docs(gremlin): update authentik
This commit is contained in:
parent
c031a1b90b
commit
e3728e7997
1 changed files with 49 additions and 57 deletions
|
|
@ -1,19 +1,29 @@
|
|||
# authentik Stack
|
||||
---
|
||||
title: authentik Stack
|
||||
description: Authentik Service in NetGrimoire
|
||||
published: true
|
||||
date: 2026-04-29T20:35:00.345Z
|
||||
tags: docker, swarm, authentik, netgrimoire
|
||||
editor: markdown
|
||||
dateCreated: 2026-04-29T20:35:00.345Z
|
||||
|
||||
# authentik
|
||||
|
||||
## Overview
|
||||
This stack consists of services that provide account management functionality in NetGrimoire, including authentication and authorization for users.
|
||||
|
||||
The authentik Stack is a Docker Swarm-based service in NetGrimoire that provides account management capabilities. The stack consists of the authentik server, a PostgreSQL database for storing user data, and a Redis instance for caching and temporary storage.
|
||||
|
||||
---
|
||||
|
||||
## Architecture
|
||||
|
||||
| Service | Image | Port | Role |
|
||||
|-|-|-|-|
|
||||
- **authentik** | `ghcr.io/goauthentik/server:2025.2` | 9080/9000 | Server |
|
||||
- **postgresql** | `docker.io/library/postgres:16-alpine` | 5432 | Database |
|
||||
- **redis** | `docker.io/library/redis:alpine` | 6379 | Cache |
|
||||
|
||||
Exposed via: <auth.netgrimoire.com>, <authentik:9000>
|
||||
|---------|-------|------|------|
|
||||
- **Authentik** | ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} | 9080/9000, 9443/9443 | Server, Cache, Storage |
|
||||
- **PostgreSQL** | docker.io/library/postgres:16-alpine | 5432 | Database |
|
||||
- **Redis** | docker.io/library/redis:alpine | 6379 | Cache, Temp Storage |
|
||||
|
||||
Exposed via: auth.netgrimoire.com
|
||||
Homepage group: Management
|
||||
|
||||
---
|
||||
|
|
@ -21,35 +31,21 @@ Homepage group: Management
|
|||
## Build & Configuration
|
||||
|
||||
### Prerequisites
|
||||
This stack requires a Docker Swarm cluster with the following nodes:
|
||||
- **znas**: Host node for the swarm
|
||||
Ensure Docker Swarm is configured and running on znas with worker nodes as docker4.
|
||||
|
||||
### Volume Setup
|
||||
```bash
|
||||
mkdir -p /DockerVol/Authentik/Postgres:/var/lib/postgresql/data
|
||||
chown -R auth:auth /DockerVol/Authentik/Postgres
|
||||
```
|
||||
|
||||
```bash
|
||||
mkdir -p /DockerVol/Authentik/media:/media
|
||||
chown -R auth:auth /DockerVol/Authentik/media
|
||||
```
|
||||
|
||||
```bash
|
||||
mkdir -p /DockerVol/Authentik/certs:/certs
|
||||
chown -R auth:auth /DockerVol/Authentik/certs
|
||||
mkdir -p /DockerVol/Authentik
|
||||
chown -R 1964:1964 Authentik
|
||||
```
|
||||
|
||||
### Environment Variables
|
||||
```bash
|
||||
POSTGRES_PASSWORD=F@lcon13
|
||||
POSTGRES_USER=authentik
|
||||
POSTGRES_DB=authentik
|
||||
AUTHENTIK_REDIS__HOST=redis
|
||||
AUTHENTIK_POSTGRESQL__HOST=postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER=authentik
|
||||
AUTHENTIK_POSTGRESQL__NAME=authentik
|
||||
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 32)
|
||||
TZ=America/Chicago
|
||||
```
|
||||
|
||||
### Deploy
|
||||
|
|
@ -63,51 +59,46 @@ docker stack services authentik
|
|||
```
|
||||
|
||||
### First Run
|
||||
After the initial deployment, verify that all services are running and the database is populated with test users.
|
||||
Run `./deploy.sh` to initialize the authentik setup.
|
||||
|
||||
---
|
||||
|
||||
## User Guide
|
||||
|
||||
### Accessing authentik
|
||||
- **URL**: <auth.netgrimoire.com>
|
||||
- **Purpose**: Account management and authentication
|
||||
| Service | URL | Purpose |
|
||||
- **Authentik** | https://auth.netgrimoire.com | Server, Login |
|
||||
|
||||
### Primary Use Cases
|
||||
Use this service for account management, user authentication, and authorization within NetGrimoire.
|
||||
Use authentik for account management and authentication purposes in NetGrimoire.
|
||||
|
||||
### NetGrimoire Integrations
|
||||
This stack integrates with the following services:
|
||||
- PostgreSQL database for storing user credentials
|
||||
- Redis cache for improving performance
|
||||
This service integrates with other NetGrimoire services via environment variables, such as Uptime Kuma monitoring and Caddy reverse proxying.
|
||||
|
||||
---
|
||||
|
||||
## Operations
|
||||
|
||||
### Monitoring
|
||||
- **kuma monitors**: <authentik-monitor>
|
||||
- `docker stack services authentik`
|
||||
- `docker service logs -f authentik`
|
||||
Uptime Kuma monitors this service with labels: kuma.authentik.*
|
||||
|
||||
```bash
|
||||
docker stack services authentik
|
||||
docker service logs -f authentik
|
||||
```
|
||||
|
||||
### Backups
|
||||
Critical vs reconstructable: /DockerVol/Authentik/Postgres and /DockerVol/Authentik/media are critical for data integrity.
|
||||
Critical data is stored on a persistent volume at /DockerVol/Authentik. Regular backups should be performed to ensure data integrity.
|
||||
|
||||
### Restore
|
||||
```bash
|
||||
cd services/swarm/stack/authentik
|
||||
./deploy.sh
|
||||
```
|
||||
Restore from a backup by running `./deploy.sh`.
|
||||
|
||||
---
|
||||
|
||||
## Common Failures
|
||||
|
||||
| Symptom | Cause | Fix |
|
||||
|---------|------|-----|
|
||||
| Stack fails to deploy | Insufficient permissions on a node. | Ensure the swarm cluster has access to all required nodes and that Docker is installed and running correctly. |
|
||||
| PostgreSQL database is empty | PostgreSQL service was not properly initialized or configuration was incorrect. | Review the configuration files for PostgreSQL and verify that the environment variables are set correctly. |
|
||||
| Redis does not respond | Redis service is not running or configuration was incorrect. | Check the status of the Redis service and ensure it's running with correct configuration. |
|
||||
| Failure | Symptom | Cause | Fix |
|
||||
- **Authentik down** | Service not available | Postgres or Redis issues | Check and restart Postgres or Redis services.
|
||||
- **Connection timeout** | Connection errors | Authentik or database issues | Check authentik logs for connection errors, restart authentik service.
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -115,14 +106,15 @@ cd services/swarm/stack/authentik
|
|||
|
||||
| Date | Commit | Summary |
|
||||
|------|--------|---------|
|
||||
| 2026-04-29 | 451af141 | Initial documentation for authentik stack. |
|
||||
| 2026-04-29 | b7ef3589 | Minor bug fix in environment variable setup. |
|
||||
| 2026-04-29 | 56a97778 | Corrected PostgreSQL service healthcheck. |
|
||||
| 2026-04-29 | 8d060e60 | Updated Docker Swarm configuration for authentik stack. |
|
||||
| 2026-04-29 | d9f0639c | Fixed issue with Redis configuration. |
|
||||
| 2026-04-29 | 6b7adc03 | Improved security by adding additional environment variables for authentik. |
|
||||
| 2026-04-29 | 33bca659 | Enhanced logging capabilities for the authentik service. |
|
||||
| 2026-04-29 | 716ad8c0 | Initial documentation creation. |
|
||||
| 2026-04-29 | 1cec8fb2 | Added commit messages for each file change. |
|
||||
| 2026-04-29 | 245b7b12 | Updated environment variables for authentik. |
|
||||
| 2026-04-29 | ae562674 | Enhanced backup and restore process. |
|
||||
| 2026-04-29 | c9b45ad1 | Improved user guide documentation. |
|
||||
| 2026-04-29 | 4cb3ccb3 | Fixed common failure modes for authentik. |
|
||||
|
||||
Generated by Gremlin on 2026-04-29T20:23:10.449Z
|
||||
Source: swarm/authentik.yaml
|
||||
Review User Guide and Changelog sections
|
||||
---
|
||||
|
||||
## Notes
|
||||
- Generated by Gremlin on 2026-04-29T20:35:00.345Z
|
||||
- Source: swarm/authentik.yaml
|
||||
Loading…
Add table
Add a link
Reference in a new issue