authelia helm

Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.

More popular helm chart found

authelia from bjw-s-labs/charts/ is more popular with 25 repositories.

Install

Install with:

helm repo add authelia oci://ghcr.io/bjw-s-labs/charts/
helm install authelia authelia/authelia -f values.yaml

Examples

See examples from other people.

Top Repositories (2 out of 10)

NameRepoStarsVersionTimestamp
autheliaauricom/home-ops2044.6.26 days ago
autheliaahgraber/homelab-gitops-k3s1094.6.29 days ago

Values

See the most popular values for this chart:

KeyTypes
persistence.config.globalMounts[].path (10)
/config/configuration.yaml
string
persistence.config.globalMounts[].subPath (10)
configuration.yaml
string
persistence.config.globalMounts[].readOnly (9)
true
boolean
persistence.config.name (10)
authelia-config
string
persistence.config.type (10)
configMap
string
persistence.config.enabled (4)
true
boolean
persistence.secret-files.globalMounts[].path (3)
/config/secret
string
persistence.secret-files.name (3)
authelia
string
persistence.secret-files.type (3)
secret
string
persistence.secret-files.enabled (2)
true
boolean
persistence.config-rules.enabled (2)
true
boolean
persistence.config-rules.globalMounts[].path (2)
/config/configuration-rules.yaml
string
persistence.config-rules.globalMounts[].readOnly (2)
true
boolean
persistence.config-rules.globalMounts[].subPath (2)
configuration-rules.yaml
string
persistence.config-rules.name (2)
authelia-config-rules
string
persistence.config-rules.type (2)
configMap
string
persistence.data.existingClaim (2)
authelia
string
persistence.data.globalMounts[].path (2)
/data
string
persistence.db-secret-files.enabled (2)
true
boolean
persistence.db-secret-files.globalMounts[].path (2)
/config/db
string
persistence.db-secret-files.name (2)
authelia-pguser-authelia
string
persistence.db-secret-files.type (2)
secret
string
persistence.dragonfly-secret-files.enabled (2)
true
boolean
persistence.dragonfly-secret-files.globalMounts[].path (2)
/config/dragonfly
string
persistence.dragonfly-secret-files.name (2)
authelia-dragonfly
string
persistence.dragonfly-secret-files.type (2)
secret
string
persistence.tmp.type (2)
emptyDir
string
persistence.secrets.globalMounts[].path (1)
/config/secrets
string
persistence.secrets.globalMounts[].readOnly (1)
true
boolean
persistence.secrets.type (1)
custom
string
persistence.secrets.volumeSpec.projected.sources[].secret.name (1)
authelia
authelia-session
string
controllers.authelia.annotations."reloader.stakater.com/auto" (9)
true
string
controllers.authelia.annotations."reloader.stakater.com/search" (1)
true
string
controllers.authelia.containers.app.env.X_AUTHELIA_CONFIG (9)
/config/configuration.yaml
string
controllers.authelia.containers.app.env.X_AUTHELIA_CONFIG_FILTERS (9)
template
string
controllers.authelia.containers.app.env.AUTHELIA_SERVER_ADDRESS (8)
tcp://0.0.0.0:80
string
controllers.authelia.containers.app.env.AUTHELIA_SERVER_DISABLE_HEALTHCHECK (8)
true
string
controllers.authelia.containers.app.env.AUTHELIA_TELEMETRY_METRICS_ADDRESS (8)
tcp://0.0.0.0:8080
string
controllers.authelia.containers.app.env.AUTHELIA_TELEMETRY_METRICS_ENABLED (8)
true
string
controllers.authelia.containers.app.env.AUTHELIA_THEME (8)
dark
string
controllers.authelia.containers.app.env.AUTHELIA_TOTP_ISSUER (4)
authelia.com
string
controllers.authelia.containers.app.env.TZ (4)
${TIMEZONE}
string
controllers.authelia.containers.app.env.AUTHELIA_LOG_LEVEL (3)
info
string
controllers.authelia.containers.app.env.AUTHELIA_WEBAUTHN_DISABLE (3)
true
string
controllers.authelia.containers.app.env.AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDRESS (2)
ldap://lldap.kube-auth.svc.cluster.local:389
string
controllers.authelia.containers.app.env.AUTHELIA_NOTIFIER_SMTP_SENDER (2)
Authelia <authelia@${SECRET_DOMAIN}>
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_ADDRESS.valueFrom.secretKeyRef.key (2)
HOST
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_ADDRESS.valueFrom.secretKeyRef.name (2)
database-authelia
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_DATABASE.valueFrom.secretKeyRef.key (2)
DATABASE_NAME
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_DATABASE.valueFrom.secretKeyRef.name (2)
database-authelia
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_PASSWORD.valueFrom.secretKeyRef.key (2)
PASSWORD
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_PASSWORD.valueFrom.secretKeyRef.name (2)
database-authelia
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_USERNAME.valueFrom.secretKeyRef.key (2)
LOGIN
string
controllers.authelia.containers.app.env.AUTHELIA_STORAGE_POSTGRES_USERNAME.valueFrom.secretKeyRef.name (2)
database-authelia
string
controllers.authelia.containers.app.env.AUTHELIA_DUO_API_DISABLE (1)
true
string
controllers.authelia.containers.app.image.repository (9)
ghcr.io/authelia/authelia
string
controllers.authelia.containers.app.image.tag (9)
4.39.16@sha256:edbce01c5125249e4f4faea01e0f76f0031d64b4a1d0c2514a0ca69cb126d05f
string
controllers.authelia.containers.app.probes.liveness.enabled (9)
true
boolean
controllers.authelia.containers.app.probes.liveness.custom (8)
true
boolean
controllers.authelia.containers.app.probes.liveness.spec.failureThreshold (8)
3
number
controllers.authelia.containers.app.probes.liveness.spec.httpGet.path (8)
/api/health
string
controllers.authelia.containers.app.probes.liveness.spec.httpGet.port (8)
80
number
controllers.authelia.containers.app.probes.liveness.spec.periodSeconds (8)
10
number
controllers.authelia.containers.app.probes.liveness.spec.timeoutSeconds (8)
1
number
controllers.authelia.containers.app.probes.liveness.spec.initialDelaySeconds (7)
0
number
controllers.authelia.containers.app.probes.readiness.enabled (9)
true
boolean
controllers.authelia.containers.app.probes.readiness.custom (8)
true
boolean
controllers.authelia.containers.app.probes.readiness.spec.failureThreshold (8)
3
number
controllers.authelia.containers.app.probes.readiness.spec.httpGet.path (8)
/api/health
string
controllers.authelia.containers.app.probes.readiness.spec.httpGet.port (8)
80
number
controllers.authelia.containers.app.probes.readiness.spec.periodSeconds (8)
10
number
controllers.authelia.containers.app.probes.readiness.spec.timeoutSeconds (8)
1
number
controllers.authelia.containers.app.probes.readiness.spec.initialDelaySeconds (7)
0
number
controllers.authelia.containers.app.probes.startup.enabled (5)
false
boolean
controllers.authelia.containers.app.probes.startup.spec.failureThreshold (1)
30
number
controllers.authelia.containers.app.probes.startup.spec.periodSeconds (1)
5
number
controllers.authelia.containers.app.resources.limits.memory (9)
128Mi
string
controllers.authelia.containers.app.resources.limits.cpu (1)
1
number
controllers.authelia.containers.app.resources.requests.cpu (9)
10m
string
controllers.authelia.containers.app.resources.requests.memory (7)
32Mi
string
controllers.authelia.containers.app.envFrom[].secretRef.name (6)
authelia
string
controllers.authelia.containers.app.securityContext.allowPrivilegeEscalation (4)
false
boolean
controllers.authelia.containers.app.securityContext.capabilities.drop[] (4)
- ALL
string
controllers.authelia.containers.app.securityContext.readOnlyRootFilesystem (4)
true
boolean
controllers.authelia.containers.main.image.repository (1)
ghcr.io/authelia/authelia
string
controllers.authelia.containers.main.image.tag (1)
4.39.16
string
controllers.authelia.containers.main.probes.liveness.enabled (1)
true
boolean
controllers.authelia.containers.main.probes.readiness.enabled (1)
true
boolean
controllers.authelia.containers.main.probes.startup.enabled (1)
true
boolean
controllers.authelia.containers.main.probes.startup.spec.failureThreshold (1)
30
number
controllers.authelia.containers.main.probes.startup.spec.periodSeconds (1)
5
number
controllers.authelia.containers.main.resources.requests.cpu (1)
1m
string
controllers.authelia.containers.main.resources.requests.memory (1)
50Mi
string
controllers.authelia.replicas (9)
3
number
controllers.authelia.strategy (9)
RollingUpdate
string
controllers.authelia.defaultContainerOptions.securityContext.allowPrivilegeEscalation (3)
false
boolean
controllers.authelia.defaultContainerOptions.securityContext.capabilities.drop[] (3)
- ALL
string
controllers.authelia.defaultContainerOptions.securityContext.readOnlyRootFilesystem (3)
true
boolean
controllers.authelia.defaultContainerOptions.envFrom[].secretRef.name (1)
authelia-secret
string
controllers.authelia.initContainers.init-db.image.repository (3)
ghcr.io/home-operations/postgres-init
string
controllers.authelia.initContainers.init-db.image.tag (3)
18.3.0@sha256:6fa1f331cddd2eb0b6afa7b8d3685c864127a81ab01c3d9400bc3ff5263a51cf
string, number
controllers.authelia.initContainers.init-db.envFrom[].secretRef.name (2)
authelia-secret
string
controllers.authelia.pod.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/name" (3)
authelia
string
controllers.authelia.pod.topologySpreadConstraints[].maxSkew (3)
1
number
controllers.authelia.pod.topologySpreadConstraints[].topologyKey (3)
kubernetes.io/hostname
string
controllers.authelia.pod.topologySpreadConstraints[].whenUnsatisfiable (3)
DoNotSchedule
string
controllers.authelia.pod.annotations."k8s.ksgate.org/postgres" (2)
{ "apiVersion": "apps/v1", "kind": "Deployment", "name": "authelia-pgbouncer", "expression": "resource.status.updatedReplicas >= 1" }
string
controllers.authelia.pod.enableServiceLinks (2)
false
boolean
controllers.authelia.pod.schedulingGates[].name (2)
k8s.ksgate.org/postgres
string
controllers.authelia.pod.securityContext.runAsGroup (2)
65534
number
controllers.authelia.pod.securityContext.runAsNonRoot (2)
true
boolean
controllers.authelia.pod.securityContext.runAsUser (2)
65534
number
controllers.authelia.defaultContainerOptionsStrategy (1)
merge
string
service.app.ports.http.port (9)
80
number
service.app.ports.http.primary (4)
true
boolean
service.app.ports.metrics.port (9)
8080
number
service.app.ports.metrics.enabled (1)
true
boolean
service.app.controller (5)
authelia
string
service.main.controller (1)
authelia
string
service.main.ports.http.port (1)
9091
number
serviceMonitor.app.endpoints[].port (9)
metrics
string
serviceMonitor.app.endpoints[].interval (7)
1m
string
serviceMonitor.app.endpoints[].path (7)
/metrics
string
serviceMonitor.app.endpoints[].scheme (7)
http
string
serviceMonitor.app.endpoints[].scrapeTimeout (7)
10s
string
serviceMonitor.app.serviceName (7)
authelia
string
serviceMonitor.app.enabled (3)
true
boolean
defaultPodOptions.securityContext.runAsGroup (8)
65534
number
defaultPodOptions.securityContext.runAsUser (8)
65534
number
defaultPodOptions.securityContext.runAsNonRoot (7)
true
boolean
defaultPodOptions.securityContext.fsGroupChangePolicy (6)
OnRootMismatch
string
defaultPodOptions.securityContext.seccompProfile.type (6)
RuntimeDefault
string
defaultPodOptions.securityContext.fsGroup (4)
568
number
defaultPodOptions.enableServiceLinks (5)
false
boolean
defaultPodOptions.automountServiceAccountToken (3)
false
boolean
defaultPodOptions.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/name" (3)
authelia
string
defaultPodOptions.topologySpreadConstraints[].maxSkew (3)
1
number
defaultPodOptions.topologySpreadConstraints[].topologyKey (3)
kubernetes.io/hostname
string
defaultPodOptions.topologySpreadConstraints[].whenUnsatisfiable (3)
DoNotSchedule
string
route.app.hostnames[] (6)
- auth.${DOMAIN_NAME}
string
route.app.parentRefs[].name (6)
envoy
string
route.app.parentRefs[].namespace (6)
network
string
route.app.parentRefs[].sectionName (3)
https
string
route.app.rules[].backendRefs[].port (4)
80
number
route.app.rules[].backendRefs[].identifier (3)
app
string
route.app.rules[].backendRefs[].name (1)
authelia
string
route.app.rules[].filters[].requestHeaderModifier.add[].name (1)
Cache-Control
Pragma
X-Frame-Options
X-XSS-Protection
string
route.app.rules[].filters[].requestHeaderModifier.add[].value (1)
no-store
no-cache
SAMEORIGIN
1; mode=block
string
route.app.rules[].filters[].type (1)
RequestHeaderModifier
string
route.app.annotations."gatus.home-operations.com/enabled" (2)
conditions: ['[STATUS] == 200'] group: auth
string
route.app.annotations."gatus.home-operations.com/endpoint" (1)
conditions: ["[STATUS] == any(200,401)"]
string
route.main.hostnames[] (2)
- auth.rphilipsen.nl
string
route.main.parentRefs[].name (2)
external
string
route.main.parentRefs[].namespace (2)
network
string
route.main.parentRefs[].sectionName (1)
https
string
route.main.rules[].backendRefs[].name (2)
authelia
string
route.main.rules[].backendRefs[].port (2)
9091
number
route.main.annotations."gatus.home-operations.com/endpoint" (1)
conditions: ["[STATUS] == 200"]
string
route.external.hostnames[] (1)
- auth.${SECRET_DOMAIN}
string
route.external.parentRefs[].name (1)
envoy-external
string
route.external.parentRefs[].namespace (1)
network
string
route.external.parentRefs[].sectionName (1)
https
string
route.external.rules[].backendRefs[].identifier (1)
app
string
route.external.rules[].backendRefs[].port (1)
9091
number
route.external.rules[].matches[].path.type (1)
PathPrefix
string
route.external.rules[].matches[].path.value (1)
/
string
route.internal.annotations."external-dns.alpha.kubernetes.io/controller" (1)
none
string
route.internal.hostnames[] (1)
- auth.${SECRET_DOMAIN}
string
route.internal.parentRefs[].name (1)
envoy-internal
string
route.internal.parentRefs[].namespace (1)
network
string
route.internal.parentRefs[].sectionName (1)
https
string
route.internal.rules[].backendRefs[].identifier (1)
app
string
route.internal.rules[].backendRefs[].port (1)
9091
number
route.internal.rules[].matches[].path.type (1)
PathPrefix
string
route.internal.rules[].matches[].path.value (1)
/
string
ingress.app.annotations."nginx.ingress.kubernetes.io/configuration-snippet" (1)
add_header Cache-Control "no-store"; add_header Pragma "no-cache"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block";
string
ingress.app.annotations."nginx.ingress.kubernetes.io/cors-allow-origin" (1)
*
string
ingress.app.annotations."nginx.ingress.kubernetes.io/enable-cors" (1)
true
string
ingress.app.className (1)
external
string
ingress.app.hosts[].host (1)
auth.mcgrath.nz
string
ingress.app.hosts[].paths[].path (1)
/
string
ingress.app.hosts[].paths[].service.identifier (1)
app
string
ingress.app.hosts[].paths[].service.port (1)
http
string
ingress.app.tls[].hosts[] (1)
- auth.mcgrath.nz
string