](docs/DEVELOPER-GUIDE.md#enabling-authentication-for-applications)
+
+**Quick version**:
+```yaml
+# In helm-values/myapp/values.yaml
+
+# Token-based auth (simple)
+auth:
+  enabled: true
+  type: token
+  tokens:
+  - your-secret-token-here
+
+# OIDC auth (SSO)
+auth:
+  enabled: true
+  type: oidc
+  oidc:
+    authority: https://auth.example.com/realms/master
+    clientId: myapp
+```
+
+Then create OIDC secret (if using OIDC):
+```bash
+kubectl create secret generic auth-oidc \
+  --from-literal=client-secret=your-oidc-secret \
+  --from-literal=cookie-secret=$(openssl rand -hex 32) \
+  --namespace=myapp | \
+  kubeseal --format=yaml --cert=pub-cert.pem --namespace=myapp | \
+  kubectl apply -f -
+```
+
 ### Bootstrap Cluster

 **See detailed guide**: [Operations Runbook - Cluster Bootstrap](docs/OPERATIONS-RUNBOOK.md#cluster-bootstrap)