# authentik Helm values # Deploy: # helm upgrade --install authentik authentik/authentik \ # --namespace authentik \ # --version 2026.2.1 \ # --values values/authentik.yaml \ # --wait --timeout 5m authentik: secret_key: "" # kept blank — comes from existingSecret via env below existingSecret: secretName: "" # kept blank — not used directly, but required to avoid Helm validation error log_level: info error_reporting: enabled: false server: env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-secrets key: secret-key - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: authentik-secrets key: postgresql-password - name: AUTHENTIK_POSTGRESQL__HOST value: "authentik-postgresql" - name: AUTHENTIK_POSTGRESQL__USER value: "authentik" - name: AUTHENTIK_POSTGRESQL__NAME value: "authentik" worker: env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: name: authentik-secrets key: secret-key - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: name: authentik-secrets key: postgresql-password - name: AUTHENTIK_POSTGRESQL__HOST value: "authentik-postgresql" - name: AUTHENTIK_POSTGRESQL__USER value: "authentik" - name: AUTHENTIK_POSTGRESQL__NAME value: "authentik" postgresql: enabled: true auth: username: authentik database: authentik existingSecret: authentik-secrets secretKeys: adminPasswordKey: postgresql-password userPasswordKey: postgresql-password primary: persistence: enabled: true podAnnotations: helm.sh/resource-policy: keep redis: enabled: true auth: enabled: false additionalObjects: - apiVersion: v1 kind: Service metadata: name: authentik-worker namespace: authentik spec: selector: app.kubernetes.io/component: worker app.kubernetes.io/instance: authentik ports: - name: http port: 9000 targetPort: 9000