Panfactum LogoPanfactum
Infrastructure ModulesKuberneteskube_authentik

Authentik

kube_authentik
Stable
Live
Source Code Link

This module deploys an Authentik instance to the Kubernetes cluster.

Providers

The following providers are needed by this module:

  • aws (5.39.1)

  • helm (2.12.1)

  • kubernetes (2.27.0)

  • random (3.6.0)

  • vault (3.25.0)

Required Inputs

The following input variables are required:

akadmin_email

Description: The email address to use for the root authentik administrator. Warning: must be changed manually once applied.

Type: string

eks_cluster_name

Description: The name of the EKS cluster.

Type: string

email_from_address

Description: The 'from' address to use for sent emails

Type: string

smtp_host

Description: The SMTP server for email sending

Type: string

smtp_password

Description: The password to use for SMTP authentication for email sending

Type: string

smtp_user

Description: The user to use for SMTP authentication for email sending

Type: string

Optional Inputs

The following input variables are optional (have default values):

authentik_helm_version

Description: The version of the Authentik helm chart to deploy

Type: string

Default: "2024.4.2"

aws_iam_ip_allow_list

Description: A list of IPs that can use the service account token to authenticate with AWS API

Type: list(string)

Default: []

domain

Description: A list of domains from which authentik will serve traffic

Type: string

Default: null

error_reporting_enabled

Description: True iff errors should be reported to authentik for telemetry purposes

Type: bool

Default: true

ingress_enabled

Description: Whether to enable ingress to the Authentik server

Type: bool

Default: false

log_level

Description: The log level for the operator pods

Type: string

Default: "error"

pull_through_cache_enabled

Description: Whether to use the ECR pull through cache for the deployed images

Type: bool

Default: false

vpa_enabled

Description: Whether the VPA resources should be enabled

Type: bool

Default: false

Outputs

The following outputs are exported:

akadmin_bootstrap_password

Description: The initial password for the root akadmin user. Only used on initial bootstrapping.

akadmin_bootstrap_token

Description: The initial API token for the root akadmin user. Only used on initial bootstrapping.

akadmin_email

Description: The email for the root akadmin user.

authentik_url

Description: n/a

db_admin_role

Description: n/a

db_reader_role

Description: n/a

db_superuser_password

Description: n/a

db_superuser_role

Description: n/a

db_superuser_username

Description: n/a

domain

Description: n/a

email_templates_configmap

Description: n/a

media_configmap

Description: n/a

namespace

Description: n/a

redis_admin_role

Description: n/a

redis_reader_role

Description: n/a

redis_superuser_role

Description: n/a

Usage

No notes