authelia helm

Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.

More popular helm chart found

authelia from bjw-s is more popular with 54 repositories.

Install

Install with:

helm repo add authelia https://charts.authelia.com/
helm install authelia authelia/authelia -f values.yaml

Examples

See examples from other people.

Top Repositories (2 out of 3)

NameRepoStarsVersionTimestamp
autheliawrmilling/k3s-gitops2000.8.586 hours ago
autheliapascaliske/infrastructure480.9.0-beta75 days ago

Values

See the most popular values for this chart:

KeyTypes
configMap.notifier.smtp.enabled (3)
true
boolean
configMap.notifier.smtp.enabledSecret (2)
true
boolean
configMap.notifier.smtp.sender (2)
${SMTP_ACCOUNT_AUTH_EMAIL}
string
configMap.notifier.smtp.subject (2)
[auth@infrastructure] {title}
string
configMap.notifier.smtp.username (2)
${SMTP_ACCOUNT_AUTH_EMAIL}
string
configMap.notifier.smtp.address (1)
${SMTP_HOST}:587
string
configMap.notifier.smtp.host (1)
${SECRET_SMTP_DOMAIN}
string
configMap.notifier.smtp.identifier (1)
localhost
string
configMap.notifier.smtp.password.path (1)
SMTP_PASSWORD
string
configMap.notifier.smtp.port (1)
587
number
configMap.notifier.smtp.startup_check_address (1)
${SECRET_AUTH_SMTP_USER}
string
configMap.notifier.disable_startup_check (1)
true
boolean
configMap.notifier.filesystem.enabled (1)
true
boolean
configMap.notifier.filesystem.filename (1)
/config/notification.txt
string
configMap.access_control.default_policy (2)
deny
string
configMap.access_control.rules[].domain (2)
authelia.${SECRET_DOMAIN}
*.${SECRET_DOMAIN}
filebrowser.${SECRET_DOMAIN}
string
configMap.access_control.rules[].policy (2)
bypass
one_factor
one_factor
string
configMap.access_control.rules[].subject[] (2)
- group:admins
- group:admins
string
configMap.access_control.rules[].domain[] (1)
- unifi.${DOMAIN_INTERNAL}
- vault.${DOMAIN_INTERNAL}
- ${DOMAIN_INTERNAL}
- *.${DOMAIN_INTERNAL}
- git.${DOMAIN_EXTERNAL}
- registry.${DOMAIN_EXTERNAL}
string
configMap.access_control.rules[].resources[] (1)
- /dns-query
- /ready
- /loki/api/v1/push
- /api/services
- /api/websocket
- /admin
- ^\/share
- ^\/api
- ^\/assets
- ^\/icon
- ^\/manifest
- ^\/status
- ^\/api\/entry-page
- ^\/api\/status-page
- ^\/$
string
configMap.access_control.secret.enabled (1)
true
boolean
configMap.authentication_backend.file.enabled (2)
true
boolean
configMap.authentication_backend.file.password.algorithm (2)
argon2id
string
configMap.authentication_backend.file.path (2)
/config/users_database.yml
string
configMap.authentication_backend.file.search.email (1)
true
boolean
configMap.authentication_backend.file.watch (1)
true
boolean
configMap.authentication_backend.disable_reset_password (1)
true
boolean
configMap.authentication_backend.ldap.additional_groups_dn (1)

string
configMap.authentication_backend.ldap.additional_users_dn (1)

string
configMap.authentication_backend.ldap.base_dn (1)
${SECRET_LDAP_BASE_DN}
string
configMap.authentication_backend.ldap.enabled (1)
false
boolean
configMap.authentication_backend.ldap.groups_filter (1)
(&(member={dn})(objectclass=groupOfNames))
string
configMap.authentication_backend.ldap.implementation (1)
custom
string
configMap.authentication_backend.ldap.url (1)
ldap://openldap:1389
string
configMap.authentication_backend.ldap.user (1)
CN=${SECRET_LDAP_ADMIN_USERNAME},${SECRET_LDAP_BASE_DN}
string
configMap.authentication_backend.ldap.username_attribute (1)
uid
string
configMap.authentication_backend.ldap.users_filter (1)
(&({username_attribute}={input})(objectClass=person))
string
configMap.authentication_backend.password_reset.disable (1)
true
boolean
configMap.enabled (2)
true
boolean
configMap.log.level (2)
trace
string
configMap.session.inactivity (2)
15m
string
configMap.session.redis.enabled (2)
false
boolean
configMap.session.redis.host (2)
redis.redis.svc.cluster.local
string
configMap.session.redis.database_index (1)
0
number
configMap.session.redis.enabledSecret (1)
true
boolean
configMap.session.redis.port (1)
6379
number
configMap.session.redis.username (1)

string
configMap.session.cookies[].default_redirection_url (1)
https://${DOMAIN_INTERNAL}
https://${DOMAIN_EXTERNAL}
string
configMap.session.cookies[].domain (1)
${DOMAIN_INTERNAL}
${DOMAIN_EXTERNAL}
string
configMap.session.cookies[].subdomain (1)
auth
auth
string
configMap.session.encryption_key.path (1)
STORAGE_ENCRYPTION_KEY
string
configMap.session.expiration (1)
1h
string
configMap.session.remember_me_duration (1)
1M
string
configMap.storage.local.enabled (2)
true
boolean
configMap.storage.local.path (2)
/config/db.sqlite3
string
configMap.storage.postgres.enabled (2)
false
boolean
configMap.storage.postgres.database (1)
authelia
string
configMap.storage.postgres.host (1)
shared-psql-v16-rw.default.svc
string
configMap.storage.postgres.port (1)
5432
number
configMap.storage.postgres.sslmode (1)
disable
string
configMap.storage.postgres.username (1)
authelia
string
configMap.storage.encryption_key.path (1)
STORAGE_ENCRYPTION_KEY
string
configMap.storage.mysql.enabled (1)
false
boolean
configMap.theme (2)
dark
string
configMap.identity_providers.oidc.clients[].authorization_policy (1)
two_factor
two_factor
string
configMap.identity_providers.oidc.clients[].client_id (1)
synology-dsm
gitlab
string
configMap.identity_providers.oidc.clients[].client_name (1)
Synology DSM
GitLab
string
configMap.identity_providers.oidc.clients[].client_secret (1)
${AUTH_OIDC_CLIENT_SECRET_HASH}
${AUTH_OIDC_CLIENT_SECRET_HASH}
string
configMap.identity_providers.oidc.clients[].public (1)
false
false
boolean
configMap.identity_providers.oidc.clients[].redirect_uris[] (1)
- https://ryloth.${DOMAIN_INTERNAL}
- https://photos.ryloth.${DOMAIN_INTERNAL}
- https://git.${DOMAIN_EXTERNAL}/users/auth/openid_connect/callback
string
configMap.identity_providers.oidc.clients[].scopes[] (1)
- openid
- profile
- groups
- email
- openid
- profile
- groups
- email
string
configMap.identity_providers.oidc.clients[].token_endpoint_auth_method (1)
client_secret_post
client_secret_basic
string
configMap.identity_providers.oidc.clients[].userinfo_signed_response_alg (1)
none
none
string
configMap.identity_providers.oidc.enabled (1)
true
boolean
configMap.identity_providers.oidc.hmac_secret.path (1)
OIDC_HMAC_SECRET
string
configMap.identity_providers.oidc.jwks[].key.path (1)
/extras/oidc-jwks-key.pem
string
configMap.identity_validation.reset_password.secret.path (1)
JWT_TOKEN
string
configMap.regulation.ban_time (1)
5m
string
configMap.regulation.find_time (1)
2m
string
configMap.regulation.max_retries (1)
3
number
configMap.server.timeouts.idle (1)
30s
string
configMap.server.timeouts.read (1)
15s
string
configMap.server.timeouts.write (1)
15s
string
configMap.telemetry.metrics.enabled (1)
true
boolean
configMap.telemetry.metrics.serviceMonitor.enabled (1)
true
boolean
configMap.webauthn.display_name (1)
auth@infrastructure
string
domain (2)
${SECRET_DOMAIN}
string
persistence.enabled (2)
true
boolean
persistence.existingClaim (1)
pvc-authelia
string
persistence.storageClass (1)
local-path
string
pod.kind (2)
Deployment
string
pod.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)
kubernetes.io/arch
string
pod.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)
In
string
pod.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].values[] (1)
- amd64
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN (1)
ou=groups
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN (1)
ou=people
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN (1)
dc=home,dc=arpa
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_DISPLAY_NAME_ATTRIBUTE (1)
displayName
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE (1)
cn
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER (1)
(member={dn})
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_IMPLEMENTATION (1)
custom
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_MAIL_ATTRIBUTE (1)
mail
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_START_TLS (1)
false
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TIMEOUT (1)
5s
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL (1)
ldap://lldap.default.svc.cluster.local:389
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER (1)
uid=admin,ou=people,dc=home,dc=arpa
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERNAME_ATTRIBUTE (1)
uid
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER (1)
(&({username_attribute}={input})(objectClass=person))
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_PASSWORD_RESET_DISABLE (1)
true
string
pod.env.AUTHELIA_AUTHENTICATION_BACKEND_REFRESH_INTERVAL (1)
1m
string
pod.env.AUTHELIA_DEFAULT_REDIRECTION_URL (1)
https://auth.${SECRET_DOMAIN}
string
pod.env.AUTHELIA_DUO_API_DISABLE (1)
true
string
pod.env.AUTHELIA_LOG_LEVEL (1)
trace
string
pod.env.AUTHELIA_SERVER_PORT (1)
80
number
pod.env.AUTHELIA_SESSION_DOMAIN (1)
${SECRET_DOMAIN}
string
pod.env.AUTHELIA_THEME (1)
grey
string
pod.env.AUTHELIA_TOTP_ISSUER (1)
authelia.com
string
pod.env.AUTHELIA_WEBAUTHN_DISABLE (1)
true
string
pod.env[].name (1)
TZ
string
pod.env[].value (1)
${TIMEZONE}
string
pod.extraVolumeMounts[].mountPath (1)
/extras/users.yaml
/extras/oidc-jwks-key.pem
string
pod.extraVolumeMounts[].name (1)
users
oidc-jwks-key
string
pod.extraVolumeMounts[].readOnly (1)
true
true
boolean
pod.extraVolumeMounts[].subPath (1)
users.yaml
oidc-jwks-key.pem
string
pod.extraVolumes[].configMap.items[].key (1)
users.yaml
string
pod.extraVolumes[].configMap.items[].path (1)
users.yaml
string
pod.extraVolumes[].configMap.name (1)
authelia-users
string
pod.extraVolumes[].name (1)
users
oidc-jwks-key
string
pod.extraVolumes[].secret.items[].key (1)
oidc-jwks-key.pem
string
pod.extraVolumes[].secret.items[].path (1)
oidc-jwks-key.pem
string
pod.extraVolumes[].secret.secretName (1)
authelia-oidc-jwks-key
string
pod.replicas (1)
1
number
pod.resources.requests.cpu (1)
150m
string
pod.resources.requests.memory (1)
200Mi
string
pod.strategy.type (1)
Recreate
string
pod.tolerations[].key (1)
arm
string
pod.tolerations[].operator (1)
Exists
string
secret.existingSecret (2)
authelia-secrets
string
secret.ldap.key (1)
LDAP_PASSWORD
string
secret.ldap.value (1)
${SECRET_LDAP_ADMIN_PASSWORD}
string
secret.redis.key (1)
REDIS_PASSWORD
string
secret.redis.value (1)
${SECRET_AUTH_REDIS_PASSWORD}
string
secret.smtp.key (1)
SMTP_PASSWORD
string
secret.smtp.value (1)
${SECRET_AUTH_SMTP_PASSWORD}
string
secret.storage.key (1)
STORAGE_PASSWORD
string
secret.storage.value (1)
${SECRET_AUTH_STORAGE_PASSWORD}
string
secret.storageEncryptionKey.key (1)
STORAGE_ENCRYPTION_KEY
string
secret.storageEncryptionKey.value (1)
${SECRET_AUTH_STORAGE_ENC_KEY}
string
envFrom[].secretRef.name (1)
authelia-secrets
string
image.registry (1)
ghcr.io
string
image.repository (1)
authelia/authelia
string
image.tag (1)
4.38.9
string
ingress.annotations."cert-manager.io/cluster-issuer" (1)
letsencrypt-prod
string
ingress.annotations."kubernetes.io/tls-acme" (1)
true
string
ingress.className (1)
nginx-external
string
ingress.enabled (1)
true
boolean
ingress.subdomain (1)
auth
string
ingress.tls.enabled (1)
true
boolean
ingress.tls.secret (1)
authelia-cert
string
service.port (1)
80
number