Authentik

---

Authentik is an open source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things. You can support OAuth, OIDC, SAML, and even LDAP with just this one app. Identity can be a complex topic so please be sure to read through Authentik's excellent documnetation to be sure you understand any changes you are making. What's described below works for me, but may not work for you.

Product: Authentik
Install Type: Helm (Chart)
Container Image: Authentik

Installation Details

First, we need to add the Authentik repository to your Helm with:

helm repo add goauthentik https://charts.goauthentik.io/
helm repo update

For Helm charts, I generally pull the values to a file and modify that file for my specific needs:

 helm show values goauthentik/authentik > values.yaml

This allows me to modify different environment specific configurations such as persistent storage and others. Please configure as appropriate for your environment, including storage, database, email gateway and any other additional considerations. Authentik provides excellent documentation for installing in Kubernetes, and I would recommend reading that thoroughly to understand what may need to be configured. For instance, I use Longhorn as my primary storageClass and I generate some signing and encryption certificates as secrets with my internal Certificate Authority with StepCA and Cert Manager that I have Authentik use.

Once you have made all of your changes per Authentik's documentation, deploy with the following:

helm upgrade --install -n identity --create-namespace \
             -f values.yaml authentik goauthentik/authentik