Skip to content
Switch branches/tags


Failed to load latest commit information.

authentik logo

Version: 3.2.0 AppVersion: 2021.9.8

authentik is an open-source Identity Provider focused on flexibility and versatility


Example values to get started:

  secret_key: "PleaseGenerateA50CharKey"
  # This sends anonymous usage-data, stack traces on errors and
  # performance data to, and is fully opt-in
    enabled: true
    password: "ThisIsNotASecurePassword"

  enabled: true
    - host: authentik.domain.tld
        - path: "/"
          pathType: Prefix

  enabled: true
  postgresqlPassword: "ThisIsNotASecurePassword"
  enabled: true


Name Email Url

Source Code


Repository Name Version postgresql 10.9.5 redis 15.3.2 common 2.4.0


Key Type Default Description
affinity object {} affinity applied to the deployments
authentik.avatars string "gravatar" Mode for the avatars. Defaults to gravatar. Possible options 'gravatar' and 'none' string "" Email from address, can either be in the format "foo@bar.baz" or "authentik foo@bar.baz" string "" SMTP Server emails are sent from, fully optional string "" SMTP credentials, when left empty, not authentication will be done int 587 int 30 Connection timeout bool false Enable either use_tls or use_ssl, they can't be enabled at the same time. bool false Enable either use_tls or use_ssl, they can't be enabled at the same time. string "" SMTP credentials, when left empty, not authentication will be done
authentik.error_reporting.enabled bool false This sends anonymous usage-data, stack traces on errors and performance data to, and is fully opt-in
authentik.error_reporting.environment string "k8s" This is a string that is sent to sentry with your error reports
authentik.error_reporting.send_pii bool false Send PII (Personally identifiable information) data to sentry
authentik.geoip string "/geoip/GeoLite2-City.mmdb" Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
authentik.log_level string "info" Log level for server and worker
authentik.outposts.docker_image_base string "" Template used for managed outposts. The following placeholders can be used %(type)s - the type of the outpost %(version)s - version of your authentik install %(build_hash)s - only for beta versions, the build hash of the image string {{ .Release.Name }}-postgresql set the postgresql hostname to talk to if unset and .Values.postgresql.enabled == true, will generate the default string authentik postgresql Database name
authentik.postgresql.password string ""
authentik.postgresql.port int 5432
authentik.postgresql.s3_backup.access_key string "" optional S3 backup, access key
authentik.postgresql.s3_backup.bucket string "" optional S3 backup, bucket string "" optional S3 backup, host, including protocol (https://minio.domain.tld)
authentik.postgresql.s3_backup.insecure_skip_verify bool false optional S3 backup, set to true to disable SSL certificate verification
authentik.postgresql.s3_backup.location string "/" optional S3 backup, location in the bucket
authentik.postgresql.s3_backup.region string "" optional S3 backup, region
authentik.postgresql.s3_backup.secret_key string "" optional S3 backup, secret key
authentik.postgresql.user string authentik postgresql Username string {{ .Release.Name }}-redis-master set the redis hostname to talk to
authentik.redis.password string ""
authentik.secret_key string "" Secret key used for cookie singing and unique user IDs, don't change this after the first install
env object {} see configuration options at
envFrom list []
envValueFrom object {}
geoip.accountId string "" sign up under
geoip.editionIds string "GeoLite2-City"
geoip.enabled bool false optional GeoIP, deploys a cronjob to download the maxmind database
geoip.image string "maxmindinc/geoipupdate:v4.8"
geoip.licenseKey string "" sign up under
geoip.updateInterval int 8 number of hours between update runs
image.pullPolicy string "IfNotPresent"
image.pullSecrets list []
image.repository string ""
image.tag string "2021.9.8"
ingress.annotations object {}
ingress.enabled bool false
ingress.hosts[0].host string "authentik.domain.tld"
ingress.hosts[0].paths[0].path string "/"
ingress.hosts[0].paths[0].pathType string "Prefix"
ingress.ingressClassName string ""
ingress.labels object {}
livenessProbe.enabled bool true enables or disables the livenessProbe
livenessProbe.httpGet.path string "/-/health/live/" liveness probe url path
livenessProbe.httpGet.port string "http"
livenessProbe.initialDelaySeconds int 50
livenessProbe.periodSeconds int 10
postgresql.enabled bool false enable the bundled bitnami postgresql chart
postgresql.postgresqlDatabase string "authentik"
postgresql.postgresqlUsername string "authentik"
prometheus.rules.create bool false
prometheus.serviceMonitor.create bool false
prometheus.serviceMonitor.interval string "30s"
prometheus.serviceMonitor.scrapeTimeout string "3s"
readinessProbe.enabled bool true
readinessProbe.httpGet.path string "/-/health/ready/"
readinessProbe.httpGet.port string "http"
readinessProbe.initialDelaySeconds int 50
readinessProbe.periodSeconds int 10
redis.architecture string "standalone"
redis.auth.enabled bool false
redis.enabled bool false enable the bundled bitnami redis chart
replicas int 1 Server replicas
resources.server object {}
resources.worker object {}
service.annotations object {}
service.enabled bool true Service that is created to access authentik
service.labels object {} string "http"
service.port int 80
service.protocol string "TCP"
service.type string "ClusterIP"
serviceAccount.create bool true Service account is needed for managed outposts
volumeMounts list []
volumes list []
worker.replicas int 1 worker replicas