iiRecord
Agentic AI Atlas · Kradle Identity Model
definition:kradle-identity-modela5c.ai
II.
Definition overview

definition:kradle-identity-model

Reference · live

Kradle Identity Model overview

Inspect the raw attributes, linked wiki pages, and inbound or outbound graph edges for definition:kradle-identity-model.

DefinitionOutgoing · 5Incoming · 0

Attributes

displayName
Kradle Identity Model
authoredAt
2026-05-10T00:00:00Z
text
Kradle's identity and access control model built on Kubernetes RBAC primitives extended with org-scoped semantics: Organization: Top-level tenant boundary. Cluster-scoped CRD that owns namespaces and all org-scoped resources. User: Maps to a Kubernetes user identity (x509 cert or OIDC subject). Can belong to multiple organizations with different roles in each. Team: Named group within an org. Supports nested teams, LDAP/SCIM sync, and team-scoped repository permissions. ServiceAccount: Bot identities for automation, CI, and agent dispatch. RBAC: Four-level role hierarchy — GlobalRole (cluster-wide), OrgRole (org-wide), Role (namespace/repo-scoped), and RoleBinding at each level. Predefined roles include org-owner, org-admin, repo-admin, repo-writer, repo-reader, agent-dispatcher. Authentication flows support OIDC, x509 client certificates, personal access tokens, and SSH keys. Authorization is evaluated by the Kubernetes API server using Kradle's custom authorizer webhook, which resolves org membership and team permissions.
status
canonical

Outgoing edges

applies_to2
supports3

Incoming edges

None.