--- # Source: authentik/charts/authentik/templates/server/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: authentik-server namespace: "authentik" labels: helm.sh/chart: "authentik-2025.10.2" app.kubernetes.io/name: "authentik" app.kubernetes.io/instance: "authentik" app.kubernetes.io/component: "server" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/part-of: "authentik" app.kubernetes.io/version: "2025.10.2" spec: replicas: 1 revisionHistoryLimit: 3 selector: matchLabels: app.kubernetes.io/name: "authentik" app.kubernetes.io/instance: "authentik" app.kubernetes.io/component: "server" template: metadata: labels: helm.sh/chart: "authentik-2025.10.2" app.kubernetes.io/name: "authentik" app.kubernetes.io/instance: "authentik" app.kubernetes.io/component: "server" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/part-of: "authentik" app.kubernetes.io/version: "2025.10.2" annotations: checksum/secret: 4401a384e06edae0ac2d17733f15a6d40b1b11603c0ce881f1f93313e11b088b spec: terminationGracePeriodSeconds: 30 containers: - name: server image: ghcr.io/goauthentik/server:2025.10.2 imagePullPolicy: IfNotPresent args: - server env: - name: AUTHENTIK_SECRET_KEY valueFrom: secretKeyRef: key: key name: authentik-key-secret - name: AUTHENTIK_POSTGRESQL__HOST valueFrom: secretKeyRef: key: host name: authentik-postgresql-17-cluster-app - name: AUTHENTIK_POSTGRESQL__NAME valueFrom: secretKeyRef: key: dbname name: authentik-postgresql-17-cluster-app - name: AUTHENTIK_POSTGRESQL__USER valueFrom: secretKeyRef: key: user name: authentik-postgresql-17-cluster-app - name: AUTHENTIK_POSTGRESQL__PASSWORD valueFrom: secretKeyRef: key: password name: authentik-postgresql-17-cluster-app - name: AUTHENTIK_LISTEN__HTTP value: "0.0.0.0:9000" - name: AUTHENTIK_LISTEN__HTTPS value: "0.0.0.0:9443" - name: AUTHENTIK_LISTEN__METRICS value: "0.0.0.0:9300" envFrom: - secretRef: name: authentik ports: - name: http containerPort: 9000 protocol: TCP - name: https containerPort: 9443 protocol: TCP - name: metrics containerPort: 9300 protocol: TCP livenessProbe: failureThreshold: 3 httpGet: path: '/-/health/live/' port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 readinessProbe: failureThreshold: 3 httpGet: path: '/-/health/ready/' port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 startupProbe: failureThreshold: 60 httpGet: path: '/-/health/live/' port: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 resources: {} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: "authentik" app.kubernetes.io/instance: "authentik" app.kubernetes.io/component: "server" topologyKey: kubernetes.io/hostname enableServiceLinks: true