This document provides comprehensive instructions for deploying and using the OpenFGA Operator v0.1.0-alpha release.
- ✅ Core operator functionality with security-first design
- ✅ Advanced admission controller framework
- ✅ Git commit verification and developer authentication
- ✅ Malicious code injection analysis
- ✅ Container image scanning and vulnerability assessment
- ✅ Support for both Docker and Podman container runtimes
- ✅ Comprehensive shell compatibility (bash, dash, etc.)
- ✅ Minikube deployment scripts and validation
- Kubernetes cluster (v1.20+)
- kubectl configured for your cluster
- Docker or Podman (for local builds)
- Minikube (for local development)
# Install CRDs
make install-crds
# Deploy the alpha release
IMAGE_TAG=v0.1.0-alpha make minikube-deploy-registry# Pull the alpha image
docker pull ghcr.io/jralmaraz/authcore-openfga-operator:v0.1.0-alpha
# Tag for local use
docker tag ghcr.io/jralmaraz/authcore-openfga-operator:v0.1.0-alpha openfga-operator:latest
# Deploy using standard scripts
./scripts/minikube/deploy-operator.sh# Clone the repository
git clone https://github.com/jralmaraz/authcore-openfga-operator
cd authcore-openfga-operator
# Checkout the alpha tag
git checkout v0.1.0-alpha
# Build and deploy
make alpha-build
make minikube-deploy-localThe OpenFGA Operator alpha release is available on GitHub Container Registry:
- Registry:
ghcr.io/jralmaraz/authcore-openfga-operator - Alpha Tag:
v0.1.0-alpha - Latest Tag:
latest(also points to alpha)
# Pull specific alpha version
docker pull ghcr.io/jralmaraz/authcore-openfga-operator:v0.1.0-alpha
# Pull latest (alpha)
docker pull ghcr.io/jralmaraz/authcore-openfga-operator:latest
# Using Podman
podman pull ghcr.io/jralmaraz/authcore-openfga-operator:v0.1.0-alpha# Complete setup and deployment
make minikube-setup-and-deploy-registry
# Or step by step
minikube start
make install-crds
IMAGE_TAG=v0.1.0-alpha make minikube-deploy-registry# Install CRDs
kubectl apply -f crds/
# Create namespace
kubectl create namespace openfga-system
# Deploy operator
kubectl apply -f k8s/After deployment, validate the operator is working:
# Check operator pod
kubectl get pods -n openfga-system
# Check CRDs are installed
kubectl get crd openfgas.authorization.openfga.dev
# Run validation script
./scripts/minikube/validate-deployment.sh- This is an alpha release intended for testing and evaluation
- Not recommended for production use
- APIs may change in future releases
- Limited error handling in some edge cases
- If deployment fails, try cleaning up and redeploying:
kubectl delete namespace openfga-system make minikube-deploy-registry
CONTAINER_RUNTIME: Set todockerorpodmanto specify runtimeIMAGE_TAG: Override the image tag (default:latest)IMAGE_REGISTRY: Override the registry (default:ghcr.io/jralmaraz/authcore-openfga-operator)
# Use Podman with specific tag
CONTAINER_RUNTIME=podman IMAGE_TAG=v0.1.0-alpha make minikube-deploy-registry-
Image Pull Errors
# Verify image exists docker pull ghcr.io/jralmaraz/authcore-openfga-operator:v0.1.0-alpha -
CRD Installation Failures
# Manually install CRDs kubectl apply -f crds/openfga.authorization.openfga.dev_openfgas.yaml -
Operator Pod Not Starting
# Check logs kubectl logs -n openfga-system -l app=openfga-operator
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Security: security@openfga.dev
After successful deployment:
- Deploy demo applications:
./scripts/deploy-demos.sh - Explore examples in the
examples/directory - Read the comprehensive documentation in
docs/ - Provide feedback through GitHub issues
When v0.2.0 is released:
# Update to next version
IMAGE_TAG=v0.2.0 make minikube-deploy-registry- Initial alpha release
- Core operator functionality
- Security-first architecture
- Container runtime flexibility
- Comprehensive deployment scripts
- Shell compatibility improvements