README
¶
Pocket-ID Operator
A Kubernetes operator for managing Pocket-ID instances and resources. It deploys a Pocket-ID Deployment or Statefulset and keeps users, user groups, and OIDC clients in sync with your cluster state.
Disclaimers
This project is not affiliated with Pocket-ID. It is a community-driven project that aims to provide a Kubernetes operator for managing Pocket-ID instances and related resources.
This project is my first time developing for Kubernetes, writing Go, and using AI coding agents. Large chunks of the codebase are generated by AI. I am not a fan of it but in reality this project would have never been completed in a reasonable timeframe without the help of ai. That said, I would never share something I don't understand and I have done my absolute best to audit it all, but there's bound to be some stray lines and logic errors. If this is a non-starter for using the project I absolutely understand. As I get more comfortable with Go and k8s development I will continue to go through the codebase and clean it up. Any contributions, suggestions, or feedback are greatly appreciated!!
Resources
PocketIDInstancePocketIDUserPocketIDUserGroupPocketIDOIDCClient
Documentation
Start here for detailed configuration guides:
docs/README.mddocs/pocketidinstance.mddocs/pocketiduser.mddocs/pocketidusergroup.mddocs/pocketidoidcclient.mddocs/annotations.md
Quickstart
It's recommended to install this operator via the helm chart.
helm install pocket-id-operator oci://ghcr.io/aclerici38/charts/pocket-id-operator:0.6.0 --set instance.spec.encryptionKey.value="secure16+characterKey"
There will also be a generated manifest to install without helm attached to each release.
Development
Install CRDs and deploy the controller:
make install
make deploy IMG=<registry>/pocket-id-operator:tag
Apply a sample instance:
kubectl apply -k config/samples/
Contributing
Run make help for available targets. See the docs in docs/ for CRD usage and
examples.
Acknowledgments
- Pocket-ID - Obviously, Amazing IDP this project is made for
- Kubebuilder - Excellent framework for building Kubernetes controllers
License
Copyright 2026.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1alpha1
Package v1alpha1 contains API Schema definitions for the v1alpha1 API group.
|
Package v1alpha1 contains API Schema definitions for the v1alpha1 API group. |
|
internal
|
|
|
metrics
Package metrics defines and registers Prometheus metrics for the pocket-id-operator.
|
Package metrics defines and registers Prometheus metrics for the pocket-id-operator. |
|
pocketid
Package pocketid provides a clean wrapper around the Pocket-ID API client.
|
Package pocketid provides a clean wrapper around the Pocket-ID API client. |
|
test
|
|