Kaniop is a Kubernetes operator for managing Kanidm.

Kanidm is a modern, secure identity management system that provides authentication and authorization services with support for POSIX accounts, OAuth2, and more.

Kaniop automates deployment and management of Kanidm clusters to provide self-managing, self-scaling, and self-healing identity services. The Kaniop operator does this by building on Kubernetes resources to deploy, configure, provision, scale, upgrade, and monitor Kanidm clusters.

The operator enables declarative identity management through GitOps workflows, allowing you to manage users, groups, OAuth2 clients, and other identity resources using familiar Kubernetes manifests.

Key capabilities include:

• Kanidm Cluster Management: Deploy and manage high-availability Kanidm clusters with automatic replication
• Identity Resources: Declaratively manage persons, groups, OAuth2 clients, and service accounts
• GitOps Ready: Full integration with Git-based workflows for infrastructure-as-code
• Kubernetes Native: Built using Custom Resources and standard Kubernetes patterns
• Production Ready: Comprehensive testing, monitoring, and observability features

For installation, deployment, and administration, see our Documentation and Quickstart Guide.

We welcome contributions. See Contributing to get started.

For filing bugs, suggesting improvements, or requesting new features, please open an issue.

Please use the following to reach members of the community:

• GitHub: Start a discussion or open an issue
• Documentation: pando85.github.io

Official releases of Kaniop can be found on the releases page. Please note that it is strongly recommended that you use official releases of Kaniop, as unreleased versions from the master branch are subject to changes and incompatibilities that will not be supported in the official releases. Builds from the master branch can have functionality changed and even removed at any time without compatibility support and without prior notice.