website/docs: update Docker Compose and Kubernetes installation guide (#6429)

* website/docs: Update docker-compose and beta install guide

* website/docs: Update kubernetes and beta install guide

* Update website/docs/installation/kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
r.e.e.c.h.e.e 2023-07-31 21:17:54 +01:00 committed by GitHub
parent b8dbde3c51
commit c0474a83d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 94 additions and 13 deletions

View file

@ -14,7 +14,7 @@ import TabItem from "@theme/TabItem";
<Tabs
defaultValue="docker-compose"
values={[
{label: 'docker-compose', value: 'docker-compose'},
{label: 'Docker Compose', value: 'docker-compose'},
{label: 'Kubernetes', value: 'kubernetes'},
]}>
<TabItem value="docker-compose">
@ -28,9 +28,10 @@ AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(b
The Beta image is amd64 only. For arm64 platforms, append `-arm64` to the tag name (no spaces).
Next, run the upgrade commands from the latest [Release Notes](../releases).
Next, run the upgrade commands below.
</TabItem>
<TabItem value="kubernetes">
Add the following block to your `values.yml` file:
@ -47,7 +48,36 @@ image:
The Beta image is amd64 only. For arm64 platforms, append `-arm64` to the tag name (no spaces).
Next, run the upgrade commands from the latest [Release Notes](../releases).
Next, run the upgrade commands below.
</TabItem>
</Tabs>
<Tabs
defaultValue="docker-compose"
values={[
{label: 'Docker Compose', value: 'docker-compose'},
{label: 'Kubernetes', value: 'kubernetes'},
]}>
<TabItem value="docker-compose">
```shell
docker-compose pull
docker-compose up -d
```
</TabItem>
<TabItem value="kubernetes">
```yaml
image:
repository: ghcr.io/goauthentik/server
tag: 2023.6.0
```
</TabItem>
</Tabs>
To verify whether the upgrade was successful, go to your Admin panel and navigate to the Overview dashboard. There, you can check the version number to ensure that you are using the Beta version you intended.

View file

@ -12,7 +12,12 @@ This installation method is for test-setups and small-scale production setups.
## Preparation
Download the latest `docker-compose.yml` from [here](https://goauthentik.io/docker-compose.yml). Place it in a directory of your choice.
To download the latest `docker-compose.yml` open your terminal and navigate to the directory of your choice.
Run the following command:
```shell
wget https://goauthentik.io/docker-compose.yml
```
If this is a fresh authentik installation, you need to generate a password and a secret key. If you don't already have a password generator installed, you can run this command to install **pwgen**, a popular generator:
@ -87,8 +92,27 @@ docker-compose up -d
The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../releases).
By default, authentik is reachable (by default) on port 9000 (HTTP) and port 9443 (HTTPS).
To start the initial setup, navigate to `https://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
There you are prompted to set a password for the akadmin user (the default user).
## Explanation
:::warning
The server assumes to have local timezone as UTC.
All internals are handled in UTC; whenever a time is displayed to the user in UI it gets localized.
Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik containers.
This will not give any advantages.
On the contrary, it will cause problems with OAuth and SAML authentication,
e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
:::
The Docker-Compose project contains the following containers:
- **Server**: This is the backend service, which does all the logic, plus runs the API and the SSO functionality. It also runs the frontend, hosts the JS/CSS files, and serves the files you've uploaded for icons/etc.
- **Worker**: This container executes background tasks, everything you can see on the _System Tasks_ page in the frontend.
- **Redis**: For Cache
- **Postgresql**: Default database

View file

@ -2,25 +2,42 @@
title: Kubernetes installation
---
authentik is installed using a helm-chart.
You can install authentik to run on Kubernetes using Helm Chart.
To install authentik using the helm chart, generate a password for the database and the cache, using `pwgen -s 50 1` or `openssl rand -base64 36`.
### Requirements
Create a values.yaml file with a minimum of these settings:
- Kubernetes
- Helm
### Generate Passwords
Start by generating passwords for the database and cache. You can use either of the following commands:
```
pwgen -s 50 1
openssl rand -base64 36
```
### Set Values
Create a `values.yaml` file with a minimum of these settings:
```yaml
authentik:
secret_key: "PleaseGenerateA50CharKey"
# This sends anonymous usage-data, stack traces on errors and
# performance data to sentry.io, and is fully opt-in
# Performance data to sentry.io, and is fully opt-in
error_reporting:
enabled: true
postgresql:
password: "ThisIsNotASecurePassword"
ingress:
# Specify kubernetes ingress controller class name
ingressClassName: nginx | traefik | kong
enabled: true
hosts:
# Specify external host name
- host: authentik.domain.tld
paths:
- path: "/"
@ -35,7 +52,9 @@ redis:
See all configurable values on [artifacthub](https://artifacthub.io/packages/helm/goauthentik/authentik).
Afterwards, run these commands to install authentik:
### Install authentik Helm Chart
Now, execute the following commands to install authentik
```
helm repo add authentik https://charts.goauthentik.io
@ -43,6 +62,14 @@ helm repo update
helm upgrade --install authentik authentik/authentik -f values.yaml
```
This installation automatically applies database migrations on startup. After the installation is done, navigate to the `https://<ingress you've specified>/if/flow/initial-setup/`, to set a password for the akadmin user.
During the installation process, the database migrations will be applied automatically on startup.
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails.
### Accessing authentik
Once the installation is complete, access authentik at `https://<ingress-host-name>/if/flow/initial-setup/`. Here, you can set a password for the akadmin user.
### Optional Step: Configure Global Email Credentials
It is recommended to configure global email credentials as well. These are used by authentik to notify you about alerts and configuration issues. Additionally, they can be utilized by Email stages to send verification and recovery emails.
By following these steps, you will successfully install and set up authentik on Kubernetes using Helm.