-
-
Notifications
You must be signed in to change notification settings - Fork 891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/docs: add scaling page #11397
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
✅ Deploy Preview for authentik-storybook canceled.
|
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #11397 +/- ##
==========================================
- Coverage 92.73% 92.65% -0.08%
==========================================
Files 736 736
Lines 36490 36490
==========================================
- Hits 33840 33811 -29
- Misses 2650 2679 +29
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ab3bba751566cac191901729c98186f8d91da17e
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s For arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ab3bba751566cac191901729c98186f8d91da17e-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s Afterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ab3bba751566cac191901729c98186f8d91da17e For arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ab3bba751566cac191901729c98186f8d91da17e-arm64 Afterwards, run the upgrade commands from the latest release notes. |
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>
|
||
#### Known issues | ||
|
||
The database recommendations given by the calculator are scaled linearly to the number of concurrent logins. This is not the pattern we observe in reality. As such, if the calculator returns ludicrous values for the database sizing, expect those to not be representative of the actual resources needed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not the pattern we observe in reality
Then what is, roughly? (unclear at that point if it's even better or worse than linear)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better than linear as described above in the PostgreSQL section. I feel like we might want to entirely remove the database sizing section.
The calculator takes two inputs: | ||
|
||
- the number of active users on the instance. This is used to calculate how much database storage will be required, and how many concurrent logins should be expected. | ||
- the number of concurrent logins expected. For N thousands users, we don't expect those N thousands users to log in at the exact same time. As such, we estimate that all of the users will log in over a period of 15 minutes, greatly reducing the load on the instance. Furthermore, as login uses [flows](../flow/index.md), a single login process may take several seconds for the user to complete it (entering their password, their MFA method, etc.). We estimate that number at 10 seconds. If you know what usage pattern to expect, you can override that value from the computed one. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We estimate that number at 10 seconds. If you know what usage pattern to expect, you can override that value from the computed one.
This makes it sound like I can/should be able to override that value of 10 seconds directly (rather than, I think, leaving the 2nd value blank to be estimated by the calculator versus manually adding my own). It might help to have a filled in default value of i.e. 1000 users and a placeholder grayed value of the interpolated concurrent logins, which I can input a different value into to override.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original idea was that one could entirely override the concurrent logins setting, because you might have 10k users, but divided into 3 timezones, which will effectively mean that you only have 3k users that login around the same time.
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Details
REPLACE ME
Checklist
ak test authentik/
)make lint-fix
)If an API change has been made
make gen-build
)If changes to the frontend have been made
make web
)If applicable
make website
)