Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website/docs: install: add aws #12082

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

website/docs: install: add aws #12082

wants to merge 14 commits into from

Conversation

rissson
Copy link
Member

@rissson rissson commented Nov 19, 2024

Details

REPLACE ME


Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

Copy link

netlify bot commented Nov 19, 2024

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit bb629b5
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/6749a48b50de7700082d3663

Copy link

netlify bot commented Nov 19, 2024

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit bb629b5
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/6749a48bcf546400084d0de6

@rissson rissson force-pushed the docs-aws-cloudformation branch 2 times, most recently from 76179b5 to a89d118 Compare November 19, 2024 17:51
Copy link

codecov bot commented Nov 19, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.60%. Comparing base (13b2543) to head (bb629b5).

✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main   #12082   +/-   ##
=======================================
  Coverage   92.60%   92.60%           
=======================================
  Files         761      761           
  Lines       38050    38050           
=======================================
  Hits        35238    35238           
  Misses       2812     2812           
Flag Coverage Δ
e2e 49.11% <ø> (ø)
integration 24.83% <ø> (ø)
unit 90.20% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Copy link
Contributor

github-actions bot commented Nov 19, 2024

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-8f2f917286178315e6ceb994be919b0a24b1d3b2
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-8f2f917286178315e6ceb994be919b0a24b1d3b2-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-8f2f917286178315e6ceb994be919b0a24b1d3b2

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-8f2f917286178315e6ceb994be919b0a24b1d3b2-arm64

Afterwards, run the upgrade commands from the latest release notes.

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
@rissson
Copy link
Member Author

rissson commented Nov 28, 2024

@rissson rissson marked this pull request as ready for review November 28, 2024 15:41
@rissson rissson requested review from a team as code owners November 28, 2024 15:41
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Marc 'risson' Schmitt <[email protected]>

Under the **Certificate ARN** input, enter the previously created certificate ARN. You can also configure other settings if needed. You can follow the prompts to create the stack.

This stack will create the following resources:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a list, we don't need the period at the end of each one.


This stack will create the following resources:

- AWS SSM secrets for the PostgreSQL user and the authentik secret key.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- AWS SSM secrets for the PostgreSQL user and the authentik secret key.
- AWS SSM secrets for the PostgreSQL user and the authentik secret key

This stack will create the following resources:

- AWS SSM secrets for the PostgreSQL user and the authentik secret key.
- A VPC for all other resources.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- A VPC for all other resources.
- A VPC for all other resources


- AWS SSM secrets for the PostgreSQL user and the authentik secret key.
- A VPC for all other resources.
- A RDS PostgreSQL Multi-AZ cluster.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- A RDS PostgreSQL Multi-AZ cluster.
- A RDS PostgreSQL Multi-AZ cluster

- AWS SSM secrets for the PostgreSQL user and the authentik secret key.
- A VPC for all other resources.
- A RDS PostgreSQL Multi-AZ cluster.
- An ElastiCache Redis Multi-AZ cluster.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- An ElastiCache Redis Multi-AZ cluster.
- An ElastiCache Redis Multi-AZ cluster

- A RDS PostgreSQL Multi-AZ cluster.
- An ElastiCache Redis Multi-AZ cluster.
- An ECS cluster with two tasks:
- One for the authentik server.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- One for the authentik server.
- One for the authentik server

- An ElastiCache Redis Multi-AZ cluster.
- An ECS cluster with two tasks:
- One for the authentik server.
- One for the authentik worker.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- One for the authentik worker.
- One for the authentik worker

- An ECS cluster with two tasks:
- One for the authentik server.
- One for the authentik worker.
- An ALB pointing to the authentik server ECS task with the configured certificate.
Copy link
Contributor

@tanberry tanberry Nov 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- An ALB pointing to the authentik server ECS task with the configured certificate.
- An ALB (Application Load Balancer) pointing to the authentik server ECS task with the configured certificate

- One for the authentik server.
- One for the authentik worker.
- An ALB pointing to the authentik server ECS task with the configured certificate.
- An EFS filesystem mounted on both ECS tasks for media file storage.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- An EFS filesystem mounted on both ECS tasks for media file storage.
- An EFS filesystem mounted on both ECS tasks for media file storage

- An ALB pointing to the authentik server ECS task with the configured certificate.
- An EFS filesystem mounted on both ECS tasks for media file storage.

The stack will output the endpoint of the ALB that you can point your DNS records to.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The stack will output the endpoint of the ALB that you can point your DNS records to.
The stack will output the endpoint of the ALB that to which you can point your DNS records.

Copy link
Contributor

@tanberry tanberry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doc'ing this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants