StarfighterAuthentik Helm woes
Authentik Helm woes - tchncs
I’m currently in the long process of rebuilding my declarative homelab using k3s, ArgoCD and NixOS. I had previously used Keycloak but that always seemed massively overqualified and way too complex for my purposes. With this rebuild I saw my chance to try out Authentik which appears to be in good standing with the homelab community. They have tons of documentation for pretty much anything which was encouraging to me. Well except for the documentation for their Helm Charts maybe… Started off with version 2025.12.x, am now onto 2026.02.x and have spent most weekends in between that on getting Authentik to even just deploy to the cluster. It’s partially my fault for attempting to use Secrets initially but even now with hardcoded keys in my git repo the default example chart doesn’t work: ::: spoiler values.yaml yaml authentik: existingSecret: secretName: authentik-secret postgresql: # None of this gets applied at all so I do it manually below... password: "somepasswd" server: replicas: 1 env: # Manually apply all the configuration values. Why am I using Helm charts again? - name: AUTHENTIK_POSTGRESQL__HOST value: authentik-postgresql - name: AUTHENTIK_POSTGRESQL__USER value: authentik - name: AUTHENTIK_POSTGRESQL__PASSWORD value: "somepasswd" - name: AUTHENTIK_POSTGRESQL__NAME value: authentik route: main: # ... postgresql: enabled: true auth: # And set everything here once again username: authentik password: "somepasswd" postgresPassword: "somepasswd" usePasswordFiles: false database: authentik primary: persistence: size: 4Gi ::: I started off with the official example [https://github.com/goauthentik/helm/blob/main/charts/authentik/README.md] and after all these undocumented changes it only deploys-ish: With the defaults authentik-server would always try to reach the DB under localhost which doesn’t work in the context of this chart/k8s. So after a while I figured out that the authentik: configuration block doesn’t actually do anything and I set all the values the chart should set by hand. Now the DB connects but the liveliness probe on the authentik-server pod fails. It logs the incoming probe requests but apparently doesn’t answer them (correctly) leading to k8s killing the pod. Sorry for the ramble but I’ve hit my motivational breaking point with Authentik. Since the community seems to like it a bit I am left wondering what I’m doing wrong to have this many issues with it. Did you people have this much trouble with Authentik and what have you switched to instead?
Anonymous_Dr0ne
DB Tech
mastodon.raddemo.host
Rad Web Hosting
Michał Narecki
Norri
Mike Watson 🇨🇦