authentik helm

No introduction found. Create it?

Install

Install with:

helm repo add authentik https://charts.goauthentik.io/
helm install authentik authentik/authentik -f values.yaml

Examples

See examples from other people.

Top Repositories (5 out of 47)

NameRepoStarsVersionTimestamp
authentikh3mmy/bloopySphere622025.6.42 hours ago
authentikaxeII/home-ops472025.10.13 days ago
authentikbo0tzz/kube362025.10.14 days ago
authentikangelnu/k8s-gitops1802025.10.07 days ago
authentiksamip5/k8s-cluster1422025.4.06 months ago

Values

See the most popular values for this chart:

KeyTypes
server.ingress.enabled (32)
true
boolean
server.ingress.hosts[] (29)
- auth.${SECRET_DOMAIN}
string
server.ingress.ingressClassName (25)
external
string
server.ingress.tls[].hosts[] (24)
- auth.${SECRET_DOMAIN}
string
server.ingress.tls[].secretName (13)
authentik-tls
string
server.ingress.annotations."external-dns.alpha.kubernetes.io/target" (14)
external.${SECRET_DOMAIN}
string
server.ingress.annotations."cert-manager.io/cluster-issuer" (8)
letsencrypt-production
string
server.ingress.annotations."hajimari.io/icon" (7)
shield-lock
string
server.ingress.annotations."hajimari.io/enable" (6)
true
string
server.ingress.annotations."hajimari.io/group" (4)
string
server.ingress.annotations."nginx.ingress.kubernetes.io/proxy-read-timeout" (4)
3600
string
server.ingress.annotations."nginx.ingress.kubernetes.io/proxy-send-timeout" (4)
3600
string
server.ingress.annotations."gethomepage.dev/enabled" (3)
true
string
server.ingress.annotations."gethomepage.dev/group" (3)
string
server.ingress.annotations."gethomepage.dev/icon" (3)
string
server.ingress.annotations."gethomepage.dev/name" (3)
Authentik
string
server.ingress.annotations."gethomepage.dev/pod-selector" (3)
string
server.ingress.annotations."nginx.ingress.kubernetes.io/enable-global-auth" (3)
false
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (3)
websecure
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (3)
string
server.ingress.annotations."external-dns.home.arpa/enabled" (2)
string
server.ingress.annotations."gatus.io/enabled" (2)
string
server.ingress.annotations."gethomepage.dev/description" (2)
string
server.ingress.annotations."gethomepage.dev/siteMonitor" (2)
string
server.ingress.annotations."kubernetes.io/ingress.class" (2)
string
server.ingress.annotations."nginx.org/websocket-services" (2)
string
server.ingress.annotations."coredns.io/hostname" (1)
string
server.ingress.annotations.external-dns/is-public (1)
string
server.ingress.annotations."external-dns.target/enabled" (1)
string
server.ingress.annotations."gethomepage.dev/widget.key" (1)
string
server.ingress.annotations."gethomepage.dev/widget.type" (1)
string
server.ingress.annotations."gethomepage.dev/widget.url" (1)
string
server.ingress.annotations."hajimari.io/appName" (1)
string
server.ingress.annotations."hajimari.io/info" (1)
string
server.ingress.annotations."hajimari.io/instance" (1)
string
server.ingress.annotations."hajimari.io/url" (1)
string
server.ingress.annotations."haproxy.org/allow-list" (1)
string
server.ingress.annotations."haproxy.org/response-set-header" (1)
string
server.ingress.annotations."haproxy.org/ssl-redirect-port" (1)
string
server.ingress.annotations."nginx.ingress.kubernetes.io/proxy-buffer-size" (1)
string
server.ingress.paths[] (8)
- /
string
server.ingress.pathType (3)
Prefix
string
server.ingress.https (2)
boolean
server.metrics.serviceMonitor.enabled (25)
true
boolean, string
server.metrics.serviceMonitor.create (1)
boolean
server.metrics.enabled (18)
true
boolean
server.metrics.prometheus.serviceMonitor.enabled (4)
true
boolean
server.metrics.prometheus.serviceMonitor.namespace (1)
string
server.metrics.metrics.enabled (1)
boolean
server.replicas (22)
1
number
server.initContainers[].image (18)
ghcr.io/home-operations/postgres-init:17.6
string
server.initContainers[].name (18)
init-db
string
server.initContainers[].envFrom[].secretRef.name (17)
authentik-secret
string
server.initContainers[].imagePullPolicy (4)
IfNotPresent
string
server.initContainers[].env[].name (1)
string
server.initContainers[].env[].value (1)
string
server.initContainers[].env[].valueFrom.secretKeyRef.key (1)
string
server.initContainers[].env[].valueFrom.secretKeyRef.name (1)
string
server.initContainers[].limits.memory (1)
string
server.initContainers[].requests.cpu (1)
string
server.initContainers[].requests.memory (1)
string
server.resources.requests.cpu (17)
50m
string
server.resources.requests.memory (15)
500Mi
string
server.resources.limits.memory (14)
800Mi
string
server.resources.limits.cpu (2)
string
server.autoscaling.enabled (5)
true
boolean
server.autoscaling.minReplicas (5)
1
number
server.autoscaling.maxReplicas (3)
number
server.autoscaling.targetCPUUtilizationPercentage (1)
number
server.pdb.enabled (5)
true
boolean
server.pdb.maxUnavailable (4)
1
number
server.pdb.minAvailable (4)
1
number
server.volumeMounts[].mountPath (4)
string
server.volumeMounts[].name (4)
string
server.volumeMounts[].subPath (1)
string
server.volumes[].name (3)
string
server.volumes[].persistentVolumeClaim.claimName (2)
string
server.volumes[].configMap.name (1)
string
server.containerSecurityContext.allowPrivilegeEscalation (2)
boolean
server.containerSecurityContext.capabilities.drop[] (2)
string
server.containerSecurityContext.runAsNonRoot (2)
boolean
server.containerSecurityContext.readOnlyRootFilesystem (1)
boolean
server.containerSecurityContext.seccompProfile.type (1)
string
server.containerSecurityContext.seccomProfile.type (1)
string
server.route.main.enabled (2)
boolean
server.route.main.hostnames[] (2)
string
server.route.main.parentRefs[].name (2)
string
server.route.main.parentRefs[].namespace (2)
string
server.route.main.parentRefs[].sectionName (2)
string
server.route.main.parentRefs[].group (1)
string
server.route.main.parentRefs[].kind (1)
string
server.route.main.annotations."external-dns.alpha.kubernetes.io/target" (1)
string
server.startupProbe.initialDelaySeconds (2)
number
server.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchLabels."app.kubernetes.io/component" (1)
string
server.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.labelSelector.matchLabels."app.kubernetes.io/name" (1)
string
server.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].podAffinityTerm.topologyKey (1)
string
server.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[].weight (1)
number
server.annotations."secret.reloader.stakater.com/reload" (1)
string
server.dnsConfig.options[].name (1)
string
server.dnsConfig.options[].value (1)
string
server.initContainers.init-db.envFrom[].secretRef.name (1)
string
server.initContainers.init-db.image.repository (1)
string
server.initContainers.init-db.image.tag (1)
number
server.livenessProbe.initialDelaySeconds (1)
number
server.podLabels."endpoints.netpols.home.arpa/external-ingress-enabled" (1)
string
server.probes.readiness.enabled (1)
boolean
server.probes.readiness.spec.failureThreshold (1)
number
server.probes.readiness.spec.initialDelaySeconds (1)
number
server.probes.readiness.spec.periodSeconds (1)
number
server.probes.readiness.spec.timeoutSeconds (1)
number
server.readinessProbe.initialDelaySeconds (1)
number
server.revisionHistoryLimit (1)
number
server.securityContext.runAsGroup (1)
number
server.securityContext.runAsUser (1)
number
server.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (1)
string
server.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)
string
server.topologySpreadConstraints[].maxSkew (1)
number
server.topologySpreadConstraints[].topologyKey (1)
string
server.topologySpreadConstraints[].whenUnsatisfiable (1)
string
authentik.redis.host (27)
dragonfly.database.svc.cluster.local
string
authentik.redis.db (6)
1
number
authentik.redis.password (6)

string
authentik.redis.port (1)
number
authentik.log_level (23)
debug
string
authentik.email.port (18)
25
number, string
authentik.email.from (16)
string
authentik.email.host (14)
smtp-relay.default.svc.cluster.local
string
authentik.email.use_tls (13)
false
boolean, string
authentik.email.use_ssl (7)
false
string, boolean
authentik.email.timeout (4)
30
string, number
authentik.email.password (2)
string
authentik.email.username (2)
string
authentik.error_reporting.enabled (17)
false
boolean
authentik.error_reporting.send_pii (13)
false
boolean
authentik.error_reporting.enable (7)
false
boolean
authentik.error_reporting.environment (4)
string
authentik.error_reporting.sample_rate (2)
number
authentik.error_reporting.sentry_dsn (2)
string
authentik.postgresql.name (13)
authentik
string
authentik.postgresql.user (13)
authentik
string
authentik.postgresql.host (10)
string
authentik.postgresql.password (9)
string
authentik.postgresql.port (6)
5432
number, string
authentik.postgresql.enabled (3)
true
boolean
authentik.postgresql.read_replicas.0.host (1)
string
authentik.postgresql.read_replicas.0.port (1)
number
authentik.postgresql.s3_backup.access_key (1)
string
authentik.postgresql.s3_backup.bucket (1)
string
authentik.postgresql.s3_backup.host (1)
string
authentik.postgresql.s3_backup.secret_key (1)
string
authentik.postgresql.sslmode (1)
string
authentik.avatars (7)
gravatar,initials
string
authentik.outposts.container_image_base (7)
ghcr.io/goauthentik/%(type)s:%(version)s
string
authentik.outposts.docker_image_base (5)
ghcr.io/goauthentik/%(type)s:%(version)s
string
authentik.secret_key (7)
${SECRET_AUTHENTIK_SECRET_KEY}
string
authentik.compliance.fips.enabled (2)
boolean
authentik.disable_startup_analytics (2)
boolean
authentik.footer_links (1)
string
authentik.security_key (1)
string
authentik.session_storage (1)
string
redis.enabled (27)
true
boolean
redis.auth.enabled (4)
boolean
redis.auth.password (1)
string
redis.metrics.enabled (4)
true
boolean
redis.metrics.serviceMonitor.enabled (4)
true
boolean
redis.metrics.resources.limits.memory (1)
string
redis.metrics.resources.requests.cpu (1)
string
redis.metrics.resources.requests.memory (1)
string
redis.persistence.enabled (4)
false
boolean
redis.master.persistence.enabled (3)
boolean
redis.master.persistence.size (1)
string
redis.master.persistence.storageClass (1)
string
redis.master.resources.limits.cpu (1)
number
redis.master.resources.limits.ephemeral-storage (1)
string
redis.master.resources.limits.memory (1)
string
redis.master.resources.requests.cpu (1)
string
redis.master.resources.requests.ephemeral-storage (1)
string
redis.master.resources.requests.memory (1)
string
redis.master.resourcesPreset (1)
string
redis.master.securityContext.enabled (1)
boolean
redis.commonConfiguration (1)
string
redis.global.defaultStorageClass (1)
string
redis.global.imageRegistry (1)
string
redis.global.storageClass (1)
string
redis.networkPolicy.extraIngress[].ports[].port (1)
number
redis.networkPolicy.extraIngress[].ports[].protocol (1)
string
redis.redis.useAOFPersistence (1)
string
global.envFrom[].secretRef.name (25)
authentik-secret
string
global.envFrom[].configMapRef.name (1)
string
global.deploymentStrategy.type (12)
RollingUpdate
string
global.deploymentStrategy.rollingUpdate.maxSurge (1)
number
global.deploymentStrategy.rollingUpdate.maxUnavailable (1)
number
global.volumes[].name (12)
custom-css
string
global.volumes[].configMap.name (9)
authentik-custom-css
string
global.volumes[].configMap.defaultMode (1)
number
global.volumes[].secret.secretName (4)
string
global.volumes[].secret.items[].key (3)
string
global.volumes[].secret.items[].path (3)
string
global.volumes[].secret.optional (2)
boolean
global.volumes[].secret.defaultMode (1)
number
global.volumes[].persistentVolumeClaim.claimName (1)
string
global.volumes[].projected.defaultMode (1)
number
global.volumes[].projected.sources[].configMap.items[].key (1)
string
global.volumes[].projected.sources[].configMap.items[].path (1)
string
global.volumes[].projected.sources[].configMap.name (1)
string
global.deploymentAnnotations."secret.reloader.stakater.com/reload" (11)
authentik-secret
string
global.volumeMounts[].mountPath (11)
string
global.volumeMounts[].name (11)
string
global.volumeMounts[].subPath (5)
custom.css
string
global.volumeMounts[].readOnly (3)
boolean
global.env[].name (10)
string
global.env[].value (5)
string
global.env[].valueFrom.secretKeyRef.key (5)
string
global.env[].valueFrom.secretKeyRef.name (5)
string
global.image.repository (6)
ghcr.io/goauthentik/server
string
global.image.tag (5)
string
global.image.pullPolicy (1)
string
global.podAnnotations."secret.reloader.stakater.com/reload" (5)
authentik-secret
string
global.podAnnotations."reloader.stakater.com/auto" (4)
true
string
global.addPrometheusAnnotations (3)
boolean, string
global.fullnameOverride (3)
authentik
string
global.storageClass (3)
string
global.securityContext.fsGroup (2)
number
global.securityContext.fsGroupChangePolicy (1)
string
global.securityContext.runAsGroup (1)
number
global.securityContext.runAsUser (1)
number
global.affinity.nodeAffinity.matchExpressions[].key (1)
string
global.affinity.nodeAffinity.matchExpressions[].operator (1)
string
global.affinity.nodeAffinity.matchExpressions[].values[] (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[].key (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[].operator (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].preference.matchExpressions[].values[] (1)
string
global.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[].weight (1)
number
global.affinity.nodeAffinity.type (1)
string
global.podLabels."endpoints.netpols.home.arpa/email-sender" (1)
string
global.podLabels."spiffe.bloopysphere.arpa/enabled" (1)
string
global.postgresql.host (1)
string
global.postgresql.port (1)
number
global.postgresql.read_replicas.0.host (1)
string
global.postgresql.read_replicas.0.port (1)
number
global.priorityClassName (1)
string
global.redis.host (1)
string
global.redis.password (1)
string
global.revisionHistoryLimit (1)
number
global.topologySpreadConstraints[].maxSkew (1)
number
global.topologySpreadConstraints[].topologyKey (1)
string
global.topologySpreadConstraints[].whenUnsatisfiable (1)
string
prometheus.rules.enabled (23)
true
boolean, string
prometheus.rules.create (2)
boolean
prometheus.serviceMonitor.create (2)
boolean
prometheus.serviceMonitor.interval (1)
string
prometheus.serviceMonitor.scrapeTimeout (1)
string
postgresql.enabled (22)
false
boolean
postgresql.image.tag (4)
string
postgresql.image.registry (2)
string
postgresql.image.repository (2)
string
postgresql.metrics.enabled (3)
true
boolean
postgresql.metrics.serviceMonitor.enabled (3)
true
boolean
postgresql.global.imageRegistry (2)
string
postgresql.postgresqlPassword (2)
string
postgresql.primary.networkPolicy.extraIngress[].ports[].port (2)
number
postgresql.primary.networkPolicy.extraIngress[].ports[].protocol (2)
string
postgresql.primary.persistence.enabled (1)
boolean
postgresql.primary.persistence.size (1)
string
postgresql.primary.persistence.storageClass (1)
string
postgresql.auth.existingSecret (1)
string
postgresql.persistence.enabled (1)
boolean
postgresql.persistence.existingClaim (1)
string
postgresql.postgresqlDatabase (1)
string
postgresql.postgresqlUsername (1)
string
worker.replicas (21)
1
number
worker.resources.requests.cpu (14)
50m
string
worker.resources.requests.memory (14)
500Mi
string
worker.resources.limits.memory (13)
1200Mi
string
worker.resources.limits.cpu (1)
string
worker.autoscaling.enabled (4)
true
boolean
worker.autoscaling.maxReplicas (4)
3
number
worker.autoscaling.minReplicas (4)
number
worker.autoscaling.targetCPUUtilizationPercentage (2)
number
worker.metrics.enabled (4)
true
boolean
worker.metrics.serviceMonitor.enabled (4)
true
boolean
worker.metrics.prometheus.serviceMonitor.enabled (2)
boolean
worker.pdb.enabled (3)
boolean
worker.pdb.minAvailable (3)
1
number
worker.pdb.maxUnavailable (2)
number
worker.containerSecurityContext.allowPrivilegeEscalation (2)
boolean
worker.containerSecurityContext.capabilities.drop[] (2)
string
worker.containerSecurityContext.runAsNonRoot (2)
boolean
worker.containerSecurityContext.readOnlyRootFilesystem (1)
boolean
worker.containerSecurityContext.seccompProfile.type (1)
string
worker.containerSecurityContext.seccomProfile.type (1)
string
worker.startupProbe.initialDelaySeconds (2)
number
worker.annotations."secret.reloader.stakater.com/reload" (1)
string
worker.extraContainers[].env[].name (1)
string
worker.extraContainers[].env[].value (1)
string
worker.extraContainers[].image (1)
string
worker.extraContainers[].name (1)
string
worker.extraContainers[].volumeMounts[].mountPath (1)
string
worker.extraContainers[].volumeMounts[].name (1)
string
worker.livenessProbe.initialDelaySeconds (1)
number
worker.name (1)
string
worker.probes.liveness.enabled (1)
boolean
worker.probes.liveness.spec.timeoutSeconds (1)
number
worker.probes.readiness.enabled (1)
boolean
worker.probes.readiness.spec.timeoutSeconds (1)
number
worker.probes.startup.enabled (1)
boolean
worker.probes.startup.spec.timeoutSeconds (1)
number
worker.readinessProbe.initialDelaySeconds (1)
number
worker.revisionHistoryLimit (1)
number
worker.serviceAccount.create (1)
boolean
worker.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (1)
string
worker.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)
string
worker.topologySpreadConstraints[].maxSkew (1)
number
worker.topologySpreadConstraints[].topologyKey (1)
string
worker.topologySpreadConstraints[].whenUnsatisfiable (1)
string
worker.volumeMounts[].mountPath (1)
string
worker.volumeMounts[].name (1)
string
worker.volumes[].name (1)
string
geoip.enabled (11)
false
boolean
geoip.existingSecret.secretName (8)
authentik-secret
string
geoip.existingSecret.accountId (7)
MAXMIND_ACCOUNT_ID
string
geoip.existingSecret.licenseKey (7)
MAXMIND_LICENSE_KEY
string
geoip.editionIds (2)
string
geoip.updateInterval (2)
number
geoip.accountId (1)
string
geoip.licenseKey (1)
string
ingress.enabled (4)
true
boolean
ingress.hosts[].host (4)
string
ingress.hosts[].paths[].path (4)
/
string
ingress.hosts[].paths[].pathType (2)
string
ingress.ingressClassName (4)
string
ingress.tls[].hosts[] (3)
string
ingress.tls[].secretName (2)
string
ingress.annotations."hajimari.io/icon" (2)
string
ingress.annotations."cert-manager.io/cluster-issuer" (1)
string
ingress.annotations."external-dns.alpha.kubernetes.io/target" (1)
string
ingress.annotations."hajimari.io/appName" (1)
string
ingress.annotations."hajimari.io/enable" (1)
string
ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
string
fullnameOverride (3)
authentik
string
serviceAccount.create (3)
true
boolean
serviceAccount.fullnameOverride (2)
string
serviceAccount.nameOverride (2)
string
serviceAccount.serviceAccountSecret.enabled (2)
boolean
image.repository (2)
string
image.tag (2)
string
image.pullPolicy (1)
string
backups.destinationPath (1)
string
backups.enabled (1)
boolean
backups.endpointURL (1)
string
backups.provider (1)
string
backups.retentionPolicy (1)
string
backups.s3.accessKey (1)
string
backups.s3.secretKey (1)
string
backups.scheduledBackups[].backupOwnerReference (1)
string
backups.scheduledBackups[].name (1)
string
backups.scheduledBackups[].schedule (1)
string
backups.wal.compression (1)
string
cluster.affinity.enablePodAntiAffinity (1)
boolean
cluster.affinity.podAntiAffinityType (1)
string
cluster.affinity.topologyKey (1)
string
cluster.instances (1)
number
cluster.monitoring.enabled (1)
boolean
cluster.storage.size (1)
string
cluster.storage.storageClass (1)
string
cluster.walStorage.size (1)
string
cluster.walStorage.storageClass (1)
string
envValueFrom.AUTHENTIK_EMAIL__FROM.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__FROM.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__HOST.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__HOST.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__PASSWORD.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__PASSWORD.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__PORT.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__PORT.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__USE_TLS.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__USE_TLS.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_EMAIL__USERNAME.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_EMAIL__USERNAME.secretKeyRef.name (1)
string
envValueFrom.AUTHENTIK_SECRET_KEY.secretKeyRef.key (1)
string
envValueFrom.AUTHENTIK_SECRET_KEY.secretKeyRef.name (1)
string
kubernetesIntegration (1)
boolean
postgres.enabled (1)
boolean
route.app.hostnames[] (1)
string
route.app.parentRefs[].name (1)
string
route.app.parentRefs[].namespace (1)
string
route.app.parentRefs[].sectionName (1)
string
route.app.rules[].backendRefs[].identifier (1)
string
route.app.rules[].backendRefs[].port (1)
number
securityContext.fsGroup (1)
number
volumeMounts[].mountPath (1)
string
volumeMounts[].name (1)
string
volumes[].name (1)
string
volumes[].persistentVolumeClaim.claimName (1)
string