website/docs: update Docker Compose and Kubernetes installation guide (#6429)
* website/docs: Update docker-compose and beta install guide * website/docs: Update kubernetes and beta install guide * Update website/docs/installation/kubernetes.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> --------- Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
parent
b8dbde3c51
commit
c0474a83d9
|
@ -14,7 +14,7 @@ import TabItem from "@theme/TabItem";
|
||||||
<Tabs
|
<Tabs
|
||||||
defaultValue="docker-compose"
|
defaultValue="docker-compose"
|
||||||
values={[
|
values={[
|
||||||
{label: 'docker-compose', value: 'docker-compose'},
|
{label: 'Docker Compose', value: 'docker-compose'},
|
||||||
{label: 'Kubernetes', value: 'kubernetes'},
|
{label: 'Kubernetes', value: 'kubernetes'},
|
||||||
]}>
|
]}>
|
||||||
<TabItem value="docker-compose">
|
<TabItem value="docker-compose">
|
||||||
|
@ -28,9 +28,10 @@ AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(b
|
||||||
|
|
||||||
The Beta image is amd64 only. For arm64 platforms, append `-arm64` to the tag name (no spaces).
|
The Beta image is amd64 only. For arm64 platforms, append `-arm64` to the tag name (no spaces).
|
||||||
|
|
||||||
Next, run the upgrade commands from the latest [Release Notes](../releases).
|
Next, run the upgrade commands below.
|
||||||
|
|
||||||
</TabItem>
|
</TabItem>
|
||||||
|
|
||||||
<TabItem value="kubernetes">
|
<TabItem value="kubernetes">
|
||||||
Add the following block to your `values.yml` file:
|
Add the following block to your `values.yml` file:
|
||||||
|
|
||||||
|
@ -47,7 +48,36 @@ image:
|
||||||
|
|
||||||
The Beta image is amd64 only. For arm64 platforms, append `-arm64` to the tag name (no spaces).
|
The Beta image is amd64 only. For arm64 platforms, append `-arm64` to the tag name (no spaces).
|
||||||
|
|
||||||
Next, run the upgrade commands from the latest [Release Notes](../releases).
|
Next, run the upgrade commands below.
|
||||||
|
|
||||||
</TabItem>
|
</TabItem>
|
||||||
</Tabs>
|
</Tabs>
|
||||||
|
|
||||||
|
<Tabs
|
||||||
|
defaultValue="docker-compose"
|
||||||
|
values={[
|
||||||
|
{label: 'Docker Compose', value: 'docker-compose'},
|
||||||
|
{label: 'Kubernetes', value: 'kubernetes'},
|
||||||
|
]}>
|
||||||
|
<TabItem value="docker-compose">
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker-compose pull
|
||||||
|
docker-compose up -d
|
||||||
|
```
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
|
||||||
|
<TabItem value="kubernetes">
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/goauthentik/server
|
||||||
|
tag: 2023.6.0
|
||||||
|
```
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
|
||||||
|
</Tabs>
|
||||||
|
|
||||||
|
To verify whether the upgrade was successful, go to your Admin panel and navigate to the Overview dashboard. There, you can check the version number to ensure that you are using the Beta version you intended.
|
||||||
|
|
|
@ -12,7 +12,12 @@ This installation method is for test-setups and small-scale production setups.
|
||||||
|
|
||||||
## Preparation
|
## Preparation
|
||||||
|
|
||||||
Download the latest `docker-compose.yml` from [here](https://goauthentik.io/docker-compose.yml). Place it in a directory of your choice.
|
To download the latest `docker-compose.yml` open your terminal and navigate to the directory of your choice.
|
||||||
|
Run the following command:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
wget https://goauthentik.io/docker-compose.yml
|
||||||
|
```
|
||||||
|
|
||||||
If this is a fresh authentik installation, you need to generate a password and a secret key. If you don't already have a password generator installed, you can run this command to install **pwgen**, a popular generator:
|
If this is a fresh authentik installation, you need to generate a password and a secret key. If you don't already have a password generator installed, you can run this command to install **pwgen**, a popular generator:
|
||||||
|
|
||||||
|
@ -87,8 +92,27 @@ docker-compose up -d
|
||||||
|
|
||||||
The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../releases).
|
The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../releases).
|
||||||
|
|
||||||
By default, authentik is reachable (by default) on port 9000 (HTTP) and port 9443 (HTTPS).
|
|
||||||
|
|
||||||
To start the initial setup, navigate to `https://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
|
To start the initial setup, navigate to `https://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
|
||||||
|
|
||||||
There you are prompted to set a password for the akadmin user (the default user).
|
There you are prompted to set a password for the akadmin user (the default user).
|
||||||
|
|
||||||
|
## Explanation
|
||||||
|
|
||||||
|
:::warning
|
||||||
|
The server assumes to have local timezone as UTC.
|
||||||
|
All internals are handled in UTC; whenever a time is displayed to the user in UI it gets localized.
|
||||||
|
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
|
||||||
|
This will not give any advantages.
|
||||||
|
On the contrary, it will cause problems with OAuth and SAML authentication,
|
||||||
|
e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
|
||||||
|
:::
|
||||||
|
|
||||||
|
The Docker-Compose project contains the following containers:
|
||||||
|
|
||||||
|
- **Server**: This is the backend service, which does all the logic, plus runs the API and the SSO functionality. It also runs the frontend, hosts the JS/CSS files, and serves the files you've uploaded for icons/etc.
|
||||||
|
|
||||||
|
- **Worker**: This container executes background tasks, everything you can see on the _System Tasks_ page in the frontend.
|
||||||
|
|
||||||
|
- **Redis**: For Cache
|
||||||
|
|
||||||
|
- **Postgresql**: Default database
|
||||||
|
|
|
@ -2,25 +2,42 @@
|
||||||
title: Kubernetes installation
|
title: Kubernetes installation
|
||||||
---
|
---
|
||||||
|
|
||||||
authentik is installed using a helm-chart.
|
You can install authentik to run on Kubernetes using Helm Chart.
|
||||||
|
|
||||||
To install authentik using the helm chart, generate a password for the database and the cache, using `pwgen -s 50 1` or `openssl rand -base64 36`.
|
### Requirements
|
||||||
|
|
||||||
Create a values.yaml file with a minimum of these settings:
|
- Kubernetes
|
||||||
|
- Helm
|
||||||
|
|
||||||
|
### Generate Passwords
|
||||||
|
|
||||||
|
Start by generating passwords for the database and cache. You can use either of the following commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
pwgen -s 50 1
|
||||||
|
openssl rand -base64 36
|
||||||
|
```
|
||||||
|
|
||||||
|
### Set Values
|
||||||
|
|
||||||
|
Create a `values.yaml` file with a minimum of these settings:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
authentik:
|
authentik:
|
||||||
secret_key: "PleaseGenerateA50CharKey"
|
secret_key: "PleaseGenerateA50CharKey"
|
||||||
# This sends anonymous usage-data, stack traces on errors and
|
# This sends anonymous usage-data, stack traces on errors and
|
||||||
# performance data to sentry.io, and is fully opt-in
|
# Performance data to sentry.io, and is fully opt-in
|
||||||
error_reporting:
|
error_reporting:
|
||||||
enabled: true
|
enabled: true
|
||||||
postgresql:
|
postgresql:
|
||||||
password: "ThisIsNotASecurePassword"
|
password: "ThisIsNotASecurePassword"
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
|
# Specify kubernetes ingress controller class name
|
||||||
|
ingressClassName: nginx | traefik | kong
|
||||||
enabled: true
|
enabled: true
|
||||||
hosts:
|
hosts:
|
||||||
|
# Specify external host name
|
||||||
- host: authentik.domain.tld
|
- host: authentik.domain.tld
|
||||||
paths:
|
paths:
|
||||||
- path: "/"
|
- path: "/"
|
||||||
|
@ -35,7 +52,9 @@ redis:
|
||||||
|
|
||||||
See all configurable values on [artifacthub](https://artifacthub.io/packages/helm/goauthentik/authentik).
|
See all configurable values on [artifacthub](https://artifacthub.io/packages/helm/goauthentik/authentik).
|
||||||
|
|
||||||
Afterwards, run these commands to install authentik:
|
### Install authentik Helm Chart
|
||||||
|
|
||||||
|
Now, execute the following commands to install authentik
|
||||||
|
|
||||||
```
|
```
|
||||||
helm repo add authentik https://charts.goauthentik.io
|
helm repo add authentik https://charts.goauthentik.io
|
||||||
|
@ -43,6 +62,14 @@ helm repo update
|
||||||
helm upgrade --install authentik authentik/authentik -f values.yaml
|
helm upgrade --install authentik authentik/authentik -f values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
This installation automatically applies database migrations on startup. After the installation is done, navigate to the `https://<ingress you've specified>/if/flow/initial-setup/`, to set a password for the akadmin user.
|
During the installation process, the database migrations will be applied automatically on startup.
|
||||||
|
|
||||||
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails.
|
### Accessing authentik
|
||||||
|
|
||||||
|
Once the installation is complete, access authentik at `https://<ingress-host-name>/if/flow/initial-setup/`. Here, you can set a password for the akadmin user.
|
||||||
|
|
||||||
|
### Optional Step: Configure Global Email Credentials
|
||||||
|
|
||||||
|
It is recommended to configure global email credentials as well. These are used by authentik to notify you about alerts and configuration issues. Additionally, they can be utilized by Email stages to send verification and recovery emails.
|
||||||
|
|
||||||
|
By following these steps, you will successfully install and set up authentik on Kubernetes using Helm.
|
||||||
|
|
Reference in New Issue