goauthentik
Support redis sentinel
Is your feature request related to a problem? Please describe. I would like to deploy authentik on kubernetes with a separately configured distributed redis setup. Typically a distributed redis is setup using redis sentinel. As far as I know authentik currently does not support redis sentinel.
Describe the solution you'd like I'd like, that authentik allows configuring redis sentinels and uses them.
Describe alternatives you've considered Using a non-distributed redis installation, but then the redis is not as fail-save.
Additional context
For the django part: The django-redis libary recently added support for this. docs
Celery also has support. docs
The python redis libary, too. docs
Same for go-redis. docs
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I require this too. For now I have deployed a HAProxy container with a service resource to auto pick the primary node and allow Authentik to write to Redis.
Looking forward to having this implemented, it will be extremely helpful. I already started switching over from an other provider as this is another key feature I wanted (among other things).
@kashalls You might want to have a look at https://github.com/goauthentik/authentik/pull/7118 and test whether it works as expected. A pre-built Docker image is linked as well.
@kashalls You might want to have a look at #7118 and test whether it works as expected. A pre-built Docker image is linked as well. @PKizzle ~~What configuration changes do I need to do in order for sentinel support to be enabled?~~
So, after looking through the commit and figuring out what I actually needed to pass... Heres what I have.
I used your container, passed this environment variable:
AUTHENTIK_REDIS__URL: "redis+sentinel://redis.database.svc.cluster.local:26379/?db=3&mastername=redis-master"
Log shows this:
{"event": "Redis Connection failed, retrying... (unknown command 'SELECT', with args beginning with: '3' )", "level": "info", "logger": "authentik.lib.config", "timestamp": 1697416356.665426, "redis_url": "redis+sentinel://redis.database.svc.cluster.local:26379/?db=3&mastername=redis-master"}
Feel free to view my configuration while I was testing this: home-cluster/authentik & home-cluster/redis
I did verify that the container can resolve the cluster service and ping it.
Thank you very much for your input. To be honest I have only tried connecting to the default 0 database so that might be causing the issue. I'll have a look at it.
I have fixed the issue. Please check again using the updated image on Docker Hub.
does AUTHENTIK_REDIS__URL also work with the helm chart?
Kind of. In it's current state, overriding the image and passing it as an env works.
Perhaps I am doing something wrong?
apiVersion: apps/v1
kind: Deployment
<snip>
containers:
- name: authentik
image: "ghcr.io/goauthentik/server:2023.8.3"
imagePullPolicy: "IfNotPresent"
args: ["server"]
envFrom:
- secretRef:
name: authentik
- configMapRef:
name: authentik
<snip>
apiVersion: v1
kind: ConfigMap
metadata:
name: authentik
data:
<snip>
AUTHENTIK_REDIS__URL: "redis+sentinel://redis.redis:26379/?db=0"
{"event": "Redis Connection failed, retrying... (Error 111 connecting to localhost:6379. Connection refused.)", "level": "info", "logger": "authentik.lib.config", "timestamp": 1698890681.8654897, "redis_url": "redis://:@localhost:6379/0"}
No other Redis variables are set/exist in the container via envFrom etc.
Edit: Ahh I found the current pull request for URL support. Ignore me! :sweat_smile:
Yeah, it is still a draft PR as I require more feedback on the various Redis configurations.