# Include{groups} portals: open: # Include{portalLink} questions: # Include{global} # Include{workload} # Include{workloadDeployment} # Include{replicas1} # Include{podSpec} # Include{containerMain} # Include{containerBasic} # Include{containerAdvanced} - variable: authentik group: App Configuration label: Authentik Configuration schema: additional_attrs: true type: dict attrs: - variable: credentials label: Credentials schema: additional_attrs: true type: dict attrs: - variable: email label: Email description: | Set the default email address for the akadmin user.
Only read on initial install, changing this will have no effect. schema: type: string required: true immutable: true default: "" - variable: password label: Password description: | Set the default password for the akadmin user.
Only read on initial install, changing this will have no effect. schema: type: string private: true required: true immutable: true default: "" - variable: bootstrapToken label: (Optional) Bootstrap Token description: | Set the bootstrap token for the authentik server.
Only read on initial install, changing this will have no effect.
Only set this token if you plan to use the API right after installation. schema: type: string private: true immutable: true default: "" - variable: general label: General schema: additional_attrs: true type: dict attrs: - variable: disableUpdateCheck label: Disable Update Check description: Disable the inbuilt update-checker schema: type: boolean default: false - variable: disableStartupAnalytics label: Disable Startup Analytics description: Disable startup analytics schema: type: boolean default: true - variable: allowUserChangeName label: Allow User Change Name description: Enable the ability for users to change their Name schema: type: boolean default: true - variable: allowUserChangeEmail label: Allow User Change Mail description: Enable the ability for users to change their Email address schema: type: boolean default: true - variable: allowUserChangeUsername label: Allow User Change Username description: Enable the ability for users to change their Usernames schema: type: boolean default: true - variable: gdprCompliance label: GDPR Compliance description: When enabled, all the events caused by a user will be deleted upon the user's deletion schema: type: boolean default: true - variable: overwriteDefaultBlueprints label: Overwrite Default Blueprints description: | When enabled, all the default blueprints will be overwritten
True: mountPath: /blueprints
False: mountPath: /blueprints/custom schema: type: boolean default: false - variable: tokenLength label: Token Length description: Configure the length of generated tokens schema: type: int min: 60 default: 128 - variable: impersonation label: Impersonation description: Globally enable / disable impersonation schema: type: boolean default: true - variable: avatars label: Avatars description: Configure how authentik should show avatars for users schema: type: list default: - gravatar - initials items: - variable: avatar label: Avatar description: Avatar type schema: type: string default: "" required: true - variable: footerLinks label: Footer Links description: This option configures the footer links on the flow executor pages schema: type: list default: - name: Authentik href: https://goauthentik.io items: - variable: footerLink label: Footer Link schema: additional_attrs: true type: dict attrs: - variable: name label: Name description: Name of the link schema: type: string default: "" required: true - variable: href label: Href description: URL of the link schema: type: string default: "" required: true - variable: email label: Email schema: additional_attrs: true type: dict attrs: - variable: host label: Mail Server Host description: Sets host of mail server schema: type: string default: "" - variable: port label: Mail Server Port description: Sets port of mail server schema: type: int default: 587 - variable: username label: Username description: Sets username of mail server schema: type: string default: "" - variable: password label: Password description: Sets password of mail server schema: type: string private: true default: "" - variable: useTLS label: Use TLS for authentication description: Sets TLS for mail server authentication schema: type: boolean default: true - variable: useSSL label: Use SSL for authentication description: Sets SSL for mail server authentication schema: type: boolean default: false - variable: timeout label: Timeout of authentication description: Sets timeout for mail server authentication schema: type: int default: 10 - variable: from label: From Address description: Email address authentik will send from schema: type: string default: "" - variable: ldap label: LDAP schema: additional_attrs: true type: dict attrs: - variable: tls_ciphers label: TLS Ciphers description: | Allows configuration of TLS Ciphers for LDAP connections used by LDAP sources.
Setting applies to all sources schema: type: string default: "null" - variable: taskTimeoutHours label: Task Timeout Hours description: Timeout in hours for LDAP synchronization tasks schema: type: int default: 2 - variable: logging label: Logging schema: additional_attrs: true type: dict attrs: - variable: log_level label: Log Level description: Log level for the server and worker containers schema: type: string default: info enum: - value: trace description: trace - value: debug description: debug - value: info description: info - value: warning description: warning - value: error description: error - variable: error_reporting label: Error Reporting schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enable Reporting description: Enables error reporting schema: type: boolean default: false show_subquestions_if: subquestions: - variable: sendPII label: Send Personal Data description: Whether or not to send personal data, like usernames schema: type: boolean default: false - variable: environment label: Environment description: The environment tag associated with all data sent to Sentry schema: type: string default: customer - variable: sentryDSN label: Sentry DSN description: Sets the DSN for the Sentry API endpoint. schema: type: string private: true default: "" - variable: geoip label: GeoIP schema: additional_attrs: true type: dict attrs: - variable: wipeBuiltInDb label: Wipe Built-In GeoIP DB description: | Wipes the built-in GeoIP database.
With this set to false, and disabled GeoIP container,
It will use the built-in database. schema: type: boolean show_if: [["enabled", "=", false]] default: false - variable: enabled label: Enabled description: | Enables and configures the GeoIP container.
This will deploy the GeoIP container. schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: editionID label: Edition ID description: | The edition ID of the database to download.
Only one seems to be supported by Authentik. schema: type: string default: GeoLite2-City - variable: frequency label: Frequency description: The number of hours between geoipupdate runs. schema: type: int min: 1 default: 8 - variable: accountID label: Account ID description: Your MaxMind account ID schema: type: string private: true required: true default: "" - variable: licenseKey label: License Key description: Your MaxMind license key schema: type: string private: true required: true default: "" - variable: outposts label: Outposts schema: additional_attrs: true type: dict attrs: - variable: proxy label: Proxy schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enabled description: | Enables and configures the Proxy container.
This will deploy the Proxy container. schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: token label: Token description: | The token used to authenticate with the authentik server. schema: type: string private: true required: true default: "" - variable: radius label: Radius schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enabled description: | Enables and configures the Radius container.
This will deploy the Radius container. schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: token label: Token description: | The token used to authenticate with the authentik server. schema: type: string private: true required: true default: "" - variable: ldap label: LDAP schema: additional_attrs: true type: dict attrs: - variable: enabled label: Enabled description: | Enables and configures the LDAP container.
This will deploy the LDAP container. schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: token label: Token description: | The token used to authenticate with the authentik server. schema: type: string private: true required: true default: "" # Include{containerConfig} # Include{podOptions} # Include{serviceRoot} - variable: main label: Main Service description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 10229 required: true - variable: proxy label: Proxy Service description: The Proxy service. schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: http label: HTTP Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 10227 required: true - variable: https label: HTTPS Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 10228 required: true - variable: radius label: RADIUS Service description: The RADIUS service. schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: radius label: RADIUS Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 1812 required: true - variable: ldap label: LDAP Service description: The LDAP service. schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: ldap label: LDAP Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 389 required: true - variable: ldaps label: LDAPS Service description: The LDAPS service. schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: ldaps label: LDAPS Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port label: Port description: This port exposes the container port on the service schema: type: int default: 636 required: true # Include{serviceExpertRoot} # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} - variable: media label: App Media Storage description: Stores the Application Media. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: templates label: App Templates Storage description: Stores the Application Templates. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: blueprints label: App Blueprints Storage description: Stores the Application Blueprints. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: certs label: App Certs Storage description: Stores the Application Certs. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} - variable: geoip label: App GeoIP Storage description: Stores the Application GeoIP. schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceList} # Include{ingressRoot} - variable: main label: Main (HTTPS) Ingress schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressAdvanced} - variable: proxy label: Proxy (HTTPS) Ingress schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressAdvanced} # Include{ingressList} # Include{securityContextRoot} - variable: runAsUser label: runAsUser description: The UserID of the user running the application schema: type: int default: 1000 - variable: runAsGroup label: runAsGroup description: The groupID of the user running the application schema: type: int default: 1000 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} - variable: fsGroup label: fsGroup description: The group that should own ALL storage. schema: type: int default: 568 # Include{resources} # Include{postgresql} # Include{metrics} # Include{prometheusRule} # Include{advanced} # Include{addons} # Include{codeserver} # Include{netshoot} # Include{vpn} # Include{documentation}