Authentik is the most basic resource, and is required for the rest to work.
This creates an Authentik server for you with the suplied specifications.
To deploy a simple example:
kubectl apply -f https://raw.githubusercontent.com/dsluijk/authentik-operator/main/docs/authentik.yamlA full example:
apiVersion: ak.dany.dev/v1
kind: Authentik
metadata:
name: authentik
spec:
secretKey: "dontguessme"
logLevel: "info"
avatars: "gravatar"
image:
repository: "ghcr.io/goauthentik/server"
tag: "latest"
pullPolicy: "Always"
footerLinks:
- name: akOperator
href: "https://github.com/dsluijk/authentik-operator/"
postgres:
host: postgres-postgresql
port: 5432
database: postgres
username: postgres
password: "secretpassword"
passwordSecret: postgres-postgresql
passwordSecretKey: postgres-password
redis:
host: redis-master
port: 6379
password: "secretssst"
ingress:
className: nginx
rules:
- host: login.example.com
paths:
- path: "/"
pathType: "Prefix"
tls:
- secretName: "example-tls"
hosts:
- example.com
- login.example.com
smtp:
host: smtp.example.com
port: 25
from: "Example NoReply <[email protected]>"
username: "[email protected]"
password: "password123"
useTls: false
useSsl: false
timeout: 20| Key | Required | Default | Description |
|---|---|---|---|
| secretKey | False | {Random value} |
The secret key for signing, autogenerated if not provided. |
| logLevel | False | info |
Authentik log level. Valid: debug, info, warning, and error. |
| avatars | False | gravatar |
Configure how avatars are show. This is the same as in a normal deployment. |
| image.repository | False | ghcr.io/goauthentik/server |
Repository of the Authentik server. Can mostly be left as default. |
| image.tag | False | latest |
The tag used for the server container. Fixing a tag might be a good idea. |
| image.pullPolicy | False | IfNotPresent |
The pull policy of the image. |
| footerLinks[].name | True | Name of a footer link. | |
| footerLinks[].href | True | The url to be used in the footer. | |
| postgres.host | True | The host of the posgres database. | |
| postgres.port | False | 5432 |
The port of the posgres database. |
| postgres.database | True | The database to be used on the postgres server. | |
| postgres.username | True | The username to authenticate on the Postgres server with. | |
| postgres.password | False | postgres |
The password of the postgres user. This or a secret is required. |
| postgres.passwordSecret | False | A reference to a Kubernetes secret containing the password. | |
| postgres.passwordSecretKey | False | The key of the password within the secret. | |
| redis.host | True | The host of the Redis server. | |
| redis.port | False | 6379 |
The port of this Redis server. |
| redis.password | False | An optional password used to authenticate against the Redis server. | |
| ingress | False | The ingress definition. The ingress is not created if this is not present. | |
| ingress.className | False | The ingress class name to use. Leave empty to use the default. | |
| ingress.rules[].host | False | The host to use for this rule. Empty for any. | |
| ingress.rules[].paths[].path | True | The path to match against. | |
| ingress.rules[].paths[].pathType | False | ImplementationSpecific |
The type of path to match with. |
| ingress.tls[].secretName | True | The secret to use for the TLS certificate. | |
| ingress.tls[].hosts[] | False | The hosts to match the certificate with. | |
| smtp | False | SMTP server settings. SMTP is disabled if this object is not given. | |
| smtp.host | True | The host of the SMTP server. | |
| smtp.port | False | 25 |
The port of the SMTP server. |
| smtp.from | True | The FROM string to use when sending mails. | |
| smtp.username | False | "" |
The username used when authenticating. |
| smtp.password | False | "" |
The password used when authenticating. |
| smtp.useTls | False | false |
Whenether to use TLS when communicating with the SMTP server. |
| smtp.useSsl | False | false |
Whenether to use SSL when communicating with the SMTP server. |
| smtp.timeout | False | 10 |
Timeout in seconds when sending mails. |