bf7d110af3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # .github/workflows/release.yml # helm/README.md # helm/values.yaml # website/docs/installation/kubernetes.md
48 lines
4.7 KiB
Markdown
48 lines
4.7 KiB
Markdown
# authentik Helm Chart
|
|
|
|
| Name | Default | Description |
|
|
|-----------------------------------|-------------------------|-------------|
|
|
| image.name | beryju/authentik | Image used to run the authentik server and worker |
|
|
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
|
|
| image.name_outposts | beryju/authentik-%(type)s:%(version)s | Image used for managed outposts. Placeholders: %(type)s: Outpost type; proxy, ldap, etc. %(version)s: Current version; 2021.4.1 |
|
|
| image.tag | 2021.4.5 | Image tag |
|
|
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
|
|
| serverReplicas | 1 | Replicas for the Server deployment |
|
|
| workerReplicas | 1 | Replicas for the Worker deployment |
|
|
| kubernetesIntegration | true | Enable/disable the Kubernetes integration for authentik. This will create a service account for authentik to create and update outposts in authentik |
|
|
| config.secretKey | | Secret key used to sign session cookies, generate with `pwgen 50 1` or `openssl rand -base64 36` for example. |
|
|
| config.errorReporting.enabled | false | Enable/disable error reporting |
|
|
| config.errorReporting.environment | customer | Environment sent with the error reporting |
|
|
| config.errorReporting.sendPii | false | Whether to send Personally-identifiable data with the error reporting |
|
|
| config.logLevel | warning | Log level of authentik |
|
|
| config.email.host | localhost | SMTP Host Emails are sent to |
|
|
| config.email.port | 25 | SMTP Port Emails are sent to |
|
|
| config.email.username | | SMTP Username |
|
|
| config.email.password | | SMTP Password |
|
|
| config.email.use_tls | false | Enable StartTLS |
|
|
| config.email.use_ssl | false | Enable SSL |
|
|
| config.email.timeout | 10 | SMTP Timeout |
|
|
| config.email.from | authentik@localhost | Email address authentik will send from, should have a correct @domain |
|
|
| pvc.mode | ReadWriteMany | Mode that the PVCs are created in (uploads and GeoIP, if enabled) |
|
|
| pvc.uploadsSize | 5Gi | Size for the uploads PVC |
|
|
| pvc.uploadsStorageClass | null | Storage class for the uploads PVC (default: use default storage class) |
|
|
| pvc.geoIpSize | 1Gi | Size for the GeoIP PVC |
|
|
| pvc.geoIpStorageClass | null | Storage class for the GeoIP PVC (default: use default storage class) |
|
|
| geoip.enabled | false | Optionally enable GeoIP |
|
|
| geoip.accountId | | GeoIP MaxMind Account ID |
|
|
| geoip.licenseKey | | GeoIP MaxMind License key |
|
|
| geoip.image | maxmindinc/geoipupdate:latest | GeoIP Updater image |
|
|
| backup.accessKey | | Optionally enable S3 Backup, Access Key |
|
|
| backup.secretKey | | Optionally enable S3 Backup, Secret Key |
|
|
| backup.bucket | | Optionally enable S3 Backup, Bucket |
|
|
| backup.region | | Optionally enable S3 Backup, Region |
|
|
| backup.host | | Optionally enable S3 Backup, to custom Endpoint like minio |
|
|
| ingress.annotations | {} | Annotations for the ingress object |
|
|
| ingress.hosts | [authentik.k8s.local] | Hosts which the ingress will match |
|
|
| ingress.tls | [] | TLS Configuration, same as Ingress objects |
|
|
| install.postgresql | true | Enables/disables the packaged PostgreSQL Chart
|
|
| install.redis | true | Enables/disables the packaged Redis Chart
|
|
| postgresql.postgresqlPassword | | Password used for PostgreSQL, generated automatically.
|
|
|
|
For more info, see https://goauthentik.io/ and https://goauthentik.io/docs/installation/kubernetes/
|