feat(infra): full dezky rebrand of Authentik login (logo, favicon, bg, footer)
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Has been cancelled
ci / test (push) Has been cancelled
ci / typecheck (map[dir:apps/portal name:portal]) (push) Has been cancelled
ci / typecheck (map[dir:apps/website name:website]) (push) Has been cancelled
ci / typecheck (map[dir:apps/booking name:booking]) (push) Has been cancelled
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Has been cancelled
ci / test (push) Has been cancelled
ci / typecheck (map[dir:apps/portal name:portal]) (push) Has been cancelled
ci / typecheck (map[dir:apps/website name:website]) (push) Has been cancelled
ci / typecheck (map[dir:apps/booking name:booking]) (push) Has been cancelled
Brand CSS only reaches the flow shadow DOM via CSS vars (colors), not the logo/favicon (deeper shadow root) or the "Powered by authentik" footer (light DOM). So, dev-style: serve real dezky assets + sed the bundle. - web-assets/: dezky-logo.svg, dezky-favicon.svg, dezky-bg.svg (carbon). - server-rebrand.py: patches the authentik-server Deployment with an initContainer that copies /web/dist to an emptyDir, drops the svgs into assets/icons, and seds "Powered by authentik" -> "Powered by Dezky". - brand.yaml: branding_logo / branding_favicon / branding_default_flow_background point at the served svgs; auth-flow title "Welcome to Dezky"; signal-green CSS. Verified live: login now matches dev (logo, title, carbon bg, green button, favicon, Powered by Dezky). Durability caveat documented (reverts on helm upgrade).
This commit is contained in:
Ronni Baslund
@@ -70,6 +70,31 @@ Client secrets live in `authentik-secret` (`PORTAL_OIDC_CLIENT_SECRET`,
|
||||
> post-render kustomize patch to make it durable). TODO.
|
||||
|
||||
## Still deferred
|
||||
- **Rebrand** of the "Powered by authentik" string (web-bundle `sed`, needs a
|
||||
root lifecycle override) — cosmetic; the *colors* are done via the brand CSS.
|
||||
- Pin the **chart version** (currently latest → app `2026.5.2`).
|
||||
- **Durability:** the server-rebrand Deployment patch + the brand image-field
|
||||
PATCH revert on a helm upgrade of Authentik — re-run them, or bake a custom
|
||||
image / post-render kustomize patch.
|
||||
|
||||
## Full visual rebrand (logo / favicon / background / footer) — APPLIED
|
||||
|
||||
Brand custom CSS only reaches shadow DOM via CSS **vars** (so colors work), not
|
||||
the logo/favicon (deeper shadow root) or the "Powered by authentik" footer
|
||||
(light DOM). Those use dev's mechanism — real files + a bundle sed:
|
||||
|
||||
- `web-assets/` — `dezky-logo.svg`, `dezky-favicon.svg`, `dezky-bg.svg` (carbon).
|
||||
- ConfigMap `authentik-web-assets` is built from `web-assets/`.
|
||||
- `server-rebrand.py` patches the **authentik-server** Deployment: an
|
||||
initContainer copies `/web/dist` into an emptyDir, drops the 3 svgs into
|
||||
`/web/dist/assets/icons/`, and seds `Powered by authentik` -> `Powered by
|
||||
Dezky`. The server then serves the patched bundle.
|
||||
- The brand's `branding_logo` / `branding_favicon` /
|
||||
`branding_default_flow_background` point at those served svgs (carried in
|
||||
brand.yaml; if the blueprint leaves them default, PATCH the brand via API).
|
||||
|
||||
Apply:
|
||||
```
|
||||
kubectl -n dezky-auth create configmap authentik-web-assets --from-file=web-assets/ --dry-run=client -o yaml | kubectl apply -f -
|
||||
kubectl -n dezky-auth get deploy authentik-server -o json | python3 server-rebrand.py | kubectl apply -f -
|
||||
```
|
||||
> CAVEAT: the server patch + brand PATCH revert on a helm upgrade of Authentik —
|
||||
> re-run them (or bake a custom image) for durability.
|
||||
|
||||
Reference in New Issue
Block a user