authentik/helm
Jens Langhammer bf7d110af3 Merge branch 'version-2021.4'
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

# Conflicts:
#	.github/workflows/release.yml
#	helm/README.md
#	helm/values.yaml
#	website/docs/installation/kubernetes.md
2021-04-29 23:50:52 +02:00
..
templates root: auto-migrate on startup, lock database using pg_advisory_lock 2021-04-18 14:47:50 +02:00
.helmignore
Chart.lock
Chart.yaml release: 2021.4.5 2021-04-29 23:03:09 +02:00
README.md Merge branch 'version-2021.4' 2021-04-29 23:50:52 +02:00
values.yaml Merge branch 'version-2021.4' 2021-04-29 23:50:52 +02:00

README.md

authentik Helm Chart

Name Default Description
image.name beryju/authentik Image used to run the authentik server and worker
image.name_static beryju/authentik-static Image used to run the authentik static server (CSS and JS Files)
image.name_outposts beryju/authentik-%(type)s:%(version)s Image used for managed outposts. Placeholders: %(type)s: Outpost type; proxy, ldap, etc. %(version)s: Current version; 2021.4.1
image.tag 2021.4.5 Image tag
image.pullPolicy IfNotPresent Image Pull Policy used for all deployments
serverReplicas 1 Replicas for the Server deployment
workerReplicas 1 Replicas for the Worker deployment
kubernetesIntegration true Enable/disable the Kubernetes integration for authentik. This will create a service account for authentik to create and update outposts in authentik
config.secretKey Secret key used to sign session cookies, generate with pwgen 50 1 or openssl rand -base64 36 for example.
config.errorReporting.enabled false Enable/disable error reporting
config.errorReporting.environment customer Environment sent with the error reporting
config.errorReporting.sendPii false Whether to send Personally-identifiable data with the error reporting
config.logLevel warning Log level of authentik
config.email.host localhost SMTP Host Emails are sent to
config.email.port 25 SMTP Port Emails are sent to
config.email.username SMTP Username
config.email.password SMTP Password
config.email.use_tls false Enable StartTLS
config.email.use_ssl false Enable SSL
config.email.timeout 10 SMTP Timeout
config.email.from authentik@localhost Email address authentik will send from, should have a correct @domain
pvc.mode ReadWriteMany Mode that the PVCs are created in (uploads and GeoIP, if enabled)
pvc.uploadsSize 5Gi Size for the uploads PVC
pvc.uploadsStorageClass null Storage class for the uploads PVC (default: use default storage class)
pvc.geoIpSize 1Gi Size for the GeoIP PVC
pvc.geoIpStorageClass null Storage class for the GeoIP PVC (default: use default storage class)
geoip.enabled false Optionally enable GeoIP
geoip.accountId GeoIP MaxMind Account ID
geoip.licenseKey GeoIP MaxMind License key
geoip.image maxmindinc/geoipupdate:latest GeoIP Updater image
backup.accessKey Optionally enable S3 Backup, Access Key
backup.secretKey Optionally enable S3 Backup, Secret Key
backup.bucket Optionally enable S3 Backup, Bucket
backup.region Optionally enable S3 Backup, Region
backup.host Optionally enable S3 Backup, to custom Endpoint like minio
ingress.annotations {} Annotations for the ingress object
ingress.hosts [authentik.k8s.local] Hosts which the ingress will match
ingress.tls [] TLS Configuration, same as Ingress objects
install.postgresql true Enables/disables the packaged PostgreSQL Chart
install.redis true Enables/disables the packaged Redis Chart
postgresql.postgresqlPassword Password used for PostgreSQL, generated automatically.

For more info, see https://goauthentik.io/ and https://goauthentik.io/docs/installation/kubernetes/