Enhance Authentik integration in noble cluster setup by adding support for OAuth2 flow primary keys in configuration. Update README with troubleshooting steps for common API errors and improve deployment reliability with tasks to wait for Authentik worker rollout and API readiness. Adjust Helm chart values for Grafana and Headlamp to accommodate new OIDC settings, ensuring seamless authentication and authorization processes.

2026-05-14 01:29:49 -04:00
parent 15d0e120d3
commit c392ce1e5a
10 changed files with 331 additions and 95 deletions
--- a/ansible/roles/noble_authentik/defaults/main.yml
+++ b/ansible/roles/noble_authentik/defaults/main.yml
@@ -32,8 +32,17 @@ noble_authentik_client_secret_headlamp: ""
 noble_authentik_client_secret_oauth2_proxy: ""
 noble_authentik_oauth2_proxy_cookie_secret: ""

+# Optional: OAuth2 provider flow PKs (UUID strings). When **both** are set, **configure_authentik.py**
+# skips **GET /flows/instances/** (avoids 403 if the API token user is not a superuser). See role README.
+noble_authentik_oauth_authorization_flow_pk: ""
+noble_authentik_oauth_invalidation_flow_pk: ""
+
 noble_authentik_helm_wait_timeout: 25m

+# After Helm --wait, the worker still creates the bootstrap API token; poll the public API before configure_authentik.py.
+noble_authentik_bootstrap_api_wait_retries: 36
+noble_authentik_bootstrap_api_wait_delay: 5
+
 # Re-apply the same chart versions as the rest of noble.yml when flipping SSO on.
 noble_authentik_argocd_chart_version: "9.4.17"
 noble_authentik_kube_prometheus_chart_version: "82.15.1"