Skip to content

canonical/openfga-operator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

471 Commits
.github
.github
 
 
lib/charms
lib/charms
 
 
src
src
 
 
terraform
terraform
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.jujuignore
.jujuignore
 
 
.markdownlint.yaml
.markdownlint.yaml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.release-please-manifest.json
.release-please-manifest.json
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODEOWNERS
CODEOWNERS
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
charmcraft.yaml
charmcraft.yaml
 
 
fmt-requirements.txt
fmt-requirements.txt
 
 
icon.svg
icon.svg
 
 
integration-requirements.txt
integration-requirements.txt
 
 
lint-requirements.txt
lint-requirements.txt
 
 
pyproject.toml
pyproject.toml
 
 
pytest.ini
pytest.ini
 
 
release-please-config.json
release-please-config.json
 
 
renovate.json
renovate.json
 
 
requirements.txt
requirements.txt
 
 
tox.ini
tox.ini
 
 
unit-requirements.txt
unit-requirements.txt
 
 

Repository files navigation

Charmed OpenFGA Operator

CharmHub Badge Juju License

Continuous Integration Status pre-commit Conventional Commits

Description

This repository contains a Juju Charm for deploying OpenFGA on Kubernetes.

Usage

Bootstrap a microk8s controller using juju and create a new Juju model:

juju add-model openfga

Basic Usage

To deploy a single unit of OpenFGA using its default configuration.

juju deploy openfga-k8s --channel edge
juju deploy postgresql-k8s --channel edge
juju integrate postgresql-k8s:database openfga-k8s

openfga interface

Current charm provides a library for the openfga integration interface. Your application should define an interface in charmcraft.yaml:

requires:
  openfga:
    interface: openfga

Then run

charmcraft fetch-lib charms.openfga_k8s.v1.openfga

Please read usage documentation about openfga library for more information about how to enable openfga interface in your application.

Integrations to new applications are supported via the openfga interface. To create an integration:

juju integrate openfga-k8s <application>

To remove an integration:

juju remove-relation openfga-k8s <application>

tls-certificates interface

The Charmed OpenFGA Operator supports TLS encryption. To enable TLS:

juju deploy self-signed-certificates-operator --channel=latest/stable
juju integrate openfga-k8s tls-certificates-operator

Note: The self-signed certificate is not recommended for production.

Observability

This OpenFGA operator integrates with Canonical Observability Stack (COS) bundle. It comes with a Grafana dashboard and Loki and Prometheus alert rules for basic common scenarios. To integrate with the COS bundle, after you deploy it, you can run:

juju integrate openfga-k8s:grafana-dashboard grafana:grafana-dashboard
juju integrate openfga-k8s:metrics-endpoint prometheus:metrics-endpoint
juju integrate loki:logging openfga-k8s:logging

Security

Security issues in the Charmed OpenFGA k8s Operator can be reported through LaunchPad. Please do not file GitHub issues about security issues.

Contributing

Please see the Juju SDK docs for guidelines on enhancements to this charm following best practice guidelines, and CONTRIBUTING.md for developer guidance.

License

The OpenFGA k8s charm is distributed under the Apache Software License, version 2.0. It installs/operates/depends on OpenFGA, which is licensed under the Apache Software License, version 2.0.

About

A Charmed Operator for running OpenFGA on Kubernetes

github.com/canonical/openfga-operator

Topics

python charm identity-platform openfga

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

8 watching

Forks

6 forks
Report repository

Releases 120

v1.5.0 Latest
Apr 8, 2025
+ 119 releases

Packages

No packages published

Contributors 15

Languages