diff --git a/docs/blog/posts/changelog/new-recipe-authentik-k8s.md b/docs/blog/posts/changelog/new-recipe-authentik-k8s.md index 204fc1d..7223087 100644 --- a/docs/blog/posts/changelog/new-recipe-authentik-k8s.md +++ b/docs/blog/posts/changelog/new-recipe-authentik-k8s.md @@ -13,7 +13,7 @@ image: /images/authentik.png # Added recipe for authentik (Kubernetes) -Too young (*and sensible!*) for [OpenLDAP][openldap] :t_rex:, and don't need the java-based headaches of [KeyCloak][keycloak]? +Too young (*and sensible!*) for [OpenLDAP][openldap] :t_rex:, and don't need the java-based headaches of [Keycloak][keycloak]? Up your IDP game with [authentik][k8s/authentik], your own "flexible and versatile" Identity Provider, in your Kubernetes Cluster. diff --git a/docs/blog/posts/changelog/new-recipe-kubernetes-dashboard.md b/docs/blog/posts/changelog/new-recipe-kubernetes-dashboard.md index b55ba1b..b8d9840 100644 --- a/docs/blog/posts/changelog/new-recipe-kubernetes-dashboard.md +++ b/docs/blog/posts/changelog/new-recipe-kubernetes-dashboard.md @@ -24,7 +24,7 @@ Here's all the pieces you need.. -* [x] An OIDC Provider, like [authentik][k8s/authentik] or [KeyCloak][keycloak] (*Kubernetes recipe coming soon*) +* [x] An OIDC Provider, like [authentik][k8s/authentik] or [Keycloak][keycloak] (*Kubernetes recipe coming soon*) * [x] An OIDC-enabled cluster, using [K3s](/kubernetes/cluster/k3s/), [EKS](/kubernetes/cluster/eks/), or (*coming soon*) kubeadm * [x] [OAuth2-Proxy][k8s/oauth2proxy] to provide the Kubernetes Dashboard token diff --git a/docs/docker-swarm/authelia.md b/docs/docker-swarm/authelia.md index 394dc74..ae32928 100644 --- a/docs/docker-swarm/authelia.md +++ b/docs/docker-swarm/authelia.md @@ -5,7 +5,7 @@ description: Authelia is an open-source authentication and authorization server # Authelia in Docker Swarm -[Authelia](https://github.com/authelia/authelia) is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. Like [Traefik Forward Auth][tfa], Authelia acts as a companion of reverse proxies like Nginx, [Traefik](/docker-swarm/traefik/), or HAProxy to let them know whether queries should pass through. Unauthenticated users are redirected to Authelia Sign-in portal instead. Authelia is a popular alternative to a heavyweight such as [KeyCloak][keycloak]. +[Authelia](https://github.com/authelia/authelia) is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. Like [Traefik Forward Auth][tfa], Authelia acts as a companion of reverse proxies like Nginx, [Traefik](/docker-swarm/traefik/), or HAProxy to let them know whether queries should pass through. Unauthenticated users are redirected to Authelia Sign-in portal instead. Authelia is a popular alternative to a heavyweight such as [Keycloak][keycloak]. ![Authelia Screenshot](/images/authelia.png){ loading=lazy } @@ -270,7 +270,7 @@ What have we achieved? By adding a simple label to any service, we can secure an ### Authelia vs Keycloak -[KeyCloak][keycloak] is the "big daddy" of self-hosted authentication platforms - it has a beautiful GUI, and a very advanced and mature featureset. Like Authelia, KeyCloak can [use an LDAP server](/recipes/keycloak/authenticate-against-openldap/) as a backend, but *unlike* Authelia, KeyCloak allows for 2-way sync between that LDAP backend, meaning KeyCloak can be used to *create* and *update* the LDAP entries (*Authelia's is just a one-way LDAP lookup - you'll need another tool to actually administer your LDAP database*). +[Keycloak][keycloak] is the "big daddy" of self-hosted authentication platforms - it has a beautiful GUI, and a very advanced and mature featureset. Like Authelia, Keycloak can [use an LDAP server](/recipes/keycloak/authenticate-against-openldap/) as a backend, but *unlike* Authelia, Keycloak allows for 2-way sync between that LDAP backend, meaning Keycloak can be used to *create* and *update* the LDAP entries (*Authelia's is just a one-way LDAP lookup - you'll need another tool to actually administer your LDAP database*). [^1]: The initial inclusion of Authelia was due to the efforts of @bencey in Discord (Thanks Ben!) diff --git a/docs/docker-swarm/traefik-forward-auth/keycloak.md b/docs/docker-swarm/traefik-forward-auth/keycloak.md index 6b97fcc..2fa5894 100644 --- a/docs/docker-swarm/traefik-forward-auth/keycloak.md +++ b/docs/docker-swarm/traefik-forward-auth/keycloak.md @@ -98,6 +98,6 @@ What have we achieved? By adding an additional three simple labels to any servic ### Keycloak vs Authelia -[KeyCloak][keycloak] is the "big daddy" of self-hosted authentication platforms - it has a beautiful GUI, and a very advanced and mature featureset. Like Authelia, KeyCloak can [use an LDAP server](/recipes/keycloak/authenticate-against-openldap/) as a backend, but _unlike_ Authelia, KeyCloak allows for 2-way sync between that LDAP backend, meaning KeyCloak can be used to _create_ and _update_ the LDAP entries (*Authelia's is just a one-way LDAP lookup - you'll need another tool to actually administer your LDAP database*). +[Keycloak][keycloak] is the "big daddy" of self-hosted authentication platforms - it has a beautiful GUI, and a very advanced and mature featureset. Like Authelia, Keycloak can [use an LDAP server](/recipes/keycloak/authenticate-against-openldap/) as a backend, but _unlike_ Authelia, Keycloak allows for 2-way sync between that LDAP backend, meaning Keycloak can be used to _create_ and _update_ the LDAP entries (*Authelia's is just a one-way LDAP lookup - you'll need another tool to actually administer your LDAP database*). {% include 'recipe-footer.md' %} diff --git a/docs/kubernetes/oidc-authentication/index.md b/docs/kubernetes/oidc-authentication/index.md index 33a5105..d914dd3 100644 --- a/docs/kubernetes/oidc-authentication/index.md +++ b/docs/kubernetes/oidc-authentication/index.md @@ -19,12 +19,12 @@ True to form, Kubernetes doesn't provide any turnkey access solution, but all th ## Requirements -Securing access to Kubernetes' API server requires an OIDC provider, be it an external service like Auth0 or Octa, or a self-hosted, open-source IDP like KeyCloak or [authentik][k8s/authentik]. +Securing access to Kubernetes' API server requires an OIDC provider, be it an external service like Auth0 or Octa, or a self-hosted, open-source IDP like Keycloak or [authentik][k8s/authentik]. ### Setup Provider 1. Setup [Authentik for Kubernetes API authentication](/kubernetes/authentication/authentik/) -2. KeyCloak (*coming soon*) +2. Keycloak (*coming soon*) ### Configure Kubernetes for OIDC auth diff --git a/docs/kubernetes/oidc-authentication/keycloak.md b/docs/kubernetes/oidc-authentication/keycloak.md index aee1f77..66e799f 100644 --- a/docs/kubernetes/oidc-authentication/keycloak.md +++ b/docs/kubernetes/oidc-authentication/keycloak.md @@ -4,7 +4,7 @@ description: How to configure your Kubernetes cluster for OIDC authentication wi --- # Authenticate to Kubernetes with OIDC on K3s -This recipe describes how to configure K3s for OIDC authentication against a [keycloak][k8s/keycloak] instance. +This recipe describes how to configure K3s for OIDC authentication against a [Keycloak][k8s/keycloak] instance. For details on **why** you'd want to do this, see the [Kubernetes Authentication Guide](/kubernetes/oidc-authentication/). @@ -33,7 +33,7 @@ Of course, it won't work yet, so there are a few tweaks we'll need.. #### Access Type -Change **Access Type** to `confidential` - this indicates to KeyCloak that your client can be trusted to keep a secret safe, and thus that secret can be used in the OIDC credentials exchange. +Change **Access Type** to `confidential` - this indicates to Keycloak that your client can be trusted to keep a secret safe, and thus that secret can be used in the OIDC credentials exchange. ![](/images/keycloak-kube-apiserver-2.png) diff --git a/docs/recipes/kubernetes/keycloak.md b/docs/recipes/kubernetes/keycloak.md index c8d7985..f38bfed 100644 --- a/docs/recipes/kubernetes/keycloak.md +++ b/docs/recipes/kubernetes/keycloak.md @@ -9,7 +9,7 @@ helm_chart_repo_url: oci://registry-1.docker.io/bitnamicharts/keycloak helmrelease_name: keycloak helmrelease_namespace: keycloak kustomization_name: keycloak -slug: KeyCloak +slug: Keycloak status: new upstream: https://www.keycloak.org links: @@ -17,7 +17,7 @@ links: uri: https://github.com/keycloak/keycloak --- -# KeyCloak installation on Kubernetes +# Keycloak installation on Kubernetes [Keycloak](https://www.keycloak.org/) is "_an open source identity and access management solution_". Using a local database, or a variety of backends (_think [OpenLDAP](/recipes/openldap/)_), you can provide Single Sign-On (SSO) using OpenID, OAuth 2.0, and SAML. @@ -52,7 +52,7 @@ The following sections detail suggested changes to the values pasted into `/{{ p ### Ingress -Setup your ingress for the KeyCloak UI, enabling at least `ingress.enabled` as below, and additional TLS options as necessary[^1]: +Setup your ingress for the Keycloak UI, enabling at least `ingress.enabled` as below, and additional TLS options as necessary[^1]: ```yaml hl_lines="4" title="Configure your ingress" ingress: @@ -93,7 +93,7 @@ keycloak-postgresql-0 1/1 Running 1 (3d17h ago) 26d ~ ❯ ``` -Browse to the URL you configured in your ingress above, and confirm that the KeyCloak UI is displayed. Login with the admin user you defined above, and confirm a successful login. +Browse to the URL you configured in your ingress above, and confirm that the Keycloak UI is displayed. Login with the admin user you defined above, and confirm a successful login. ### Create Keycloak user diff --git a/mkdocs.yml b/mkdocs.yml index d1895a1..52ad15f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -221,12 +221,12 @@ nav: - Guide: kubernetes/oidc-authentication/index.md - Providers: - authentik: kubernetes/oidc-authentication/authentik.md - - KeyCloak: kubernetes/oidc-authentication/keycloak.md + - Keycloak: kubernetes/oidc-authentication/keycloak.md - Platforms: - EKS (authentik): kubernetes/oidc-authentication/eks-authentik.md - - EKS (KeyCloak): kubernetes/oidc-authentication/eks-keycloak.md + - EKS (Keycloak): kubernetes/oidc-authentication/eks-keycloak.md - K3s (authentik): kubernetes/oidc-authentication/k3s-authentik.md - - K3s (KeyCloak): kubernetes/oidc-authentication/k3s-keycloak.md + - K3s (Keycloak): kubernetes/oidc-authentication/k3s-keycloak.md - Backup: - kubernetes/backup/index.md - CSI Snapshots: @@ -267,7 +267,7 @@ nav: - Dashboard: recipes/kubernetes/dashboard.md - Descheduler: recipes/kubernetes/descheduler.md - Invidious: recipes/kubernetes/invidious.md - - KeyCloak: recipes/kubernetes/keycloak.md + - Keycloak: recipes/kubernetes/keycloak.md - OAuth2 Proxy: recipes/kubernetes/oauth2-proxy.md - Mastodon: recipes/kubernetes/mastodon.md - Polaris: recipes/kubernetes/polaris.md