Authentik
Authentik is an open source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things. You can support OAuth, OIDC, SAML, and even LDAP with just this one app. Identity can be a complex topic so please be sure to read through Authentik's excellent documnetation to be sure you understand any changes you are making. What's described below works for me, but may not work for you.
Product: Authentik
Install Type: Helm (Chart)
Container Image: Authentik
Installation Details
First, we need to add the Authentik repository to your Helm with:
helm repo add goauthentik https://charts.goauthentik.io/
helm repo update
For Helm charts, I generally pull the values to a file and modify that file for my specific needs:
helm show values goauthentik/authentik > values.yaml
This allows me to modify different environment specific configurations such as persistent storage and others. Please configure as appropriate for your environment, including storage, database, email gateway and any other additional considerations. Authentik provides excellent documentation for installing in Kubernetes, and I would recommend reading that thoroughly to understand what may need to be configured. For instance, I use Longhorn as my primary storageClass and I generate some signing and encryption certificates as secrets with my internal Certificate Authority with StepCA and Cert Manager that I have Authentik use.
Once you have made all of your changes per Authentik's documentation, deploy with the following:
helm upgrade --install -n identity --create-namespace \
-f values.yaml authentik goauthentik/authentik
Identity is a critical part of your security. Be sure to read through Authentik's documentation when deploying SAML, OIDC, LDAP, or other connections to ensure proper security.