Skip to content

Instantly share code, notes, and snippets.

@taking

taking/Authentik-helm.md

Last active December 15, 2023 03:11
Show Gist options
  • Save taking/adbca4931222eb3b0f8c6e8d3495e2c0 to your computer and use it in GitHub Desktop.
Save taking/adbca4931222eb3b0f8c6e8d3495e2c0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Authentik-helm.md

Authentik Installation with Helm

  • postrges, redis 이미지는 bitnami 를 이용하기 때문에 arm 환경에서는 사용 불가

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.2.0+
  • pwgen package (apt-get install pwgen)
  • geoIP Account

SECRET KEY

PG_PASS=$(pwgen -s 40 1)
AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)

GEOIP

# https://www.maxmind.com/en/geolite2/signup
GEOIP_ACCOUNTID=
GEOIP_LICENSEKEY=

helm update

helm repo add authentik https://charts.goauthentik.io
helm repo update

Install

helm install authentik authentik/authentik \
  --create-namespace \
  --namespace authentik-sso \
  --set authentik.secret_key=${AUTHENTIK_SECRET_KEY} \
  --set authentik.postgresql.password=${PG_PASS} \
  --set authentik.error_reporting.enabled=true \
  --set postgresql.enabled=true \
  --set postgresql.postgresqlPassword=${PG_PASS} \
  --set redis.enabled=true \
  --set geoip.enabled=true \
  --set geoip.accountId=${GEOIP_ACCOUNTID},geoip.licenseKey=${GEOIP_LICENSEKEY} \
  --set replicas=2

echo 'init : https://<ingress you've specified>/if/flow/initial-setup/'

Screenshot

image

OAuth2/OpenID Provider - kubernetes 생성 image

Application - kubernetes 생성 image image

@taking
Copy link
Author

taking commented Jun 22, 2022
edited
Loading

(Option) Authentik Local IngressRoute

cat <<'EOF' | kubectl apply -f -
# authentik-sso.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: authentik-sso-dashboard
  namespace: default
spec:
  entryPoints:
  - web

  routes:
  - match: Host(`sso.dev-t.xyz`)
    kind: Rule
    services:
    - name: local-docker-authentik-service
      port: 9000
      middlewares:
        - name: redirect-https
          namespace: traefik
---
kind: Endpoints
apiVersion: v1
metadata:
  name: local-docker-authentik-service
  namespace: default
subsets:
  - addresses:
        - ip: 10.0.0.230
    ports:
      - port: 9000
        name: local-docker-authentik-service
---
kind: Service
apiVersion: v1
metadata:
  name: local-docker-authentik-service
  namespace: default
spec:
  ports:
  - port: 9000
    targetPort: 9000
    name: local-docker-authentik-service
EOF

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment