I have a Talos k8s setup now and I’m trying to add various services. I have discovered that my old htpasswd file won’t cut it for auth.

I want to host the following,

  1. WebDAV solution (currently sftpgo)
  2. Invidious
  3. *arr tools
  4. Bitwarden

Should I go with keycloak? Are there better auth services?

  • moonpiedumplings@programming.devEnglish
    8·
    11 days ago

    Authentik is definitely the best of all I’ve tried. It has the most features, supporting both ldap and oauth, and also has an official helm chart.

    • nfreak@lemmy.mlEnglish
      2·
      11 days ago

      It’s kind of funny, I initially tried Authentik and ran into issues getting it working, so I went with Authelia instead, but eventually went back to try Authentik again because I wanted to customize the CSS and felt I was outgrowing Authelia, and it just worked. Not sure what I was doing wrong the first time, but oh well.

      I will say though the latest release has a major bug where worker instances are eating up db connections to the point where the entire thing crashes, so while I’ve generally been happy with it, definitely need to do some careful research before blindly upgrading.

      • moonpiedumplings@programming.devEnglish
        2·
        11 days ago

        In addition to adding more worker instances, you can also increase the amount of threads each worker instance uses to vertically scale. It’s about equivalent to adding a worker instance.

    • reabsorbthelight@lemmy.worldOPEnglish
      1·
      11 days ago

      Yeah I just set it up. Amazingly straight forward. I still have PTSD from keycloak, so I’m glad there’s an alternative

  • huangrydude@lm.boing.icuEnglish
    6·
    12 days ago

    I have been using Authentik for several years now, works great with k8s. Not sure about the difference between Keycloak and Authentik tho (feature vise)

  • hesh@quokk.auEnglish
    3·
    12 days ago

    I use Authelia and its worked perfect to put auth in front of my services, including OAuth

  • ccunix@lemmy.worldEnglish
    3·
    12 days ago

    I’ve been using Authentik for a while now and it works very well. There is also a Teraform provider to manage it as code. I do mostly OIDC, but also use it as a proxy for a few things that do not support that and just need to be locked down (Esp home and longhorn dashboards for example).

    The disadvantage is that it is not the lightest option. If that is important to you, look at Authelia.

  • folekaule@lemmy.worldEnglish
    1·
    12 days ago

    For very simple Kubernetes and Docker environments, I’ve used Dex IdP with good results. It’s low on features, but easy to set up.

  • 0x0f@piefed.socialEnglish
    1·
    12 days ago

    I used to love keycloak, but lately they’ve made changes that make client setup feel very complicated. I switched to authentik a while back and I feel it’s far easier to deal with.

  • Jul (they/she)@piefed.blahaj.zoneEnglish
    21·
    11 days ago

    Keycloak has some learning curve, but it’s the best OpenID Connect client and the most configurable and feature rich open source SSO system with the fewest major issues that I’ve used. And I use traefik for a reverse proxy, so for things that don’t support SSO directly thomseddon/traefik-forward-auth works flawlessly with Keycloak to provide an auth layer to those apps.