POC for Authentik Go client library
- K8s deployment
- gotest, POC project utilizing goauthentik/client-go, programmatically creates Users, Groups, OAuth tokens etc.
- create Group
- create User
- create User's password
- create User's OAuth token
- get User's Groups (using User's OAuth token)
- gvm Go 1.22.4
gvm install go1.22.4 --prefer-binary --with-build-tools --with-protobuf gvm use go1.22.4 --default
- kind
- kubectl
- docker
- docker-compose
sudo apt-get install -y docker-compose
Authentik manifests already generated with Authentik Helm chart and configures with AUTHENTIK_BOOTSTRAP_PASSWORD and AUTHENTIK_BOOTSTRAP_TOKEN if you need
to change them see next chapter first.
Execute script to deploy manifests and open browser window, login: akadmin, pwd: Authentik01234567890!
./scripts/deploy-authentik-k8s.shhelm repo add authentik https://charts.goauthentik.io
helm repo update
helm template authentik authentik/authentik -f ./k8s/postgresql/values.yml > ./k8s/postgresql/authentik-postgresql.ymlIf you want to set predefined password and token for the default admin user akadmin:
edit ./k8s/postgresql/authentik-postgresql.yml -> Deployment authentik-server
apiVersion: apps/v1
kind: Deployment
metadata:
name: authentik-server
...
spec:
...
template:
...
spec:
containers:
- name: authentik
...
env:
...
- name: AUTHENTIK_BOOTSTRAP_PASSWORD
value: "Authentik01234567890!"
- name: AUTHENTIK_BOOTSTRAP_TOKEN
value: "NoMlxBQuYgfu3j19ygGqhjXenAjrJgOfN5naqmSDBUhdLjYqHKze7yyzY07H"edit ./k8s/postgresql/authentik-postgresql.yml -> Deployment authentik-worker
apiVersion: apps/v1
kind: Deployment
metadata:
name: authentik-worker
...
spec:
...
template:
...
spec:
...
containers:
- name: authentik
...
env:
...
- name: AUTHENTIK_BOOTSTRAP_PASSWORD
value: "Authentik01234567890!"
- name: AUTHENTIK_BOOTSTRAP_TOKEN
value: "NoMlxBQuYgfu3j19ygGqhjXenAjrJgOfN5naqmSDBUhdLjYqHKze7yyzY07H"# create manifests if needed
helm template crdb cockroachdb/cockroachdb --namespace default \
--set fullnameOverride=crdb \
--set single-node=true \
--set statefulset.replicas=1 > ./k8s/cockroachdb/cockroachdb.yml
# create namespace
kubectl create ns threeport-api
# deploy cockroachdb
kubectl apply -f ./k8s/cockroachdb/cockroachdb.yml
echo "waiting for cockroachdb to get ready"
kubectl wait pod -n threeport-api crdb-0 --for condition=Ready --timeout=180s
# deploy authentik
kubectl apply -f ./k8s/cockroachdb/authentik-cockroachdb.yml
kubectl apply -f ./k8s/cockroachdb/crdb-test-pod.yml
# undeploy authentik
kubectl delete -f ./k8s/cockroachdb/authentik-cockroachdb.yml
# undeploy cockroachdb
kubectl delete -f ./k8s/cockroachdb/cockroachdb.yml
kubectl delete -f ./k8s/cockroachdb/crdb-test-pod.yml✔ 14:31 ~/projects/authentik-k8s [ main|✚ 1] $ k logs -n threeport-api authentik-server-5cc447f9fb-8wwv2
Defaulted container "authentik" out of: authentik, db-init (init)
{"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1674588685.27217, "file": "/authentik/lib/default.yml"}
{"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1674588685.2725286, "count": 46}
{"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1674588685.2726445}
{"event": "PostgreSQL connection successful", "level": "info", "logger": "authentik.lib.config", "timestamp": 1674588685.2753716}
{"event": "Redis Connection successful", "level": "info", "logger": "authentik.lib.config", "timestamp": 1674588685.27696}
{"event": "Finished authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1674588685.276978}
{"event": "Bootstrap completed", "level": "info", "logger": "bootstrap"}
{"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1674588685.4033535, "file": "/authentik/lib/default.yml"}
{"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1674588685.4036634, "count": 46}
2023-01-24 19:31:25 [info ] applying django migrations
2023-01-24 19:31:25 [info ] waiting to acquire database lock
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/lifecycle/migrate.py", line 83, in <module>
wait_for_lock()
File "/lifecycle/migrate.py", line 40, in wait_for_lock
curr.execute("SELECT pg_advisory_lock(%s)", (ADV_LOCK_UID,))
psycopg2.errors.UndefinedFunction: unknown function: pg_advisory_lock(): function undefined
Root cause: psycopg2.errors.UndefinedFunction: unknown function: pg_advisory_lock(): function undefined
- sql: fill out pg_advisory_lock stubs
- CockroachDB does not support pg_advisory_loc() function today
- Support for CockroachDB
./scripts/start-docker-compose-authentik.shRun POC to perform following using goauthentik/client-go
- create
qleetctluser - create
qleetctluser'spassowrdandtoken - create
QleetOSgroup - assing
qleetctluser toQleetOSgroup - use
qleetctluser'stokento find which groups it belong to
cd gotest
make runDocker Compose
echo "login: akadmin, pwd: Authentik01234567890!"
xdg-open https://localhost:9443/if/admin/#/administration/overviewKubernetes
LB_IP=$(kubectl get svc/authentik -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "login: akadmin, pwd: Authentik01234567890!"
xdg-open https://$LB_IP:443/if/admin/#/administration/overviewLogin
Password
Users
User-Groups
Groups
Groups-User
Tokens
