Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.
authelia from bjw-s is more popular with 53 repositories.
Install with:
helm repo add authelia https://charts.authelia.com/
helm install authelia authelia/authelia -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| authelia | pascaliske/infrastructure | 58 | 0.9.9 | 5 days ago |
| authelia | Pumba98/flux2-gitops | 49 | 0.9.9 | 14 days ago |
| authelia | wrmilling/k3s-gitops | 211 | 0.9.9 | 16 days ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
| boolean | |
configMap.notifier.smtp.address (3) submission://smtp.fastmail.com:587 | string |
| boolean | |
configMap.notifier.smtp.sender (3) Authelia <authelia@${SECRET_DOMAIN}> | string |
configMap.notifier.smtp.username (3) mail@${SECRET_DOMAIN} | string |
configMap.notifier.smtp.subject (2) [auth@infrastructure] {title} | string |
| string | |
configMap.notifier.smtp.password.path (1) SMTP_PASSWORD | string |
configMap.notifier.smtp.password.value (1) ${SECRET_AUTH_SMTP_PASSWORD} | string |
configMap.notifier.smtp.startup_check_address (1) ${SECRET_AUTH_SMTP_USER} | string |
| boolean | |
| boolean | |
configMap.notifier.filesystem.filename (1) /config/notification.txt | string |
| boolean | |
configMap.session.redis.host (3) authelia-redis-master | string |
| boolean | |
| number | |
| number | |
| boolean | |
| boolean | |
| string | |
| boolean | |
configMap.session.redis.password.value (1) ${SECRET_AUTH_REDIS_PASSWORD} | string |
| string | |
configMap.session.cookies[].domain (3) ${SECRET_DOMAIN} | string |
| string | |
configMap.session.cookies[].authelia_url (1) https://auth.${SECRET_DOMAIN} | string |
configMap.session.cookies[].default_redirection_url (1) https://${DOMAIN_INTERNAL} | string |
| string | |
| string | |
configMap.session.encryption_key.path (1) STORAGE_ENCRYPTION_KEY | string |
configMap.session.name (1) authelia_session | string |
| string | |
| string | |
| string | |
| boolean | |
configMap.storage.postgres.address (3) tcp://authelia-postgresql:5432 | string |
| string | |
| string | |
| boolean | |
configMap.storage.postgres.password.path (1) /extras/postgresql-password | string |
configMap.storage.postgres.password.value (1) ${SECRET_AUTH_STORAGE_PASSWORD} | string |
configMap.storage.encryption_key.path (1) STORAGE_ENCRYPTION_KEY | string |
configMap.storage.encryption_key.value (1) ${SECRET_AUTH_STORAGE_ENC_KEY} | string |
| boolean | |
configMap.storage.local.path (1) /config/db.sqlite3 | string |
| boolean | |
| string | |
configMap.access_control.rules[].domain (3) *.${SECRET_DOMAIN} | string |
configMap.access_control.rules[].policy (3) two_factor | string |
configMap.access_control.rules[].domain[] (2) - files.${SECRET_DOMAIN} | string |
configMap.access_control.rules[].resources[] (2) - ^/.web/.* | string |
configMap.access_control.rules[].subject[] (2) - group:admins | string |
| string | |
| string | |
configMap.access_control.networks[].networks[] (1) - ${PRIVATE_NETWORK} | string |
| boolean | |
| boolean | |
| string | |
| number | |
| number | |
| number | |
| number | |
| number | |
| string | |
configMap.authentication_backend.file.path (3) /config/users_database.yml | string |
| boolean | |
| boolean | |
| boolean | |
| string | |
| string | |
configMap.authentication_backend.ldap.address (1) ldap://openldap.kube-system.svc:1389 | string |
configMap.authentication_backend.ldap.base_dn (1) ${SECRET_LDAP_BASE_DN} | string |
configMap.authentication_backend.ldap.groups_filter (1) (&(member={dn})(objectclass=groupOfNames)) | string |
| string | |
configMap.authentication_backend.ldap.password.value (1) ${SECRET_LDAP_ADMIN_PASSWORD} | string |
configMap.authentication_backend.ldap.user (1) CN=${SECRET_LDAP_ADMIN_USERNAME},${SECRET_LDAP_BASE_DN} | string |
| string | |
configMap.authentication_backend.ldap.users_filter (1) (&({username_attribute}={input})(objectClass=person)) | string |
| boolean | |
| boolean | |
| string | |
| boolean | |
configMap.identity_providers.oidc.clients[].authorization_policy (2) two_factor | string |
configMap.identity_providers.oidc.clients[].client_id (2) Ph_ZrFAgRfB79_grNoVYFC3sPgQ9GLUKptNuTGNGpSe9bltBqDw45rNQ_oIWI2CAfnMqpGRL | string |
configMap.identity_providers.oidc.clients[].client_name (2) Immich | string |
configMap.identity_providers.oidc.clients[].redirect_uris[] (2) - https://immich.${SECRET_DOMAIN}/auth/login | string |
configMap.identity_providers.oidc.clients[].scopes[] (2) - openid | string |
| string | |
configMap.identity_providers.oidc.clients[].client_secret.path (1) /secrets/authelia/oidc.client.immich.value | string |
configMap.identity_providers.oidc.clients[].client_secret (1) ${AUTH_OIDC_CLIENT_SECRET_HASH} | string |
configMap.identity_providers.oidc.clients[].consent_mode (1) implicit | string |
| boolean | |
| string | |
| boolean | |
configMap.identity_providers.oidc.hmac_secret.path (2) identity_providers.oidc.hmac.key | string |
| string | |
configMap.identity_providers.oidc.jwks[].key.path (2) /secrets/authelia/oidc.jwk.RS256.pem | string |
| boolean | |
| string | |
| string | |
| string | |
| number | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| boolean | |
configMap.totp.issuer (1) Infrastructure | string |
configMap.webauthn.display_name (1) Infrastructure | string |
pod.kind (3) Deployment | string |
pod.extraVolumeMounts[].mountPath (2) /config/users_database.yml | string |
pod.extraVolumeMounts[].name (2) users-volume | string |
pod.extraVolumeMounts[].subPath (2) users_database.yml | string |
pod.extraVolumeMounts[].readOnly (1) true | boolean |
pod.extraVolumes[].name (2) users-volume | string |
pod.extraVolumes[].secret.secretName (2) authelia-users | string |
pod.extraVolumes[].secret.items[].key (1) password | string |
pod.extraVolumes[].secret.items[].path (1) password | string |
| string | |
| string | |
pod.extraVolumes[].configMap.name (1) authelia-users | string |
| number | |
pod.strategy.type (2) RollingUpdate | string |
pod.tolerations[].key (2) node-role.kubernetes.io/control-plane | string |
pod.tolerations[].operator (2) Exists | string |
pod.tolerations[].effect (1) NoSchedule | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN (1) dc=home,dc=arpa | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL (1) ldap://lldap.default.svc.cluster.local:389 | string |
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER (1) uid=admin,ou=people,dc=home,dc=arpa | string |
| string | |
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER (1) (&({username_attribute}={input})(objectClass=person)) | string |
| string | |
| string | |
pod.env.AUTHELIA_DEFAULT_REDIRECTION_URL (1) https://auth.${SECRET_DOMAIN} | string |
| string | |
| string | |
| number | |
pod.env.AUTHELIA_SESSION_DOMAIN (1) ${SECRET_DOMAIN} | string |
| string | |
pod.env.AUTHELIA_TOTP_ISSUER (1) authelia.com | string |
| string | |
pod.env[].name (1) TZ | string |
pod.env[].value (1) ${TIMEZONE} | string |
| string | |
| string | |
secret.existingSecret (3) authelia-secrets | string |
secret.additionalSecrets.authelia.items[].key (1) identity_providers.oidc.hmac.key | string |
domain (2) ${SECRET_DOMAIN} | string |
| string | |
ingress.annotations."cert-manager.io/cluster-issuer" (1) letsencrypt-prod | string |
ingress.annotations."external-dns.alpha.kubernetes.io/target" (1) ${SECRET_GATEWAY} | string |
ingress.className (2) nginx-external | string |
| boolean | |
| string | |
| boolean | |
ingress.tls.secret (1) authelia-cert | string |
envFrom[].secretRef.name (1) authelia-secrets | string |
image.registry (1) ghcr.io | string |
image.repository (1) authelia/authelia | string |
image.tag (1) 4.38.16 | string |
| boolean | |
persistence.existingClaim (1) pvc-authelia | string |
| number |