updating to match everything in my homelab.

2026-02-05 16:13:53 -05:00
parent f8787379c5
commit 80fb911e22
30 changed files with 3107 additions and 7 deletions
--- a/diagrams/authentik-sso.mmd
+++ b/diagrams/authentik-sso.mmd
@@ -0,0 +1,84 @@
+```plaintext
+%% Authentik SSO Strategy (ADR-0028)
+%% Flowchart showing authentication flow stages
+
+flowchart TB
+    subgraph user["👤 User"]
+        browser["Browser"]
+    end
+
+    subgraph ingress["🌐 Ingress"]
+        traefik["Envoy Gateway"]
+    end
+
+    subgraph apps["📦 Applications"]
+        direction LR
+        oidc_app["OIDC Apps<br/>Gitea, Grafana,<br/>ArgoCD, Affine"]
+        proxy_app["Proxy Apps<br/>MLflow, Kubeflow"]
+    end
+
+    subgraph authentik["🔐 Authentik"]
+        direction TB
+        
+        subgraph components["Components"]
+            server["Server<br/>(API)"]
+            worker["Worker<br/>(Tasks)"]
+            outpost["Outpost<br/>(Proxy Auth)"]
+        end
+
+        subgraph flow["Authentication Flow"]
+            direction LR
+            f1["1️⃣ Login<br/>Stage"]
+            f2["2️⃣ Username<br/>Identification"]
+            f3["3️⃣ Password<br/>Validation"]
+            f4["4️⃣ MFA<br/>Challenge"]
+            f5["5️⃣ Session<br/>Created"]
+        end
+
+        subgraph providers["Providers"]
+            oidc_prov["OIDC Provider"]
+            proxy_prov["Proxy Provider"]
+        end
+    end
+
+    subgraph storage["💾 Storage"]
+        redis["Redis<br/>(Cache)"]
+        postgres["PostgreSQL<br/>(CNPG)"]
+    end
+
+    %% User flow
+    browser --> traefik
+    traefik --> apps
+
+    %% OIDC flow
+    oidc_app -->|"Redirect to auth"| server
+    server --> flow
+    f1 --> f2 --> f3 --> f4 --> f5
+    flow --> oidc_prov
+    oidc_prov -->|"JWT token"| oidc_app
+
+    %% Proxy flow
+    proxy_app -->|"Forward auth"| outpost
+    outpost --> server
+    server --> flow
+    proxy_prov --> outpost
+
+    %% Storage
+    server --> redis
+    server --> postgres
+
+    classDef user fill:#3498db,color:white
+    classDef ingress fill:#f39c12,color:black
+    classDef app fill:#27ae60,color:white
+    classDef authentik fill:#9b59b6,color:white
+    classDef storage fill:#e74c3c,color:white
+    classDef flow fill:#1abc9c,color:white
+
+    class browser user
+    class traefik ingress
+    class oidc_app,proxy_app app
+    class server,worker,outpost,oidc_prov,proxy_prov authentik
+    class redis,postgres storage
+    class f1,f2,f3,f4,f5 flow
+
+```