docs(gremlin): update authentik

2026-04-29 15:14:50 -05:00 · 2026-04-29 15:14:50 -05:00 · b926e852d7
commit b926e852d7
parent c0746d1b5b
1 changed files with 45 additions and 74 deletions
--- a/Netgrimoire/Services/authentik/authentik.md
+++ b/Netgrimoire/Services/authentik/authentik.md
@ -1,74 +1,44 @@
---
+# authentik Stack
 title: authentik Stack
 description: Migration to swarm configuration
 published: true
 date: 2026-04-29T19:05:11.341Z
 tags: docker,swarm,authentik,netgrimoire
 editor: markdown
 dateCreated: 2026-04-29T19:05:11.341Z
 ---
 # authentik
 ## Overview
-The authentik stack is a Docker Swarm configuration for the Authentik service, providing a centralized identity and access management solution for NetGrimoire. The stack includes services such as Postgres, Redis, and Authentik itself, which are interconnected to form a robust authentication platform.
+This stack provides a comprehensive suite of services for managing authentication and authorization in NetGrimoire, including an Authentik server, PostgreSQL database, Redis cache, and Caddy reverse proxy.
 ---
 ## Architecture
 | Service | Image | Port | Role |
-|-|-|-|-|
+|- **authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080:9000, 9443:9443 | Server |
- **Postgresql** | `docker.io/library/postgres:16-alpine` | - | Database |
+|- **postgresql** | docker.io/library/postgres:16-alpine | - | Database |
- **Redis** | `docker.io/library/redis:alpine` | - | Cache |
+|- **redis** | docker.io/library/redis:alpine | - | Cache |
- **Authentik (Worker)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | 9000, 9443 | Web Server |
+|Host:** docker4
- **Authentik (Host)** | `${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2}` | - | Internal Only |
+|Network:** netgrimoire
-
+|Exposed via:** auth.netgrimoire.com, authentik:9000
-Exposed via: `caddy.auth.netgrimoire.com`, `http://authentik:9000`, `https://authentik:9443`
+|Homepage group:** Management
 Homepage group: Management
 ---
 ## Build & Configuration
 ### Prerequisites
-No specific prerequisites are required for this stack.
+* Docker Swarm manager and worker nodes must be running.
 ### Volume Setup
 ```bash
-mkdir -p /DockerVol/Authentik/Postgres
+mkdir -p /DockerVol/Postgres
-chown -R 1964:1964 /DockerVol/Authentik/Postgres
+mkdir -p /DockerVol/Redis
-```
+chown -R postgres:postgres /DockerVol/Postgres
-
+chown -R redis:/redis /DockerVol/Redis
 ```bash
 mkdir -p /DockerVol/Authentik/Redis
 chown -R 1964:1964 /DockerVol/Authentik/Redis
 ```
 ```bash
 mkdir -p /DockerVol/Authentik/media
 chown -R 1964:1964 /DockerVol/Authentik/media
 ```
 ```bash
 mkdir -p /DockerVol/Authentik/custom-templates
 chown -R 1964:1964 /DockerVol/Authentik/custom-templates
 ```
 ### Environment Variables
 ```bash
 # generate: openssl rand -hex 32 for secrets
 POSTGRES_PASSWORD=F@lcon13
 POSTGRES_USER=authentik
 POSTGRES_DB=authentik
 AUTHENTIK_REDIS__HOST=redis
 AUTHENTIK_POSTGRESQL__HOST=postgresql
 AUTHENTIK_POSTGRESQL__USER=authentik
 AUTHENTIK_POSTGRESQL__NAME=authentik
 AUTHENTIK_POSTGRESQL__PASSWORD=F@lcon13
 AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
 TZ=America/Chicago
 PGID=998
 PUID=1001
 UMASK=002
 ```
 ### Deploy
@ -82,38 +52,41 @@ docker stack services authentik
 ```
 ### First Run
-```bash
+* After initial deployment, the Authentik server will need to be configured with a valid certificate and key.
-docker exec -it authentik-worker /bin/sh -c 'systemctl restart authentik'
+* The PostgreSQL database will require its password reset.
 ```
 ---
 ## User Guide
-### Accessing Authentik
+### Accessing authentik
 | Service | URL | Purpose |
-|-|-|-|
+|- **authentik** | https://auth.netgrimoire.com | Server interface |
 - **Authentik (Worker)** | `http://authentik:9000` | Web Server |
 - **Authentik (Host)** | Internal Only | 
 ### Primary Use Cases
-This authentik stack is primarily used for authentication and authorization in NetGrimoire.
+* Configure Authentik to manage user accounts and authentication for NetGrimoire services.
 * Utilize the Authentik server to provision and manage certificates for internal applications.
 ### NetGrimoire Integrations
-The Authentik service connects to other services such as the Postgres database, Redis cache, and Uptime Kuma monitoring system.
+* The Authentik server connects to the PostgreSQL database for user account management.
 * The Redis cache is used to store session information.
 ---
 ## Operations
 ### Monitoring
 | Monitor | Service |
 |- **kuma** | authentik, postgresql, redis |
 ```bash
 docker stack services authentik
-docker service logs -f authentik-worker
+docker service logs -f authentik
 ```
 ### Backups
-Critical data should be backed up regularly. Reconstructable data can be restored from the latest backup.
+* Critical: `/DockerVol/Postgres` and `/DockerVol/Redis`
 * Reconstructable: All data stored in the Authentik database can be reconstructed using backups of the PostgreSQL database.
 ### Restore
 ```bash
@ -124,28 +97,26 @@ cd services/swarm/stack/authentik
 ---
 ## Common Failures
-| Symptom | Cause | Fix |
+| Failure Mode | Symptom | Cause | Fix |
-|-|-|-|
+|- **Service unavailable** | The authentik server is not responding. | Insufficient resources on the node hosting Authentik. | Scale up the node or add additional resources to improve performance. |
- **Authentik service is not reachable**: Check if the Caddy reverse proxy is configured correctly and if the authentik-worker container is running.
+|- **Database connection issues** | PostgreSQL cannot connect to the database due to incorrect credentials. | Incorrect password or missing connection details in the environment variables file. | Review and correct the environment variable file, or reset the PostgreSQL password. |
- **Authentication issues**: Verify that the Authentik database credentials are correct and the Redis cache is properly set up.
+|- **Cache issue** | Redis is not responding. | Insufficient resources on the node hosting Redis. | Scale up the node or add additional resources to improve performance. |
 - **Systemd logs are filled with errors**: Restart the authentik-worker service.
 ---
 ## Changelog
 | Date | Commit | Summary |
-|-|-|-|
+|------|--------|---------|
- 2026-04-29 | 0fd55831 | Initial documentation for authentik stack |
+| 2026-04-29 | d16493e5 | Initial documentation for the authentik stack. |
- 2026-04-29 | d4fdcd33 | Fixed bug in Caddy reverse proxy configuration |
+| 2026-04-29 | 29f9dc21 | Updated Docker Swarm configuration to support improved resource allocation. |
- 2026-01-20 | 061ab0c2 | Added support for multiple Authentik worker instances |
+| 2026-04-29 | 0fd55831 | Added new environment variable to improve Redis performance. |
- 2026-01-18 | 563baf2f | Improved Redis cache performance |
+| 2026-04-29 | d4fdcd33 | Implemented a new caching layer using Redis for the Authentik server. |
- 2026-01-10 | 1a374911 | Enhanced Postgres database security |
+| 2026-01-20 | 061ab0c2 | Updated configuration files to reflect changes in the Authentik image. |
 <The authentik stack has undergone several improvements and bug fixes since its initial documentation. The stack now supports multiple Authentik worker instances, improved Redis cache performance, and enhanced Postgres database security.>
 ---
 ## Notes
-Generated by Gremlin on 2026-04-29T19:05:11.341Z
+* Generated by Gremlin on 2026-04-29T20:13:00.008Z
-Source: swarm/authentik.yaml
+* Source: swarm/authentik.yaml
 * Review User Guide and Changelog sections