--- apiVersion: apps/v1 kind: Deployment metadata: name: authentik-server namespace: authentik-system labels: app.kubernetes.io/name: authentik app.kubernetes.io/component: server spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: authentik app.kubernetes.io/component: server template: metadata: labels: app.kubernetes.io/name: authentik app.kubernetes.io/component: server spec: serviceAccountName: authentik securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 containers: - name: authentik image: ghcr.io/goauthentik/server:2024.10.1 args: ["server"] env: [] envFrom: - secretRef: name: authentik-database - secretRef: name: authentik-email - secretRef: name: authentik-secret-key ports: - name: http containerPort: 9000 protocol: TCP - name: metrics containerPort: 9300 protocol: TCP livenessProbe: httpGet: path: /-/health/live/ port: http initialDelaySeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: /-/health/ready/ port: http initialDelaySeconds: 30 periodSeconds: 30 volumeMounts: - name: media mountPath: /media resources: requests: cpu: 100m memory: 512Mi limits: cpu: 1000m memory: 1Gi volumes: - name: media persistentVolumeClaim: claimName: authentik-media --- apiVersion: v1 kind: Service metadata: name: authentik-server namespace: authentik-system labels: app.kubernetes.io/name: authentik app.kubernetes.io/component: server spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http - port: 9300 targetPort: metrics protocol: TCP name: metrics selector: app.kubernetes.io/name: authentik app.kubernetes.io/component: server