habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
21f92b4a65984802f6398c81accc43484053e9a4
authentik/website/docs/installation/kubernetes.md
lyh16 6c880e0e62 website/docs: Enable 'secure' option for pwgen (#2260) 
* Enable 'secure' option for pwgen

As per the [pwgen manual](https://linux.die.net/man/1/pwgen, "pwgen manual"), the "-s"(secure) option instructs pwgen to generate completely random passwords, where as the default for pwgen is to generate more memorable passwords. Since, the passwords generated in this part of the installation process are to be "remembered" by the dot env file, I believe that users may benefit from the additional entropy provided by the "-s" option in pwgen.

* Enable 'secure' option for pwgen
2022-02-08 12:24:29 +01:00

50 lines
1.5 KiB
Markdown
Raw Blame History

---
title: Kubernetes installation
---
authentik is installed using a helm-chart.
To install authentik using the helm chart, generate a password for the database and the cache, using `pwgen -s 50 1` or `openssl rand -base64 36`.
Create a values.yaml file with a minimum of these settings:
```yaml
authentik:
secret_key: "PleaseGenerateA50CharKey"
# This sends anonymous usage-data, stack traces on errors and
# performance data to sentry.beryju.org, and is fully opt-in
error_reporting:
enabled: true
postgresql:
password: "ThisIsNotASecurePassword"
ingress:
enabled: true
hosts:
- host: authentik.domain.tld
paths:
- path: "/"
pathType: Prefix
postgresql:
enabled: true
postgresqlPassword: "ThisIsNotASecurePassword"
redis:
enabled: true
```
See all configurable values on [artifacthub](https://artifacthub.io/packages/helm/goauthentik/authentik).
Afterwards, run these commands to install authentik:
```
helm repo add authentik https://charts.goauthentik.io
helm repo update
helm upgrade --install authentik authentik/authentik -f values.yaml
```
This installation automatically applies database migrations on startup. After the installation is done, navigate to the `https://<ingress you've specified>/if/flow/initial-setup/`, to set a password for the akadmin user.
It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails.
Reference in New Issue View Git Blame Copy Permalink