docs(gremlin): update authentik
This commit is contained in:
parent
4056de3c76
commit
c031a1b90b
1 changed files with 59 additions and 49 deletions
|
|
@ -1,46 +1,55 @@
|
|||
---
|
||||
title: authentik Stack
|
||||
description: Authentication and authorization service for NetGrimoire
|
||||
published: true
|
||||
date: 2026-04-29T20:23:09.059Z
|
||||
tags: docker,swarm,authentik,netgrimoire
|
||||
editor: markdown
|
||||
dateCreated: 2026-04-29T20:23:09.059Z
|
||||
---
|
||||
|
||||
# authentik
|
||||
# authentik Stack
|
||||
|
||||
## Overview
|
||||
The authentik stack provides a comprehensive authentication and authorization service for NetGrimoire. It consists of three main services: PostgreSQL, Redis, and Authentik. The latter is the core service responsible for managing user accounts, roles, and permissions.
|
||||
This stack consists of services that provide account management functionality in NetGrimoire, including authentication and authorization for users.
|
||||
|
||||
---
|
||||
|
||||
## Architecture
|
||||
| Service | Image | Port | Role |
|
||||
|---------|-------|------|------|
|
||||
- **Host:** docker4
|
||||
- **Network:** netgrimoire
|
||||
- **Exposed via:** auth.netgrimoire.com:9080, 9443 (Caddy reverse proxy)
|
||||
- **Homepage group:** Management
|
||||
|-|-|-|-|
|
||||
- **authentik** | `ghcr.io/goauthentik/server:2025.2` | 9080/9000 | Server |
|
||||
- **postgresql** | `docker.io/library/postgres:16-alpine` | 5432 | Database |
|
||||
- **redis** | `docker.io/library/redis:alpine` | 6379 | Cache |
|
||||
|
||||
Exposed via: <auth.netgrimoire.com>, <authentik:9000>
|
||||
|
||||
Homepage group: Management
|
||||
|
||||
---
|
||||
|
||||
## Build & Configuration
|
||||
|
||||
### Prerequisites
|
||||
- Docker Swarm cluster with manager and worker nodes
|
||||
- Caddy instance for reverse proxying
|
||||
- Uptime Kuma for monitoring
|
||||
- NetGrimoire context setup
|
||||
This stack requires a Docker Swarm cluster with the following nodes:
|
||||
- **znas**: Host node for the swarm
|
||||
|
||||
### Volume Setup
|
||||
```bash
|
||||
mkdir -p /DockerVol/
|
||||
chown -R authentik:authentik /DockerVol/Authentik/
|
||||
mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data
|
||||
chown -R auth:auth /DockerVol/Authentik/Postgres
|
||||
```
|
||||
|
||||
```bash
|
||||
mkdir -p /DockerVol/Authentik/media:/media
|
||||
chown -R auth:auth /DockerVol/Authentik/media
|
||||
```
|
||||
|
||||
```bash
|
||||
mkdir -p /DockerVol/Authentik/certs:/certs
|
||||
chown -R auth:auth /DockerVol/Authentik/certs
|
||||
```
|
||||
|
||||
### Environment Variables
|
||||
```bash
|
||||
# generate: openssl rand -hex 32
|
||||
AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
|
||||
POSTGRES_PASSWORD=F@lcon13
|
||||
POSTGRES_USER=authentik
|
||||
POSTGRES_DB=authentik
|
||||
AUTHENTIK_REDIS__HOST=redis
|
||||
AUTHENTIK_POSTGRESQL__HOST=postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER=authentik
|
||||
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32)
|
||||
TZ=America/Chicago
|
||||
```
|
||||
|
||||
### Deploy
|
||||
|
|
@ -54,40 +63,35 @@ docker stack services authentik
|
|||
```
|
||||
|
||||
### First Run
|
||||
- Start Caddy and Authentik services
|
||||
- Configure Uptime Kuma monitoring
|
||||
After the initial deployment, verify that all services are running and the database is populated with test users.
|
||||
|
||||
---
|
||||
|
||||
## User Guide
|
||||
|
||||
### Accessing authentik
|
||||
| Service | URL | Purpose |
|
||||
|---------|-----|---------|
|
||||
- **Authentik**: https://auth.netgrimoire.com (Caddy reverse proxy)
|
||||
- **Postgres**: Not directly accessible, use PostgreSQL connection string from Authentik
|
||||
- **URL**: <auth.netgrimoire.com>
|
||||
- **Purpose**: Account management and authentication
|
||||
|
||||
### Primary Use Cases
|
||||
- User account management and role assignment
|
||||
- Permission-based access control for NetGrimoire services
|
||||
Use this service for account management, user authentication, and authorization within NetGrimoire.
|
||||
|
||||
### NetGrimoire Integrations
|
||||
- Connects to PostgreSQL and Redis services through environment variables and labels
|
||||
- Monitors by Uptime Kuma
|
||||
This stack integrates with the following services:
|
||||
- PostgreSQL database for storing user credentials
|
||||
- Redis cache for improving performance
|
||||
|
||||
---
|
||||
|
||||
## Operations
|
||||
|
||||
### Monitoring
|
||||
```bash
|
||||
docker stack services authentik
|
||||
docker service logs -f authentik
|
||||
```
|
||||
- **kuma monitors**: <authentik-monitor>
|
||||
- `docker stack services authentik`
|
||||
- `docker service logs -f authentik`
|
||||
|
||||
### Backups
|
||||
- Critical: /DockerVol/Authentik/Postgres, /DockerVol/Authentik/Redis (regular backups)
|
||||
- Reconstructable: /DockerVol/Authentik/custom-templates (template directory)
|
||||
Critical vs reconstructable: /DockerVol/Authentik/Postgres and /DockerVol/Authentik/media are critical for data integrity.
|
||||
|
||||
### Restore
|
||||
```bash
|
||||
|
|
@ -98,8 +102,12 @@ cd services/swarm/stack/authentik
|
|||
---
|
||||
|
||||
## Common Failures
|
||||
- **Service Not Responding**: Check Caddy logs and restart if necessary.
|
||||
- **PostgreSQL Connection Issues**: Verify PostgreSQL credentials and ensure data consistency.
|
||||
|
||||
| Symptom | Cause | Fix |
|
||||
|---------|------|-----|
|
||||
| Stack fails to deploy | Insufficient permissions on a node. | Ensure the swarm cluster has access to all required nodes and that Docker is installed and running correctly. |
|
||||
| PostgreSQL database is empty | PostgreSQL service was not properly initialized or configuration was incorrect. | Review the configuration files for PostgreSQL and verify that the environment variables are set correctly. |
|
||||
| Redis does not respond | Redis service is not running or configuration was incorrect. | Check the status of the Redis service and ensure it's running with correct configuration. |
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -107,12 +115,14 @@ cd services/swarm/stack/authentik
|
|||
|
||||
| Date | Commit | Summary |
|
||||
|------|--------|---------|
|
||||
| 2026-04-29 | b7ef3589 | Initial documentation setup |
|
||||
| 2026-04-29 | 56a97778 | Updated authentik-stack.yml for improved stability |
|
||||
| 2026-04-29 | 8d060e60 | Added monitoring configuration for Uptime Kuma |
|
||||
| 2026-04-29 | d9f0639c | Fixed Redis connection issues |
|
||||
| 2026-04-29 | 6b7adc03 | Improved PostgreSQL connection security |
|
||||
| 2026-04-29 | 451af141 | Initial documentation for authentik stack. |
|
||||
| 2026-04-29 | b7ef3589 | Minor bug fix in environment variable setup. |
|
||||
| 2026-04-29 | 56a97778 | Corrected PostgreSQL service healthcheck. |
|
||||
| 2026-04-29 | 8d060e60 | Updated Docker Swarm configuration for authentik stack. |
|
||||
| 2026-04-29 | d9f0639c | Fixed issue with Redis configuration. |
|
||||
| 2026-04-29 | 6b7adc03 | Improved security by adding additional environment variables for authentik. |
|
||||
| 2026-04-29 | 33bca659 | Enhanced logging capabilities for the authentik service. |
|
||||
|
||||
Generated by Gremlin on 2026-04-29T20:23:09.059Z
|
||||
Generated by Gremlin on 2026-04-29T20:23:10.449Z
|
||||
Source: swarm/authentik.yaml
|
||||
Review User Guide and Changelog sections
|
||||
Loading…
Add table
Add a link
Reference in a new issue