authelia helm

Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.

More popular helm chart found

authelia from bjw-s is more popular with 18 repositories.

Install

Install with:

helm repo add authelia-charts https://charts.authelia.com/
helm install authelia authelia-charts/authelia -f values.yaml

Top Repositories (2 out of 6)

See examples from other people.

NameRepoStarsVersionTimestamp
autheliawrmilling/k3s-gitops1780.8.57a day ago
autheliadfroberg/cluster420.8.38a year ago

Values

See the most popular values for this chart:

KeyTypes
configMap.access_control.default_policy (6)
deny
string
configMap.access_control.rules[].policy (4)
bypass
two_factor
one_factor
one_factor
string
configMap.access_control.rules[].domain (3)
*.${SECRET_DOMAIN}
string
configMap.access_control.rules[].domain[] (3)
- paperless.${SECRET_DOMAIN}
- longhorn.${SECRET_DOMAIN}
- jd2.${SECRET_DOMAIN}
- grafana.${SECRET_DOMAIN}
- gitops.${SECRET_DOMAIN}
- receipes.${SECRET_DOMAIN}
- homer.${SECRET_DOMAIN}
- prometheus.${SECRET_DOMAIN}
- alert-manager.${SECRET_DOMAIN}
- goldilocks.${SECRET_DOMAIN}
string
configMap.access_control.rules[].networks[] (3)
- private
string
configMap.access_control.rules[].subject[] (2)
- group:admins
- group:admins
string
configMap.access_control.rules[].resources[] (1)
- ^/api([/?].*)?$
- ^/(.*)/api([/?].*)?$
- ^/static([/?].*)?$
- ^/manifest[.]json$
string
configMap.access_control.networks[].name (3)
private
string
configMap.access_control.networks[].networks[] (3)
- ${PRIVATE_NETWORK}
string
configMap.notifier.smtp.enabled (6)
true
boolean
configMap.notifier.smtp.enabledSecret (5)
true
boolean
configMap.notifier.smtp.host (5)
smtp.gmail.com
string
configMap.notifier.smtp.port (5)
587
number
configMap.notifier.smtp.sender (5)
authelia@${SECRET_DOMAIN}
string
configMap.notifier.smtp.subject (4)
[Authelia] {title}
string
configMap.notifier.smtp.username (4)
mail@${SECRET_DOMAIN}
string
configMap.notifier.smtp.identifier (3)
${SECRET_DOMAIN}
string
configMap.notifier.smtp.startup_check_address (3)
${SECRET_SMTP_USER}
string
configMap.notifier.smtp.disable_html_emails (1)
false
boolean
configMap.notifier.smtp.disable_require_tls (1)
false
boolean
configMap.notifier.smtp.timeout (1)
5s
string
configMap.notifier.disable_startup_check (3)
true
boolean
configMap.notifier.filesystem.enabled (1)
true
boolean
configMap.notifier.filesystem.filename (1)
/config/notification.txt
string
configMap.session.redis.enabled (6)
true
boolean
configMap.session.redis.enabledSecret (5)
true
boolean
configMap.session.redis.host (5)
authelia-redis-master
string
configMap.session.redis.database_index (2)
3
number
configMap.session.redis.port (2)
6379
number
configMap.session.redis.username (1)

string
configMap.session.expiration (3)
1h
string
configMap.session.inactivity (3)
5m
string
configMap.session.name (3)
authelia_session
string
configMap.session.remember_me_duration (3)
1M
string
configMap.session.same_site (2)
lax
string
configMap.storage.postgres.enabled (6)
true
boolean
configMap.storage.postgres.host (4)
authelia-postgresql
string
configMap.storage.postgres.database (3)
authelia
string
configMap.storage.postgres.username (3)
authelia
string
configMap.storage.postgres.port (2)
5432
number
configMap.storage.postgres.schema (1)
public
string
configMap.storage.postgres.sslmode (1)
disable
string
configMap.storage.local.enabled (1)
true
boolean
configMap.storage.local.path (1)
/config/db.sqlite3
string
configMap.storage.mysql.enabled (1)
false
boolean
configMap.authentication_backend.ldap.enabled (5)
false
boolean
configMap.authentication_backend.ldap.additional_users_dn (3)

string
configMap.authentication_backend.ldap.base_dn (3)
${SECRET_LDAP_BASE_DN}
string
configMap.authentication_backend.ldap.groups_filter (3)
(&(member={dn})(objectclass=posixGroup))
string
configMap.authentication_backend.ldap.implementation (3)
custom
string
configMap.authentication_backend.ldap.url (3)
ldap://openldap.auth.svc.cluster.local:389
string
configMap.authentication_backend.ldap.user (3)
cn=admin,${SECRET_LDAP_BASE_DN}
string
configMap.authentication_backend.ldap.username_attribute (3)
uid
string
configMap.authentication_backend.ldap.users_filter (3)
(&({username_attribute}={input})(objectClass=posixAccount))
string
configMap.authentication_backend.ldap.additional_groups_dn (2)

string
configMap.authentication_backend.ldap.group_name_attribute (1)
cn
string
configMap.authentication_backend.ldap.mail_attribute (1)
${SECRET_ACME_EMAIL}
string
configMap.authentication_backend.file.enabled (4)
true
boolean
configMap.authentication_backend.file.password.algorithm (4)
argon2id
string
configMap.authentication_backend.file.password.argon2.iterations (2)
1
number
configMap.authentication_backend.file.password.argon2.key_length (2)
32
number
configMap.authentication_backend.file.password.argon2.memory (2)
1024
number
configMap.authentication_backend.file.password.argon2.parallelism (2)
8
number
configMap.authentication_backend.file.password.argon2.salt_length (2)
16
number
configMap.authentication_backend.file.password.argon2.variant (2)
argon2id
string
configMap.authentication_backend.file.path (3)
/config/users_database.yml
string
configMap.authentication_backend.disable_reset_password (2)
true
boolean
configMap.theme (5)
dark
string
configMap.enabled (4)
true
boolean
configMap.log.level (3)
trace
string
configMap.regulation.ban_time (3)
5m
string
configMap.regulation.find_time (3)
2m
string
configMap.regulation.max_retries (3)
3
number
configMap.server.read_buffer_size (1)
8192
number
configMap.server.write_buffer_size (1)
8192
number
configMap.totp.issuer (1)
${SECRET_PUBLIC_DOMAIN}
string
domain (6)
${SECRET_DOMAIN}
string
ingress.enabled (5)
true
boolean
ingress.subdomain (5)
auth
string
ingress.tls.enabled (4)
true
boolean
ingress.tls.secret (3)
${SECRET_DOMAIN//./-}-tls
string
ingress.annotations."external-dns.alpha.kubernetes.io/target" (3)
${SECRET_GATEWAY}
string
ingress.annotations.external-dns/is-public (2)
true
string
ingress.annotations."cert-manager.io/cluster-issuer" (1)
letsencrypt-prod
string
ingress.annotations."hajimari.io/appName" (1)
auth
string
ingress.annotations."hajimari.io/enable" (1)
true
string
ingress.annotations."hajimari.io/icon" (1)
alarm-light-outline
string
ingress.annotations."haproxy-ingress-proxy.pfsense.org/backend" (1)
nginx-443
string
ingress.annotations."haproxy-ingress-proxy.pfsense.org/enabled" (1)
true
string
ingress.annotations."haproxy-ingress-proxy.pfsense.org/frontend" (1)
https-443
string
ingress.annotations."kubernetes.io/tls-acme" (1)
true
string
ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
ingress.className (3)
nginx
string
ingress.ingressClassName (2)
nginx
string
ingress.traefikCRD.disableIngressRoute (1)
true
boolean
ingress.traefikCRD.enabled (1)
true
boolean
ingress.traefikCRD.entryPoints[] (1)
- websecure
string
pod.kind (5)
Deployment
string
pod.replicas (4)
1
number
pod.extraVolumeMounts[].mountPath (3)
/config/users_database.yml
string
pod.extraVolumeMounts[].name (3)
users-volume
string
pod.extraVolumeMounts[].subPath (2)
users_database.yml
string
pod.extraVolumes[].name (3)
users-volume
string
pod.extraVolumes[].secret.secretName (2)
authelia-users
string
pod.extraVolumes[].configMap.items[].key (1)
users_database.yml
string
pod.extraVolumes[].configMap.items[].path (1)
users_database.yml
string
pod.extraVolumes[].configMap.name (1)
authelia-config-custom
string
pod.resources.requests.cpu (3)
150m
string, number
pod.resources.requests.memory (3)
200Mi
string
pod.resources.limits.memory (1)
125Mi
string
pod.strategy.type (3)
Recreate
string
pod.env[].name (2)
TZ
string
pod.env[].value (2)
${CLUSTER_TZ}
string
pod.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)
kubernetes.io/arch
string
pod.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)
In
string
pod.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].values[] (1)
- amd64
string
pod.env.AUTHELIA_DEFAULT_REDIRECTION_URL (1)
https://auth.${SECRET_DOMAIN}
string
pod.env.AUTHELIA_DUO_API_DISABLE (1)
true
string
pod.env.AUTHELIA_LOG_LEVEL (1)
trace
string
pod.env.AUTHELIA_SERVER_PORT (1)
80
number
pod.env.AUTHELIA_SESSION_DOMAIN (1)
${SECRET_DOMAIN}
string
pod.env.AUTHELIA_THEME (1)
grey
string
pod.env.AUTHELIA_TOTP_ISSUER (1)
authelia.com
string
pod.env.AUTHELIA_WEBAUTHN_DISABLE (1)
true
string
pod.tolerations[].key (1)
arm
string
pod.tolerations[].operator (1)
Exists
string
secret.existingSecret (4)
authelia-secrets
string
secret.redis.key (3)
REDIS_PASSWORD
string
secret.redis.value (2)
${SECRET_REDIS_PASSWORD}
string
secret.redis.filename (1)
REDIS_PASSWORD
string
secret.smtp.key (3)
SMTP_PASSWORD
string
secret.smtp.value (2)
${SECRET_AUTHELIA_SMTP_PASSWORD}
string
secret.smtp.filename (1)
SMTP_PASSWORD
string
secret.storage.key (3)
STORAGE_PASSWORD
string
secret.storage.value (2)
${SECRET_AUTHELIA_POSTGRES_PASSWORD}
string
secret.storage.filename (1)
STORAGE_PASSWORD
string
secret.jwt.key (2)
JWT_TOKEN
string
secret.jwt.filename (1)
JWT_TOKEN
string
secret.jwt.value (1)
${SECRET_AUTHELIA_JWT_SECRET}
string
secret.ldap.key (2)
LDAP_ADMIN_PASSWORD
string
secret.ldap.value (1)
${SECRET_LDAP_ADMIN_PASSWORD}
string
secret.storageEncryptionKey.key (2)
STORAGE_ENCRYPTION_KEY
string
secret.storageEncryptionKey.filename (1)
STORAGE_ENCRYPTION_KEY
string
secret.storageEncryptionKey.value (1)
${SECRET_AUTHELIA_STORAGE_ENCRYPTION_KEY}
string
secret.redisSentinel.key (1)
redis_password
string
secret.session.key (1)
session_encryption_key
string
envFrom[].secretRef.name (1)
authelia-secrets
string
persistence.enabled (1)
true
boolean
persistence.existingClaim (1)
pvc-authelia
string
service.annotations."prometheus.io/probe" (1)
true
string
service.annotations."prometheus.io/protocol" (1)
http
string
service.port (1)
80
number