The init container was only getting RUST_LOG, not the main env block.
This caused it to connect to the config file's database URL (SQLite)
instead of the BARYCENTER__DATABASE__URL env var (PostgreSQL),
resulting in migrations and user-sync running against the wrong
database.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The config-rs crate uses '_' as the default prefix separator, so
BARYCENTER__DATABASE__URL was parsed as _database.url instead of
database.url. Adding prefix_separator("__") ensures double-underscore
env vars are correctly mapped to nested config keys.
Also makes the database section in the Helm ConfigMap conditional so
it can be omitted when the URL is provided via environment variable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Expose authz API port (8082) in Dockerfile and create /app/policies
directory. Extend Helm chart with configurable authz section: inline
KDL policy ConfigMap, existing ConfigMap reference, policies volume
mount, Service port, and a NetworkPolicy restricting the authz port
to same-namespace traffic while leaving the OIDC port unrestricted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add support for valueFrom in environment variables for both main
container and user-sync init container. This enables injecting
values from secrets, configMaps, fieldRefs, and resourceFieldRefs
instead of only hardcoded values.
Updated deployment template to use toYaml for env rendering,
allowing full Kubernetes env var specifications. Added comprehensive
documentation and examples in values.yaml.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add --config flag to both main container and user-sync init container
to explicitly specify the mounted config file path at /app/config/config.toml.
This fixes deserialization errors when the application couldn't find the
config file in the default working directory.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add userSync configuration to values.yaml (existingSecret only)
- Add conditional init container to deployment.yaml
- Create comprehensive README.md with:
- Installation and configuration instructions
- User sync workflow and examples
- Troubleshooting guide
- Security best practices
- Add examples/user-sync-secret.yaml with sample users
- Support declarative user management for Kubernetes/GitOps
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace all remaining references to "crabidp" with "barycenter" across:
- Source code (error diagnostics, CLI name, comments)
- Configuration files and defaults
- Environment variable prefixes (CRABIDP__ → BARYCENTER__)
- Documentation (CLAUDE.md, README.md, DEPLOYMENT.md)
- Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos)
- Database filenames (crabidp.db → barycenter.db)
Add Kubernetes Gateway API support to Helm chart:
- New HTTPRoute template for Gateway API
- Configurable parentRefs, hostnames, filters, and weights
- Support for advanced traffic management features
- Gateway API as modern alternative to traditional Ingress
- Documentation and examples in DEPLOYMENT.md
Benefits of Gateway API:
- More expressive and extensible routing
- Role-oriented design with separation of concerns
- Better vendor portability
- Advanced traffic management capabilities
The Helm chart now supports both traditional Ingress and
Gateway API, allowing users to choose based on their cluster
capabilities and requirements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
