No introduction found. Create it?
Install with:
helm repo add authentik https://charts.goauthentik.io/
helm install authentik authentik/authentik -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| authentik | bo0tzz/kube | 40 | 2025.12.4 | 8 days ago |
| authentik | h3mmy/bloopySphere | 63 | 2025.12.4 | 8 days ago |
| authentik | samip5/k8s-cluster | 148 | 2025.4.0 | 10 months ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
| boolean | |
server.ingress.hosts[] (24) - auth.${SECRET_DOMAIN} | string |
| string | |
server.ingress.tls[].hosts[] (20) - auth.${SECRET_DOMAIN} | string |
server.ingress.tls[].secretName (12) authentik-tls | string |
server.ingress.annotations."external-dns.alpha.kubernetes.io/target" (12) external.${SECRET_DOMAIN} | string |
server.ingress.annotations."cert-manager.io/cluster-issuer" (8) letsencrypt-production | string |
| string | |
| string | |
| string | |
| string | |
server.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (3) networking-chain-no-auth@kubernetescrd | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
server.ingress.annotations."gethomepage.dev/pod-selector" (2) app.kubernetes.io/name=authentik | string |
server.ingress.annotations."gethomepage.dev/siteMonitor" (2) http://authentik-server.networking.svc.cluster.local:80 | string |
| string | |
| string | |
| string | |
| string | |
server.ingress.annotations."coredns.io/hostname" (1) auth.${XYZ_DOMAIN} | string |
| string | |
| string | |
server.ingress.annotations."gethomepage.dev/description" (1) Identity Provider | string |
server.ingress.annotations."gethomepage.dev/widget.key" (1) {{HOMEPAGE_VAR_AUTHENTIK_TOKEN}} | string |
| string | |
server.ingress.annotations."gethomepage.dev/widget.url" (1) http://authentik-server.networking.svc.cluster.local:80 | string |
server.ingress.annotations."hajimari.io/appName" (1) Login Settings | string |
server.ingress.annotations."hajimari.io/instance" (1) bloop-xyz,bloop-quarky | string |
server.ingress.annotations."hajimari.io/url" (1) https://auth.${XYZ_DOMAIN} | string |
server.ingress.annotations."haproxy.org/allow-list" (1) ${HAPROXY_WHITELIST} | string |
server.ingress.annotations."haproxy.org/response-set-header" (1) Strict-Transport-Security "max-age=31536000"
X-Frame-Options "DENY"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
| string |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| boolean, string | |
| boolean | |
| boolean | |
| boolean | |
| string | |
| boolean | |
| number | |
| string | |
| string | |
| string | |
| string | |
server.initContainers[].image (14) ghcr.io/onedr0p/postgres-init:16.8 | string |
| string | |
server.initContainers[].envFrom[].secretRef.name (13) authentik-secret | string |
server.initContainers[].imagePullPolicy (2) IfNotPresent | string |
server.initContainers[].env[].name (1) INIT_POSTGRES_HOST | string |
server.initContainers[].env[].value (1) postgres-rw.databases.svc.cluster.local. | string |
server.initContainers[].env[].valueFrom.secretKeyRef.key (1) password | string |
server.initContainers[].env[].valueFrom.secretKeyRef.name (1) postgres-superuser | string |
| string | |
| string | |
| string | |
| boolean | |
| number | |
| number | |
| number | |
| boolean | |
| number | |
| number | |
server.volumeMounts[].mountPath (5) /media/public/custom | string |
server.volumeMounts[].name (5) authentik-branding | string |
server.volumeMounts[].subPath (1) groovie-melting.png | string |
| boolean | |
server.route.main.hostnames[] (4) - sso.${SECRET_DOMAIN} | string |
| string | |
| string | |
| string | |
server.route.main.parentRefs[].group (2) gateway.networking.k8s.io | string |
| string | |
server.route.main.annotations."external-dns.alpha.kubernetes.io/target" (2) external.${SECRET_DOMAIN} | string |
server.volumes[].name (4) authentik-branding | string |
server.volumes[].configMap.name (2) authentik-theme | string |
server.volumes[].persistentVolumeClaim.claimName (2) authentik-branding | string |
| boolean | |
| string | |
| boolean | |
server.containerSecurityContext.seccompProfile.type (2) RuntimeDefault | string |
| boolean | |
| number | |
| number | |
| string | |
| string | |
| string | |
| number | |
server.annotations."secret.reloader.stakater.com/reload" (1) authentik-secret | string |
| string | |
| string | |
server.env[].name (1) OTEL_SERVICE_NAME | string |
server.env[].value (1) authentik | string |
server.initContainers.init-db.envFrom[].secretRef.name (1) authentik-secret | string |
server.initContainers.init-db.image.repository (1) ghcr.io/onedr0p/postgres-init | string |
| number | |
| number | |
| number | |
| number | |
server.name (1) server | string |
| string | |
| number | |
| boolean | |
| number | |
| number | |
| number | |
| number | |
| number | |
| number | |
| number | |
| number | |
| number | |
| number | |
server.serviceAccountName (1) authentik | string |
| string | |
| string | |
| number | |
server.topologySpreadConstraints[].topologyKey (1) kubernetes.io/hostname | string |
| string | |
| boolean | |
| boolean | |
| string | |
redis.master.persistence.storageClass (1) ceph-block-internal | string |
| string | |
| boolean | |
| boolean | |
redis.auth.password (1) ${AUTHENTIK_REDIS_PASSWORD} | string |
| string | |
redis.global.storageClass (1) zfs-iscsi | string |
| boolean | |
| boolean | |
| boolean | |
redis.commonConfiguration (1) appendonly no
save "" | string |
| string | |
global.envFrom[].secretRef.name (23) authentik-secret | string |
global.envFrom[].configMapRef.name (1) authentik-media | string |
global.volumes[].name (12) authentik-templates | string |
global.volumes[].configMap.name (8) authentik-templates | string |
| number | |
global.volumes[].secret.secretName (3) authentik-sub-secrets | string |
global.volumes[].secret.items[].key (2) tls.crt | string |
global.volumes[].secret.items[].path (2) fullchain.pem | string |
| number | |
| boolean | |
| string | |
| string | |
global.volumes[].persistentVolumeClaim.claimName (1) authentik-media-cephfs | string |
| number | |
| string | |
| string | |
global.volumes[].projected.sources[].configMap.name (1) background-image-1 | string |
global.env[].name (11) AUTHENTIK_SESSION_STORAGE | string |
| string | |
global.env[].valueFrom.secretKeyRef.key (5) secret_key | string |
global.env[].valueFrom.secretKeyRef.name (5) authentik-configsecrets | string |
global.volumeMounts[].mountPath (11) /templates | string |
global.volumeMounts[].name (11) authentik-templates | string |
global.volumeMounts[].subPath (4) custom.css | string |
global.volumeMounts[].readOnly (2) true | boolean |
global.deploymentStrategy.type (10) RollingUpdate | string |
| number | |
| number | |
| string | |
global.image.repository (7) ghcr.io/goauthentik/server | string |
global.image.tag (6) gh-version-2025.12 | string |
global.image.pullPolicy (1) IfNotPresent | string |
| string | |
global.podAnnotations."secret.reloader.stakater.com/reload" (3) authentik-secret | string |
| boolean, string | |
global.fullnameOverride (3) authentik | string |
| number | |
global.securityContext.fsGroupChangePolicy (1) OnRootMismatch | string |
| number | |
| number | |
global.storageClass (2) ceph-block | string |
| string | |
| string | |
| string | |
| number | |
| string | |
| string | |
global.postgresql.host (1) enterprise-postgres-rw.databases.svc.cluster.local | string |
| number | |
global.postgresql.read_replicas.0.host (1) enterprise-postgres-r.databases.svc.cluster.local | string |
| number | |
global.priorityClassName (1) security-critical | string |
global.redis.host (1) {{ .Release.Name }}-redis-master | string |
| string | |
| number | |
| number | |
global.topologySpreadConstraints[].topologyKey (1) kubernetes.io/hostname | string |
| string | |
| string | |
| boolean | |
| boolean | |
| boolean | |
authentik.error_reporting.environment (4) beryjuio-test | string |
| number | |
authentik.error_reporting.sentry_dsn (2) https://7f785644f04047ea8202df0320bb671d@sentry.beryju.io/3 | string |
authentik.redis.host (18) dragonfly.database.svc.cluster.local | string |
| number | |
authentik.redis.password (2) ${AUTHENTIK_REDIS_PASSWORD} | string |
| number | |
| number, string | |
authentik.email.from (15) Authentik <mail@${SECRET_DOMAIN}> | string |
authentik.email.host (14) smtp-relay.default.svc.cluster.local | string |
| boolean, string | |
| string, boolean | |
| string, number | |
authentik.email.password (2) ${AUTHENTIK_EMAIL_PASSWORD} | string |
authentik.email.username (2) ${AUTHENTIK_EMAIL_USERNAME} | string |
authentik.postgresql.name (14) authentik | string |
authentik.postgresql.user (12) authentik | string |
authentik.postgresql.host (11) postgresql.database.svc.cluster.local | string |
| string | |
| number | |
| boolean | |
authentik.postgresql.read_replicas.0.host (1) postgres16-r.database.svc.cluster.local | string |
| number | |
authentik.postgresql.s3_backup.access_key (1) ${AUTHENTIK_S3_ACCESS_KEY} | string |
authentik.postgresql.s3_backup.bucket (1) authentik-postgresql-backup | string |
authentik.postgresql.s3_backup.host (1) http://s3.minio.storage | string |
authentik.postgresql.s3_backup.secret_key (1) ${AUTHENTIK_S3_SECRET} | string |
| string | |
authentik.avatars (7) gravatar,initials | string |
authentik.secret_key (7) ${SECRET_AUTHENTIK_SECRET_KEY} | string |
authentik.outposts.container_image_base (6) ghcr.io/goauthentik/%(type)s:%(version)s | string |
authentik.outposts.docker_image_base (3) ghcr.io/goauthentik/%(type)s:%(version)s | string |
| boolean | |
| boolean | |
authentik.blueprints[].configMapRef.name (1) authentik-discord-blueprint | string |
authentik.blueprints[].path (1) /blueprints/sidecar | string |
| string | |
| string | |
| boolean | |
postgresql.image.tag (4) 15.14-bookworm | string |
postgresql.image.registry (2) docker.io | string |
postgresql.image.repository (2) bitnami/postgresql | string |
| boolean | |
| boolean | |
postgresql.metrics.image.repository (2) prometheuscommunity/postgres-exporter | string |
| string | |
postgresql.auth.existingSecret (2) authentik-postgres-secrets | string |
postgresql.auth.secretKeys.userPasswordKey (1) postgres-password | string |
postgresql.global.imageRegistry (2) proxy.registry.beryju.io | string |
postgresql.global.defaultStorageClass (1) openebs-hostpath | string |
postgresql.postgresqlPassword (2) ${AUTH_AUTHENTIK_POSTGRESQL_PASSWORD} | string |
| number | |
| string | |
| boolean | |
| string | |
postgresql.primary.persistence.storageClass (1) ceph-block-internal | string |
| boolean | |
postgresql.persistence.existingClaim (1) authentik-postgresql-v1 | string |
postgresql.postgresqlDatabase (1) authentik | string |
postgresql.postgresqlUsername (1) authentik | string |
| boolean, string | |
| boolean | |
| boolean | |
| string | |
| string | |
| number | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| number | |
| number | |
| number | |
| boolean | |
| boolean | |
| boolean | |
worker.volumeMounts[].mountPath (4) /blueprints/sidecar | string |
worker.volumeMounts[].name (4) sidecar-blueprints | string |
worker.volumes[].name (4) sidecar-blueprints | string |
worker.volumes[].configMap.name (1) authentik-blueprints | string |
| string | |
| boolean | |
| number | |
| number | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| string | |
| boolean | |
worker.containerSecurityContext.seccompProfile.type (2) RuntimeDefault | string |
| boolean | |
worker.extraContainers[].env[].name (2) FOLDER | string |
worker.extraContainers[].env[].value (2) /blueprints/sidecar | string |
worker.extraContainers[].image (2) ghcr.io/kiwigrid/k8s-sidecar:2.5.0 | string |
worker.extraContainers[].name (2) sidecar-blueprints | string |
worker.extraContainers[].volumeMounts[].mountPath (2) /blueprints/sidecar | string |
worker.extraContainers[].volumeMounts[].name (2) sidecar-blueprints | string |
worker.extraContainers[].imagePullPolicy (1) IfNotPresent | string |
| string | |
| string | |
| string | |
| number | |
| number | |
| number | |
| number | |
worker.name (2) worker | string |
| number | |
| number | |
| number | |
| number | |
| boolean | |
worker.annotations."secret.reloader.stakater.com/reload" (1) authentik-secret | string |
worker.env[].name (1) OTEL_SERVICE_NAME | string |
worker.env[].value (1) authentik-worker | string |
| boolean | |
| number | |
| boolean | |
| number | |
| boolean | |
| number | |
| number | |
worker.serviceAccountName (1) authentik | string |
| string | |
| string | |
| number | |
worker.topologySpreadConstraints[].topologyKey (1) kubernetes.io/hostname | string |
| string | |
geoip.enabled (8) false | boolean |
geoip.existingSecret.secretName (6) authentik-secret | string |
geoip.existingSecret.accountId (5) MAXMIND_ACCOUNT_ID | string |
geoip.existingSecret.licenseKey (5) MAXMIND_LICENSE_KEY | string |
geoip.editionIds (2) GeoLite2-City GeoLite2-ASN | string |
| number | |
geoip.accountId (1) 878850 | string |
geoip.licenseKey (1) ${SECRET_MAXMIND_LICENSE_KEY} | string |
fullnameOverride (4) authentik | string |
| boolean | |
ingress.hosts[].host (3) sso.${SECRET_DOMAIN} | string |
| string | |
| string | |
| string | |
ingress.tls[].hosts[] (3) - sso.${SECRET_DOMAIN} | string |
ingress.tls[].secretName (2) acme-crt-secret-sparks-codes | string |
ingress.annotations."hajimari.io/icon" (2) ph:password-bold | string |
ingress.annotations."cert-manager.io/cluster-issuer" (1) letsencrypt-production | string |
ingress.annotations."external-dns.alpha.kubernetes.io/target" (1) ${CLOUDFLARE_DDNS_RECORD} | string |
| string | |
| string | |
| boolean | |
serviceAccount.fullnameOverride (1) authentik | string |
serviceAccount.nameOverride (1) authentik | string |
| boolean | |
backups.destinationPath (1) ${s3_destination_path} | string |
| boolean | |
backups.endpointURL (1) ${s3_endpoint_url} | string |
| string | |
| string | |
backups.s3.accessKey (1) ${s3_key_id} | string |
backups.s3.secretKey (1) ${s3_key} | string |
| string | |
backups.scheduledBackups[].name (1) daily-authentik-backup | string |
backups.scheduledBackups[].schedule (1) 0 0 0 * * * | string |
| string | |
| boolean | |
| string | |
cluster.affinity.topologyKey (1) kubernetes.io/hostname | string |
| number | |
| boolean | |
| string | |
cluster.storage.storageClass (1) longhorn-fast-unreplicated-strictlocal | string |
| string | |
cluster.walStorage.storageClass (1) longhorn-fast-unreplicated-strictlocal | string |
image.pullPolicy (1) IfNotPresent | string |
image.repository (1) ghcr.io/goauthentik/server | string |
image.tag (1) 2023.6.1 | string |
| boolean | |
postgres.enabled (1) false | boolean |
| number | |
| string | |
| string | |
volumes[].name (1) media | string |
volumes[].persistentVolumeClaim.claimName (1) authentik-media | string |