I have a Talos k8s setup now and I’m trying to add various services. I have discovered that my old htpasswd file won’t cut it for auth.
I want to host the following,
- WebDAV solution (currently sftpgo)
- Invidious
- *arr tools
- Bitwarden
Should I go with keycloak? Are there better auth services?
Authentik is definitely the best of all I’ve tried. It has the most features, supporting both ldap and oauth, and also has an official helm chart.
It’s kind of funny, I initially tried Authentik and ran into issues getting it working, so I went with Authelia instead, but eventually went back to try Authentik again because I wanted to customize the CSS and felt I was outgrowing Authelia, and it just worked. Not sure what I was doing wrong the first time, but oh well.
I will say though the latest release has a major bug where worker instances are eating up db connections to the point where the entire thing crashes, so while I’ve generally been happy with it, definitely need to do some careful research before blindly upgrading.
In addition to adding more worker instances, you can also increase the amount of threads each worker instance uses to vertically scale. It’s about equivalent to adding a worker instance.
Yeah I just set it up. Amazingly straight forward. I still have PTSD from keycloak, so I’m glad there’s an alternative