authentik helm

No introduction found. Create it?

Install

Install with:

helm repo add authentik https://charts.goauthentik.io/
helm install authentik authentik/authentik -f values.yaml

Examples

See examples from other people.

Top Repositories (5 out of 43)

NameRepoStarsVersionTimestamp
authentikchkpwd/iac522024.2.310 hours ago
authentikszinn/k8s-homelab1392024.4.215 hours ago
authentikjoryirving/home-ops842024.4.22 days ago
authentikishioni/homelab-ops732024.4.22 days ago
authentiksamip5/k8s-cluster762024.4.26 days ago

Values

See the most popular values for this chart:

KeyTypes
redis.enabled (35)
true
boolean
redis.auth.enabled (9)
true
boolean
redis.auth.password (2)
string
redis.metrics.enabled (5)
true
boolean
redis.metrics.serviceMonitor.enabled (5)
true
boolean
redis.metrics.resources.limits.memory (2)
string
redis.metrics.resources.requests.cpu (2)
string
redis.metrics.resources.requests.memory (2)
string
redis.persistence.enabled (4)
false
boolean
redis.commonConfiguration (2)
string
redis.global.imageRegistry (2)
string
redis.global.storageClass (2)
string
redis.master.persistence.enabled (2)
boolean
redis.master.persistence.size (2)
string
redis.master.persistence.existingClaim (1)
string
redis.master.persistence.storageClass (1)
string
redis.master.resources.limits.memory (2)
string
redis.master.resources.limits.cpu (1)
string
redis.master.resources.requests.cpu (2)
string
redis.master.resources.requests.memory (2)
string
redis.master.securityContext.enabled (1)
boolean
redis.architecture (1)
string
authentik.log_level (30)
debug
string
authentik.email.port (24)
587
number, string
authentik.email.from (21)
string
authentik.email.host (19)
smtp-relay.default.svc.cluster.local
string
authentik.email.use_tls (16)
true
boolean, string
authentik.email.password (7)
string
authentik.email.use_ssl (7)
true
boolean, string
authentik.email.username (7)
string
authentik.email.timeout (1)
string
authentik.error_reporting.enabled (24)
false
boolean
authentik.error_reporting.send_pii (13)
false
boolean
authentik.error_reporting.enable (4)
false
boolean
authentik.error_reporting.environment (3)
string
authentik.error_reporting.sample_rate (2)
number
authentik.error_reporting.sentry_dsn (2)
string
authentik.redis.host (24)
{{ .Release.Name }}-redis-master
string
authentik.redis.password (9)

string
authentik.redis.db (1)
number
authentik.postgresql.name (18)
authentik
string
authentik.postgresql.user (17)
authentik
string
authentik.postgresql.host (15)
string
authentik.postgresql.password (14)

string
authentik.postgresql.port (7)
5432
number, string
authentik.postgresql.enabled (3)
false
boolean
authentik.postgresql.s3_backup.access_key (2)
string
authentik.postgresql.s3_backup.bucket (2)
string
authentik.postgresql.s3_backup.host (2)
string
authentik.postgresql.s3_backup.secret_key (2)
string
authentik.postgresql.username (1)
string
authentik.secret_key (14)
${SECRET_AUTHENTIK_SECRET_KEY}
string
authentik.outposts.container_image_base (8)
ghcr.io/goauthentik/%(type)s:%(version)s
string
authentik.outposts.docker_image_base (8)
ghcr.io/goauthentik/%(type)s:%(version)s
string
authentik.avatars (6)
gravatar,initials
string
authentik.disable_startup_analytics (2)
boolean
authentik.events.context_processors.asn (1)
string
authentik.events.context_processors.geoip (1)
string
authentik.footer_links (1)
string
authentik.geoip (1)
string
authentik.security_key (1)
string
server.ingress.enabled (27)
true
boolean
server.ingress.hosts[].host (2)
string
server.ingress.hosts[].paths[].path (2)
string
server.ingress.hosts[].paths[].pathType (2)
string
server.ingress.hosts[] (25)
- auth.${SECRET_DOMAIN}
string
server.ingress.ingressClassName (25)
external
string
server.ingress.tls[].hosts[] (24)
- auth.${SECRET_DOMAIN}
string
server.ingress.tls[].secretName (11)
string
server.ingress.annotations."external-dns.alpha.kubernetes.io/target" (14)
external.${SECRET_DOMAIN}
string
server.ingress.annotations."nginx.ingress.kubernetes.io/proxy-read-timeout" (7)
3600
string
server.ingress.annotations."nginx.ingress.kubernetes.io/proxy-send-timeout" (7)
3600
string
server.ingress.annotations."cert-manager.io/cluster-issuer" (6)
letsencrypt-production
string
server.ingress.annotations."gethomepage.dev/enabled" (4)
true
string
server.ingress.annotations."gethomepage.dev/group" (4)
string
server.ingress.annotations."gethomepage.dev/icon" (4)
authentik.png
string
server.ingress.annotations."gethomepage.dev/name" (4)
Authentik
string
server.ingress.annotations."hajimari.io/enable" (4)
true
string
server.ingress.annotations."hajimari.io/icon" (4)
string
server.ingress.annotations."nginx.ingress.kubernetes.io/enable-global-auth" (4)
false
string
server.ingress.annotations."external-dns.home.arpa/enabled" (3)
true
string
server.ingress.annotations."gethomepage.dev/widget.key" (3)
{{HOMEPAGE_VAR_AUTHENTIK_TOKEN}}
string
server.ingress.annotations."gethomepage.dev/widget.type" (3)
authentik
string
server.ingress.annotations."gethomepage.dev/widget.url" (3)
string
server.ingress.annotations."nginx.org/websocket-services" (3)
authentik
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (3)
websecure
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (3)
string
server.ingress.annotations.external-dns/is-public (2)
string
server.ingress.annotations."gethomepage.dev/description" (2)
string
server.ingress.annotations."hajimari.io/group" (2)
string
server.ingress.annotations."coredns.io/hostname" (1)
string
server.ingress.annotations."external-dns.target/enabled" (1)
string
server.ingress.annotations."gatus.io/enabled" (1)
string
server.ingress.annotations."gethomepage.dev/pod-selector" (1)
string
server.ingress.annotations."hajimari.io/appName" (1)
string
server.ingress.annotations."hajimari.io/info" (1)
string
server.ingress.annotations."hajimari.io/instance" (1)
string
server.ingress.annotations."hajimari.io/url" (1)
string
server.ingress.annotations."nginx.ingress.kubernetes.io/force-ssl-redirect" (1)
string
server.ingress.annotations."nginx.ingress.kubernetes.io/router.entrypoints" (1)
string
server.ingress.paths[] (12)
- /
string
server.ingress.pathType (5)
Prefix
string
server.ingress.https (3)
false
boolean
server.metrics.serviceMonitor.enabled (17)
true
boolean
server.metrics.serviceMonitor.create (1)
boolean
server.metrics.serviceMonitor.interval (1)
string
server.metrics.enabled (10)
true
boolean
server.metrics.prometheus.serviceMonitor.enabled (5)
true
boolean
server.metrics.metrics.enabled (1)
boolean
server.metrics.rules.enabled (1)
boolean
server.resources.requests.cpu (11)
50m
string
server.resources.requests.memory (9)
500Mi
string
server.resources.limits.memory (9)
800Mi
string
server.resources.limits.cpu (2)
string
server.initContainers[].envFrom[].secretRef.name (10)
authentik-secret
string
server.initContainers[].image (10)
ghcr.io/onedr0p/postgres-init:16.2
string
server.initContainers[].name (10)
init-db
string
server.initContainers[].imagePullPolicy (2)
string
server.replicas (9)
1
number
server.autoscaling.enabled (8)
true
boolean
server.autoscaling.minReplicas (7)
2
number
server.pdb.enabled (3)
boolean
server.pdb.maxUnavailable (2)
number
server.pdb.minAvailable (2)
number
server.annotations."secret.reloader.stakater.com/reload" (1)
string
server.containerSecurityContext.readOnlyRootFilesystem (1)
boolean
server.initContainers.01-init-db.env[].name (1)
string
server.initContainers.01-init-db.env[].value (1)
string
server.initContainers.01-init-db.env[].valueFrom.secretKeyRef.key (1)
string
server.initContainers.01-init-db.env[].valueFrom.secretKeyRef.name (1)
string
server.initContainers.01-init-db.envFrom[].secretRef.name (1)
string
server.initContainers.01-init-db.image.repository (1)
string
server.initContainers.01-init-db.image.tag (1)
number
server.initContainers.init-db.env[].name (1)
string
server.initContainers.init-db.env[].value (1)
string
server.initContainers.init-db.env[].valueFrom.secretKeyRef.key (1)
string
server.initContainers.init-db.env[].valueFrom.secretKeyRef.name (1)
string
server.initContainers.init-db.image (1)
string
server.initContainers.init-db[].envFrom[].secretRef.name (1)
string
server.initContainers.init-db[].image (1)
string
server.initContainers.init-db[].imagePullPolicy (1)
string
server.initContainers.init-db[].name (1)
string
server.name (1)
string
server.revisionHistoryLimit (1)
number
server.volumeMounts[].mountPath (1)
string
server.volumeMounts[].name (1)
string
server.volumeMounts[].subPath (1)
string
server.volumes[].configMap.name (1)
string
server.volumes[].name (1)
string
postgresql.enabled (24)
false
boolean
postgresql.postgresqlPassword (3)
string
postgresql.global.imageRegistry (2)
string
postgresql.metrics.enabled (2)
boolean
postgresql.metrics.serviceMonitor.enabled (2)
boolean
postgresql.persistence.enabled (2)
boolean
postgresql.persistence.existingClaim (2)
string
postgresql.postgresqlDatabase (2)
string
postgresql.postgresqlUsername (2)
string
postgresql.auth.password (1)
string
postgresql.primary.persistence.existingClaim (1)
string
ingress.enabled (16)
true
boolean
ingress.hosts[].host (15)
authentik.${SECRET_DOMAIN}
string
ingress.hosts[].paths[].path (15)
/
string
ingress.hosts[].paths[].pathType (9)
Prefix
string
ingress.ingressClassName (14)
nginx
string
ingress.tls[].hosts[] (14)
- authentik.${SECRET_DOMAIN}
string
ingress.tls[].secretName (8)
string
ingress.annotations."external-dns.alpha.kubernetes.io/target" (8)
ipv4.${SECRET_DOMAIN}
string
ingress.annotations."cert-manager.io/cluster-issuer" (6)
letsencrypt-production
string
ingress.annotations."hajimari.io/icon" (6)
string
ingress.annotations."hajimari.io/enable" (4)
true
string
ingress.annotations."hajimari.io/appName" (3)
Authentik
string
ingress.annotations."nginx.ingress.kubernetes.io/proxy-read-timeout" (3)
3600
string
ingress.annotations."nginx.ingress.kubernetes.io/proxy-send-timeout" (3)
3600
string
ingress.annotations."external-dns.alpha.kubernetes.io/hostname" (2)
string
ingress.annotations."nginx.ingress.kubernetes.io/enable-global-auth" (2)
string
ingress.annotations."nginx.ingress.kubernetes.io/router.entrypoints" (2)
string
ingress.annotations."nginx.org/websocket-services" (2)
string
ingress.annotations.external-dns/is-public (1)
string
ingress.annotations."external-dns.alpha.kubernetes.io/cloudflare-proxied" (1)
string
ingress.annotations."external-dns.home.arpa/enabled" (1)
string
ingress.annotations."hajimari.io/group" (1)
string
ingress.annotations."haproxy-ingress-proxy.pfsense.org/backend" (1)
string
ingress.annotations."haproxy-ingress-proxy.pfsense.org/enabled" (1)
string
ingress.annotations."haproxy-ingress-proxy.pfsense.org/frontend" (1)
string
ingress.annotations."kubernetes.io/ingress.class" (1)
string
ingress.annotations."kubernetes.io/tls-acme" (1)
string
ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
string
worker.replicas (16)
1
number
worker.resources.limits.memory (8)
1200Mi
string
worker.resources.requests.cpu (8)
50m
string
worker.resources.requests.memory (8)
500Mi
string
worker.autoscaling.enabled (6)
true
boolean
worker.autoscaling.minReplicas (5)
2
number
worker.annotations."secret.reloader.stakater.com/reload" (1)
string
worker.containerSecurityContext.readOnlyRootFilesystem (1)
boolean
worker.metrics.prometheus.serviceMonitor.enabled (1)
boolean
worker.pdb.enabled (1)
boolean
worker.revisionHistoryLimit (1)
number
global.envFrom[].secretRef.name (15)
authentik-secret
string
global.envFrom[].name (1)
string
global.podAnnotations."secret.reloader.stakater.com/reload" (9)
authentik-secret
string
global.podAnnotations."reloader.stakater.com/auto" (1)
string
global.deploymentAnnotations."secret.reloader.stakater.com/reload" (8)
authentik-secret
string
global.deploymentAnnotations."configmap.reloader.stakater.com/reload" (2)
string
global.deploymentStrategy.type (8)
RollingUpdate
string
global.image.repository (8)
ghcr.io/goauthentik/server
string
global.image.tag (6)
string
global.image.pullPolicy (2)
string
global.volumeMounts[].mountPath (6)
string
global.volumeMounts[].name (6)
string
global.volumeMounts[].readOnly (2)
boolean
global.volumeMounts[].subPath (1)
string
global.volumes[].name (6)
string
global.volumes[].configMap.name (3)
string
global.volumes[].secret.items[].key (2)
string
global.volumes[].secret.items[].path (2)
string
global.volumes[].secret.optional (2)
boolean
global.volumes[].secret.secretName (2)
string
global.volumes[].projected.defaultMode (1)
number
global.volumes[].projected.sources[].configMap.items[].key (1)
string
global.volumes[].projected.sources[].configMap.items[].path (1)
string
global.volumes[].projected.sources[].configMap.name (1)
string
global.env[].name (4)
string
global.env[].valueFrom.secretKeyRef.key (4)
string
global.env[].valueFrom.secretKeyRef.name (4)
string
global.env[].value (1)
string
global.storageClass (3)
string
global.fullnameOverride (2)
string
global.addPrometheusAnnotations (1)
boolean
global.affinity.nodeAffinity.matchExpressions[].key (1)
string
global.affinity.nodeAffinity.matchExpressions[].operator (1)
string
global.affinity.nodeAffinity.matchExpressions[].values[] (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[].key (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[].operator (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[].values[] (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].weight (1)
number
global.affinity.nodeAffinity.type (1)
string
global.env.AUTHENTIK_EMAIL__HOST (1)
string
global.env.AUTHENTIK_EMAIL__PORT (1)
number
global.env.AUTHENTIK_EMAIL__USE_TLS (1)
string
global.podLabels."policy.gabe565.com/egress-geoip" (1)
string
global.podLabels."policy.gabe565.com/egress-kube-dns" (1)
string
global.podLabels."policy.gabe565.com/egress-kubeapi" (1)
string
global.podLabels."policy.gabe565.com/egress-namespace" (1)
string
global.podLabels."policy.gabe565.com/egress-world" (1)
string
global.podLabels."policy.gabe565.com/ingress-ingress" (1)
string
global.podLabels."policy.gabe565.com/ingress-prometheus" (1)
string
global.podLabels."spiffe.bloopysphere.arpa/enabled" (1)
string
global.priorityClassName (1)
string
global.revisionHistoryLimit (1)
number
prometheus.serviceMonitor.create (13)
true
boolean
prometheus.serviceMonitor.interval (6)
30s
string
prometheus.serviceMonitor.scrapeTimeout (6)
3s
string
prometheus.rules.enabled (12)
true
boolean
prometheus.rules.create (11)
true
boolean
image.repository (11)
ghcr.io/goauthentik/server
string
image.tag (11)
string
image.pullPolicy (7)
IfNotPresent
string
image.digest (1)
string
serviceAccount.create (8)
true
boolean
serviceAccount.fullnameOverride (2)
string
serviceAccount.nameOverride (2)
string
serviceAccount.serviceAccountSecret.enabled (2)
boolean
geoip.enabled (7)
true
boolean
geoip.existingSecret.accountId (3)
string
geoip.existingSecret.licenseKey (3)
string
geoip.existingSecret.secretName (3)
string
geoip.accountId (2)
string
geoip.licenseKey (2)
string
geoip.containerSecurityContext.readOnlyRootFilesystem (1)
boolean
geoip.env[].name (1)
string
geoip.env[].value (1)
string
geoip.volumeMounts[].mountPath (1)
string
geoip.volumeMounts[].name (1)
string
replicas (6)
1
number
initContainers.init-db.envFrom[].secretRef.name (5)
authentik-secret
string
initContainers.init-db.image (5)
string
initContainers.init-db.imagePullPolicy (5)
IfNotPresent
string
service.port (3)
number
service.type (2)
string
service.annotations."io.cilium/lb-ipam-ips" (1)
string
service.enabled (1)
boolean
service.name (1)
string
service.protocol (1)
string
volumeMounts[].mountPath (3)
string
volumeMounts[].name (3)
string
volumeMounts[].readOnly (2)
boolean
volumes[].name (3)
string
volumes[].secret.items[].key (2)
string
volumes[].secret.items[].path (2)
string
volumes[].secret.optional (2)
boolean
volumes[].secret.secretName (2)
string
volumes[].persistentVolumeClaim.claimName (1)
string
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (2)
string
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (2)
string
affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchLabels."app.kubernetes.io/component" (2)
string
affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)
string
affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].labelSelector.matchLabels."app.kubernetes.io/name" (2)
string
affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[].topologyKey (2)
string
envFrom[].secretRef.name (2)
string
envValueFrom.AUTHENTIK_POSTGRESQL__NAME.secretKeyRef.key (2)
string
envValueFrom.AUTHENTIK_POSTGRESQL__NAME.secretKeyRef.name (2)
string
envValueFrom.AUTHENTIK_POSTGRESQL__PASSWORD.secretKeyRef.key (2)
string
envValueFrom.AUTHENTIK_POSTGRESQL__PASSWORD.secretKeyRef.name (2)
string
envValueFrom.AUTHENTIK_POSTGRESQL__USER.secretKeyRef.key (2)
string
envValueFrom.AUTHENTIK_POSTGRESQL__USER.secretKeyRef.name (2)
string
envValueFrom.AUTHENTIK_REDIS__PASSWORD.secretKeyRef.key (2)
string
envValueFrom.AUTHENTIK_REDIS__PASSWORD.secretKeyRef.name (2)
string
envValueFrom.AUTHENTIK_EMAIL__FROM.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__FROM.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__HOST.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__HOST.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__PASSWORD.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__PASSWORD.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__PORT.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__PORT.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__USE_TLS.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__USE_TLS.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__USERNAME.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__USERNAME.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_SECRET_KEY.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_SECRET_KEY.secretKeyRef.name (1)
string
fullnameOverride (2)
string
resources.server.requests.cpu (2)
string
resources.server.requests.memory (1)
string
resources.server.limits.cpu (1)
string
resources.server.limits.memory (1)
string
resources.worker.limits.memory (1)
string
resources.worker.requests.cpu (1)
string
resources.worker.requests.memory (1)
string
strategy.rollingUpdate.maxSurge (2)
number
strategy.rollingUpdate.maxUnavailable (2)
number
strategy.type (2)
string
annotations."reloader.stakater.com/auto" (1)
string
autoscaling.server.enabled (1)
boolean
autoscaling.server.minReplicas (1)
number
autoscaling.worker.enabled (1)
boolean
autoscaling.worker.minReplicas (1)
number
env.AUTHENTIK_REDIS__DB (1)
string
kubernetesIntegration (1)
boolean
livenessProbe.enabled (1)
boolean
livenessProbe.httpGet.path (1)
string
livenessProbe.httpGet.port (1)
string
livenessProbe.initialDelaySeconds (1)
number
livenessProbe.periodSeconds (1)
number
nodeSelector.worker (1)
string
postgres.enabled (1)
boolean
readinessProbe.enabled (1)
boolean
readinessProbe.httpGet.path (1)
string
readinessProbe.httpGet.port (1)
string
readinessProbe.initialDelaySeconds (1)
number
readinessProbe.periodSeconds (1)
number
replicaCount (1)
number
securityContext.fsGroup (1)
number