2020-11-15 21:42:02 +00:00
---
title: Kubernetes installation
---
2020-12-05 21:08:42 +00:00
For a mid to high-load installation, Kubernetes is recommended. authentik is installed using a helm-chart.
2020-11-15 21:42:02 +00:00
2021-04-17 10:06:21 +01:00
To install authentik using the helm chart, generate a password for the database and the cache, using `pwgen` or `openssl rand -base64 36` .
Create a values.yaml file with a minimum of these settings:
```yaml
postgresql:
postgresqlPassword: "< password you generated > "
redis:
password: "< another password you generated > "
config:
secretKey: "< another password you generated > "
# Optionally configure more things, as seen in the full values.yaml file below.
```
Afterwards, run these commands to install authentik:
2020-11-23 19:50:19 +00:00
```
2020-12-05 21:08:42 +00:00
helm repo add authentik https://docker.beryju.org/chartrepo/authentik
2020-11-23 19:50:19 +00:00
helm repo update
2021-04-17 10:06:21 +01:00
helm install authentik/authentik -f values.yaml
2020-11-23 19:50:19 +00:00
```
2021-04-06 19:25:22 +01:00
This installation automatically applies database migrations on startup. After the installation is done, navigate to the `https://<ingress you've specified>/if/flow/initial-setup/` , to set a password for the akadmin user.
2020-11-15 21:42:02 +00:00
2021-01-04 23:41:10 +00:00
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages ](flow/stages/email/index.md ) to send verification/recovery emails.
2020-11-15 21:42:02 +00:00
```yaml
###################################
2020-12-05 21:08:42 +00:00
# Values directly affecting authentik
2020-11-15 21:42:02 +00:00
###################################
image:
2021-03-12 15:43:31 +00:00
name: beryju/authentik
name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
2021-04-17 14:26:59 +01:00
tag: 2021.4.2
2020-11-15 21:42:02 +00:00
serverReplicas: 1
workerReplicas: 1
2020-12-05 21:08:42 +00:00
# Enable the Kubernetes integration which lets authentik deploy outposts into kubernetes
2020-11-15 21:42:02 +00:00
kubernetesIntegration: true
2021-04-16 11:31:55 +01:00
monitoring: # Optionally deploy Prometheus Rules and ServiceMonitors
enabled: false
pvc:
mode: ReadWriteMany
uploadsSize: 5Gi
2021-04-17 10:06:21 +01:00
uploadsStorageClass: null # null uses the default storage class
2021-04-16 11:31:55 +01:00
geoIpSize: 1Gi
geoIpStorageClass: null
2020-11-15 21:42:02 +00:00
config:
2021-03-12 15:43:31 +00:00
# Optionally specify fixed secret_key, otherwise generated automatically
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
# Enable error reporting
errorReporting:
enabled: false
environment: customer
sendPii: false
# Log level used by web and worker
# Can be either debug, info, warning, error
logLevel: warning
# Global Email settings
email:
# SMTP Host Emails are sent to
host: localhost
port: 25
# Optionally authenticate
username: ""
password: ""
# Use StartTLS
useTls: false
# Use SSL
useSsl: false
timeout: 10
# Email address authentik will send from, should have a correct @domain
from: authentik@localhost
# Enable MaxMind GeoIP
# geoip:
# enabled: false
# accountId: ""
# licenseKey: ""
# image: maxmindinc/geoipupdate:latest
2020-11-15 21:42:02 +00:00
# Enable Database Backups to S3
# backup:
# accessKey: access-key
# secretKey: secret-key
# bucket: s3-bucket
# region: eu-central-1
# host: s3-host
ingress:
2021-03-12 15:43:31 +00:00
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- authentik.k8s.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - authentik.k8s.local
2020-11-15 21:42:02 +00:00
###################################
# Values controlling dependencies
###################################
install:
2021-03-12 15:43:31 +00:00
postgresql: true
redis: true
2020-11-15 21:42:02 +00:00
```