 6d5172d18a
			
		
	
	6d5172d18a
	
	
	
		
			
			* first pass
* dependency shenanigans
* move blueprints
* few broken links
* change config the throw errors
* internal file edits
* fighting links
* remove sidebarDev
* fix subdomain
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix relative URL
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix mismatched package versions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix api reference build
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test tweak
* links hell
* more links hell
* links hell2
* yep last of the links
* last broken link fixed
* re-add cves
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add devdocs redirects
* add dir
* tweak netlify.toml
* move latest 2 CVES into dir
* fix links to moved cves
* typoed title fix
* fix link
* remove banner
* remove committed api docs
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* integrations: remove version dropdown
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Update Makefile
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* change doc links in web as well
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix some more docs paths
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* fix more docs paths
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* ci: require ci-web.build for merging
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
* Revert "ci: require ci-web.build for merging"
This reverts commit b99a4842a9.
* remove sluf for Application
* put slug back in
* minor fix to trigger deploy
* Spelled out Documentation in menu bar
* remove image redirects...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove explicit index.md
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove mdx first
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* then remove .md
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add missing prefix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
		
	
		
			
				
	
	
		
			105 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			105 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| title: Kubernetes installation
 | |
| ---
 | |
| 
 | |
| You can install authentik to run on Kubernetes using Helm Chart.
 | |
| 
 | |
| :::info
 | |
| You can also [view a video walk-through](https://www.youtube.com/watch?v=O1qUbrk4Yc8) of the installation process on Kubernetes (with bonus details about email configuration and other important options).
 | |
| :::
 | |
| 
 | |
| ### Requirements
 | |
| 
 | |
| -   Kubernetes
 | |
| -   Helm
 | |
| 
 | |
| ## Video
 | |
| 
 | |
| <iframe width="560" height="315" src="https://www.youtube.com/embed/O1qUbrk4Yc8?si=hs-ZhbVk4Y-TW_Vw&start=562" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 | |
| 
 | |
| ### Generate Passwords
 | |
| 
 | |
| Start by generating passwords for the database and cache. You can use either of the following commands:
 | |
| 
 | |
| ```shell
 | |
| pwgen -s 50 1
 | |
| openssl rand 60 | base64 -w 0
 | |
| ```
 | |
| 
 | |
| ### Set Values
 | |
| 
 | |
| Create a `values.yaml` file with a minimum of these settings:
 | |
| 
 | |
| ```yaml
 | |
| authentik:
 | |
|     secret_key: "PleaseGenerateASecureKey"
 | |
|     # This sends anonymous usage-data, stack traces on errors and
 | |
|     # performance data to sentry.io, and is fully opt-in
 | |
|     error_reporting:
 | |
|         enabled: true
 | |
|     postgresql:
 | |
|         password: "ThisIsNotASecurePassword"
 | |
| 
 | |
| server:
 | |
|     ingress:
 | |
|         # Specify kubernetes ingress controller class name
 | |
|         ingressClassName: nginx | traefik | kong
 | |
|         enabled: true
 | |
|         hosts:
 | |
|             - authentik.domain.tld
 | |
| 
 | |
| postgresql:
 | |
|     enabled: true
 | |
|     auth:
 | |
|         password: "ThisIsNotASecurePassword"
 | |
| redis:
 | |
|     enabled: true
 | |
| ```
 | |
| 
 | |
| See all configurable values on [ArtifactHub](https://artifacthub.io/packages/helm/goauthentik/authentik).
 | |
| 
 | |
| ### Install authentik Helm Chart
 | |
| 
 | |
| Now, execute the following commands to install authentik:
 | |
| 
 | |
| ```shell
 | |
| helm repo add authentik https://charts.goauthentik.io
 | |
| helm repo update
 | |
| helm upgrade --install authentik authentik/authentik -f values.yaml
 | |
| ```
 | |
| 
 | |
| During the installation process, the database migrations will be applied automatically on startup.
 | |
| 
 | |
| ### Accessing authentik
 | |
| 
 | |
| After the installation is complete, access authentik at `https://<ingress-host-name>/if/flow/initial-setup/`. Here, you can set a password for the default `akadmin` user.
 | |
| 
 | |
| ### Optional step: Configure global email credentials
 | |
| 
 | |
| It is recommended to configure global email credentials as well. These are used by authentik to notify you about alerts and configuration issues. Additionally, they can be utilized by [Email stages](../../add-secure-apps/flows-stages/stages/email/index.mdx) to send verification and recovery emails.
 | |
| 
 | |
| To configure this, append this block to your `values.yaml` file:
 | |
| 
 | |
| ```yaml
 | |
| # add this block under the `authentik:` block in your values.yaml file
 | |
| # authentik:
 | |
| email:
 | |
|     # -- SMTP Server emails are sent from, fully optional
 | |
|     host: ""
 | |
|     port: 587
 | |
|     # -- SMTP credentials. When left empty, no authentication will be done.
 | |
|     username: ""
 | |
|     # -- SMTP credentials. When left empty, no authentication will be done.
 | |
|     password: ""
 | |
|     # -- Enable either use_tls or use_ssl. They can't be enabled at the same time.
 | |
|     use_tls: false
 | |
|     # -- Enable either use_tls or use_ssl. They can't be enabled at the same time.
 | |
|     use_ssl: false
 | |
|     # -- Connection timeout in seconds
 | |
|     timeout: 30
 | |
|     # -- Email 'from' address can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
 | |
|     from: ""
 | |
| ```
 | |
| 
 | |
| By following these steps, you will successfully install and set up authentik on Kubernetes using Helm.
 |