 82bb179bc2
			
		
	
	82bb179bc2
	
	
	
		
			
			* root: make global email settings configurable * stages/email: add use_global_settings * stages/email: add test_email command to test email sending * stages/email: update email template * stages/email: simplify email template path * stages/email: add support for user-supplied email templates * stages/email: add tests for sending and templates * stages/email: only add custom template if permissions are correct * docs: add custom email template docs * root: add /templates volume in docker-compose by default * stages/email: fix form not allowing custom templates * stages/email: use relative path for custom templates * stages/email: check if all templates exist on startup, reset * docs: add global email docs for docker-compose * helm: add email config to helm chart * helm: load all secrets with env prefix * helm: move s3 and smtp secret to secret * stages/email: fix test for relative name * stages/email: add argument to send email from existing stage * stages/email: set uid using slug of message id * stages/email: ensure template validation ignores migration runs * docs: add email troubleshooting docs * stages/email: fix long task_name breaking task list
		
			
				
	
	
		
			101 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			101 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| title: Kubernetes installation
 | |
| ---
 | |
| 
 | |
| For a mid to high-load installation, Kubernetes is recommended. authentik is installed using a helm-chart.
 | |
| 
 | |
| To install authentik using the helm chart, run these commands:
 | |
| 
 | |
| ```
 | |
| helm repo add authentik https://docker.beryju.org/chartrepo/authentik
 | |
| helm repo update
 | |
| helm install authentik/authentik --devel -f values.yaml
 | |
| ```
 | |
| 
 | |
| This installation automatically applies database migrations on startup. After the installation is done, you can use `akadmin` as username and password.
 | |
| 
 | |
| It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts, configuration issues. They can also be used by [Email stages](flow/stages/email/index.md) to send verification/recovery emails.
 | |
| 
 | |
| ```yaml
 | |
| ###################################
 | |
| # Values directly affecting authentik
 | |
| ###################################
 | |
| image:
 | |
|     name: beryju/authentik
 | |
|     name_static: beryju/authentik-static
 | |
|     name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
 | |
|     tag: 0.14.2-stable
 | |
| 
 | |
| serverReplicas: 1
 | |
| workerReplicas: 1
 | |
| 
 | |
| # Enable the Kubernetes integration which lets authentik deploy outposts into kubernetes
 | |
| kubernetesIntegration: true
 | |
| 
 | |
| config:
 | |
|     # Optionally specify fixed secret_key, otherwise generated automatically
 | |
|     # secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
 | |
|     # Enable error reporting
 | |
|     errorReporting:
 | |
|         enabled: false
 | |
|         environment: customer
 | |
|         sendPii: false
 | |
|     # Log level used by web and worker
 | |
|     # Can be either debug, info, warning, error
 | |
|     logLevel: warning
 | |
|     # Global Email settings
 | |
|     email:
 | |
|         # SMTP Host Emails are sent to
 | |
|         host: localhost
 | |
|         port: 25
 | |
|         # Optionally authenticate
 | |
|         username: ""
 | |
|         password: ""
 | |
|         # Use StartTLS
 | |
|         useTls: false
 | |
|         # Use SSL
 | |
|         useSsl: false
 | |
|         timeout: 10
 | |
|         # Email address authentik will send from, should have a correct @domain
 | |
|         from: authentik@localhost
 | |
| 
 | |
| # Enable Database Backups to S3
 | |
| # backup:
 | |
| #   accessKey: access-key
 | |
| #   secretKey: secret-key
 | |
| #   bucket: s3-bucket
 | |
| #   region: eu-central-1
 | |
| #   host: s3-host
 | |
| 
 | |
| ingress:
 | |
|     annotations:
 | |
|         {}
 | |
|         # kubernetes.io/ingress.class: nginx
 | |
|         # kubernetes.io/tls-acme: "true"
 | |
|     hosts:
 | |
|         - authentik.k8s.local
 | |
|     tls: []
 | |
|     #  - secretName: chart-example-tls
 | |
|     #    hosts:
 | |
|     #      - authentik.k8s.local
 | |
| 
 | |
| ###################################
 | |
| # Values controlling dependencies
 | |
| ###################################
 | |
| 
 | |
| install:
 | |
|     postgresql: true
 | |
|     redis: true
 | |
| 
 | |
| # These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
 | |
| postgresql:
 | |
|     postgresqlDatabase: authentik
 | |
| 
 | |
| redis:
 | |
|     cluster:
 | |
|         enabled: false
 | |
|     master:
 | |
|         persistence:
 | |
|             enabled: false
 | |
| ```
 |