--- # Authentik Configuration (Shared Env Vars) apiVersion: v1 kind: ConfigMap metadata: name: authentik-config namespace: authentik data: AUTHENTIK_REDIS__HOST: "authentik-redis" AUTHENTIK_POSTGRESQL__HOST: "authentik-postgresql" AUTHENTIK_POSTGRESQL__USER: "authentik" AUTHENTIK_POSTGRESQL__NAME: "authentik" AUTHENTIK_EMAIL__HOST: "smtp.example.com" AUTHENTIK_EMAIL__PORT: "587" AUTHENTIK_EMAIL__USE_TLS: "true" AUTHENTIK_EMAIL__USERNAME: "user" AUTHENTIK_EMAIL__FROM: "authentik@stabify.de" AUTHENTIK_ERROR_REPORTING__ENABLED: "false" --- # SERVER (Web/API) apiVersion: apps/v1 kind: Deployment metadata: name: authentik-server namespace: authentik labels: app: authentik component: server spec: replicas: 1 selector: matchLabels: app: authentik component: server template: metadata: labels: app: authentik component: server spec: containers: - name: authentik image: ghcr.io/goauthentik/server:2024.12.0 command: ["/ak-server"] # Start Server ports: - containerPort: 9000 name: http - containerPort: 9443 name: https envFrom: - configMapRef: name: authentik-config - secretRef: name: authentik-secrets readinessProbe: httpGet: path: /-/health/ready/ port: 9000 initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /-/health/live/ port: 9000 initialDelaySeconds: 10 periodSeconds: 20 --- # WORKER (Background Tasks) apiVersion: apps/v1 kind: Deployment metadata: name: authentik-worker namespace: authentik labels: app: authentik component: worker spec: replicas: 1 selector: matchLabels: app: authentik component: worker template: metadata: labels: app: authentik component: worker spec: containers: - name: authentik image: ghcr.io/goauthentik/server:2024.12.0 command: ["/ak-worker"] # Start Worker envFrom: - configMapRef: name: authentik-config - secretRef: name: authentik-secrets --- apiVersion: v1 kind: Service metadata: name: authentik-server namespace: authentik spec: ports: - port: 80 targetPort: 9000 protocol: TCP name: http selector: app: authentik component: server