image: repository: tccr.io/truecharts/authentik tag: v2022.5.2@sha256:b855ebfa2f3e5e9e0cbba75b623ef092066e4bc352c5edb4187058c6439b5f8e pullPolicy: IfNotPresent geoipImage: repository: tccr.io/truecharts/geoipupdate tag: v4.9@sha256:8466b52179d789f1ea00f80ac102b936397250b93d4ab4302e6e6dd5713694e5 pullPolicy: IfNotPresent extraArgs: ["server"] podSecurityContext: runAsUser: 1000 runAsGroup: 1000 secret: AK_ADMIN_PASS: "supersecret" AK_ADMIN_TOKEN: "supersecretapitoken" env: AUTHENTIK_POSTGRESQL__NAME: "{{ .Values.postgresql.postgresqlDatabase }}" AUTHENTIK_POSTGRESQL__USER: "{{ .Values.postgresql.postgresqlUsername }}" AUTHENTIK_POSTGRESQL__PORT: "5432" AUTHENTIK_REDIS__PORT: "6379" # User Defined AUTHENTIK_DISABLE_UPDATE_CHECK: false AUTHENTIK_DEFAULT_USER_CHANGE_NAME: true AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: true AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: true AUTHENTIK_GDPR_COMPLIANCE: true AUTHENTIK_IMPERSONATION: true AUTHENTIK_DISABLE_STARTUP_ANALYTICS: false AUTHENTIK_ERROR_REPORTING__ENABLED: false AUTHENTIK_ERROR_REPORTING__SEND_PII: false AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: " " AUTHENTIK_DEFAULT_TOKEN_LENGTH: 128 AUTHENTIK_AVATARS: "gravatar" AUTHENTIK_LOG_LEVEL: "warning" AUTHENTIK_EMAIL__HOST: "" AUTHENTIK_EMAIL__PORT: 25 AUTHENTIK_EMAIL__USERNAME: "" AUTHENTIK_EMAIL__PASSWORD: "" AUTHENTIK_EMAIL__USE_TLS: false AUTHENTIK_EMAIL__USE_SSL: false AUTHENTIK_EMAIL__TIMEOUT: 10 AUTHENTIK_EMAIL__FROM: "" envValueFrom: AUTHENTIK_POSTGRESQL__HOST: secretKeyRef: name: dbcreds key: plainhost AUTHENTIK_POSTGRESQL__PASSWORD: secretKeyRef: name: dbcreds key: postgresql-password AUTHENTIK_REDIS__HOST: secretKeyRef: name: rediscreds key: plainhost AUTHENTIK_REDIS__PASSWORD: secretKeyRef: name: rediscreds key: redis-password AUTHENTIK_SECRET_KEY: secretKeyRef: name: authentik-secrets key: AUTHENTIK_SECRET_KEY geoip: # Set image's frequence to 0, so it executes once and exits. GEOIPUPDATE_FREQUENCY: 0 # User Defined ENABLE_GEOIPUPDATER: false # How often should we run the cronjob to update geoip freqhours: 8 GEOIPUPDATE_ACCOUNT_ID: "" GEOIPUPDATE_LICENSE_KEY: "" GEOIPUPDATE_EDITION_IDS: "GeoIP2-City" GEOIPUPDATE_HOST: "updates.maxmind.com" GEOIPUPDATE_PRESERVE_FILE_TIMES: 0 probes: liveness: path: "/-/health/live" readiness: path: "/-/health/ready" service: main: ports: main: port: 10230 targetPort: 9000 https: enabled: true ports: https: enabled: true protocol: "HTTPS" port: 10229 targetPort: 9443 additionalContainers: worker: name: worker image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" args: ["worker"] volumeMounts: - name: media mountPath: "/media" - name: templates mountPath: "/templates" - name: certs mountPath: "/certs" - name: geoip mountPath: "/geoip" env: - name: AUTHENTIK_REDIS__PORT value: "6379" - name: AUTHENTIK_REDIS__HOST valueFrom: secretKeyRef: name: rediscreds key: plainhost - name: AUTHENTIK_REDIS__PASSWORD valueFrom: secretKeyRef: name: rediscreds key: redis-password - name: AUTHENTIK_POSTGRESQL__NAME value: "{{ .Values.postgresql.postgresqlDatabase }}" - name: AUTHENTIK_POSTGRESQL__USER value: "{{ .Values.postgresql.postgresqlUsername }}" - name: AUTHENTIK_POSTGRESQL__PORT value: "5432" - name: AUTHENTIK_POSTGRESQL__HOST valueFrom: secretKeyRef: name: dbcreds key: plainhost - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: dbcreds key: postgresql-password - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-secrets key: AUTHENTIK_SECRET_KEY - name: AUTHENTIK_LOG_LEVEL value: "{{ .Values.env.AUTHENTIK_LOG_LEVEL }}" - name: AUTHENTIK_DISABLE_UPDATE_CHECK value: "{{ .Values.env.AUTHENTIK_DISABLE_UPDATE_CHECK }}" - name: AUTHENTIK_ERROR_REPORTING__ENABLED value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENABLED }}" - name: AUTHENTIK_ERROR_REPORTING__ENVIRONMENT value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__ENVIRONMENT }}" - name: AUTHENTIK_ERROR_REPORTING__SEND_PII value: "{{ .Values.env.AUTHENTIK_ERROR_REPORTING__SEND_PII }}" - name: AUTHENTIK_EMAIL__HOST value: "{{ .Values.env.AUTHENTIK_EMAIL__HOST }}" - name: AUTHENTIK_EMAIL__PORT value: "{{ .Values.env.AUTHENTIK_EMAIL__PORT }}" - name: AUTHENTIK_EMAIL__USERNAME value: "{{ .Values.env.AUTHENTIK_EMAIL__USERNAME }}" - name: AUTHENTIK_EMAIL__PASSWORD value: "{{ .Values.env.AUTHENTIK_EMAIL__PASSWORD }}" - name: AUTHENTIK_EMAIL__USE_TLS value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_TLS }}" - name: AUTHENTIK_EMAIL__USE_SSL value: "{{ .Values.env.AUTHENTIK_EMAIL__USE_SSL }}" - name: AUTHENTIK_EMAIL__TIMEOUT value: "{{ .Values.env.AUTHENTIK_EMAIL__TIMEOUT }}" - name: AUTHENTIK_EMAIL__FROM value: "{{ .Values.env.AUTHENTIK_EMAIL__FROM }}" - name: AUTHENTIK_AVATARS value: "{{ .Values.env.AUTHENTIK_AVATARS }}" - name: AUTHENTIK_DEFAULT_USER_CHANGE_NAME value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_NAME }}" - name: AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL }}" - name: AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME value: "{{ .Values.env.AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME }}" - name: AUTHENTIK_GDPR_COMPLIANCE value: "{{ .Values.env.AUTHENTIK_GDPR_COMPLIANCE }}" - name: AUTHENTIK_DEFAULT_TOKEN_LENGTH value: "{{ .Values.env.AUTHENTIK_DEFAULT_TOKEN_LENGTH }}" - name: AUTHENTIK_IMPERSONATION value: "{{ .Values.env.AUTHENTIK_IMPERSONATION }}" - name: AUTHENTIK_DISABLE_STARTUP_ANALYTICS value: "{{ .Values.env.AUTHENTIK_DISABLE_STARTUP_ANALYTICS }}" cronjob: annotations: {} failedJobsHistoryLimit: 5 successfulJobsHistoryLimit: 2 persistence: media: enabled: true mountPath: "/media" templates: enabled: true mountPath: "/templates" certs: enabled: true mountPath: "/certs" geoip: enabled: true mountPath: "/geoip" postgresql: enabled: true existingSecret: "dbcreds" postgresqlUsername: authentik postgresqlDatabase: authentik redis: enabled: true existingSecret: "rediscreds"