Enhance Authentik role in noble cluster setup by adding support for resolving OAuth2 flow, signing key, and scope mapping UUIDs from the worker database, improving API access under 2026+ RBAC. Update README with troubleshooting steps for common OAuth2 provider issues and adjust default variables for better configuration management. Ensure seamless integration with oauth2-proxy by allowing unverified email handling in development environments.
This commit is contained in:
Nikholas Pcenicni
@@ -51,6 +51,8 @@ talosctl apply-config -n 192.168.50.20 --file out/noble-neon.yaml
|
||||
|
||||
**Do not pass `--insecure` for (B).** With `--insecure`, `talosctl` does not use client certificates from `TALOSCONFIG`, so the node still responds with `tls: certificate required`. The flag means “maintenance API only,” not “skip server verification.”
|
||||
|
||||
**Mixed state:** the first node may already present the **cluster CA** (TLS works with `TALOSCONFIG`) while another node is still on the **maintenance** cert (`x509: certificate signed by unknown authority`). **`ansible-playbook playbooks/deploy.yml`** (`talos_phase_a`) probes only the first node in **`noble_talos_nodes`**; for each remaining node it tries TLS first, then retries with **`--insecure`** when stderr indicates an unknown CA / handshake failure.
|
||||
|
||||
**Wrong (what triggers the error):**
|
||||
|
||||
```bash
|
||||
|
||||
Reference in New Issue
Block a user