apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '4' meta.helm.sh/release-name: authentik meta.helm.sh/release-namespace: authentik labels: app.kubernetes.io/component: server app.kubernetes.io/instance: authentik app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: authentik app.kubernetes.io/part-of: authentik app.kubernetes.io/version: 2026.2.1 helm.sh/chart: authentik-2026.2.1 name: authentik-server namespace: authentik spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 3 selector: matchLabels: app.kubernetes.io/component: server app.kubernetes.io/instance: authentik app.kubernetes.io/name: authentik strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/secret: 33bbfa6b27c433d2d2ee2d03db5b13ab0eb5a19c87496fc82077dfacba684a24 kubectl.kubernetes.io/restartedAt: '2026-03-25T21:08:04Z' labels: app.kubernetes.io/component: server app.kubernetes.io/instance: authentik app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: authentik app.kubernetes.io/part-of: authentik app.kubernetes.io/version: 2026.2.1 helm.sh/chart: authentik-2026.2.1 spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/component: server app.kubernetes.io/instance: authentik app.kubernetes.io/name: authentik topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - server env: - name: AUTHENTIK_LISTEN__HTTP value: 0.0.0.0:9000 - name: AUTHENTIK_LISTEN__HTTPS value: 0.0.0.0:9443 - name: AUTHENTIK_LISTEN__METRICS value: 0.0.0.0:9300 envFrom: - secretRef: name: authentik image: ghcr.io/goauthentik/server:2026.2.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /-/health/live/ port: http scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 name: server ports: - containerPort: 9000 name: http protocol: TCP - containerPort: 9443 name: https protocol: TCP - containerPort: 9300 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /-/health/ready/ port: http scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 resources: limits: cpu: 800m memory: 1Gi requests: cpu: 300m memory: 512Mi startupProbe: failureThreshold: 60 httpGet: path: /-/health/live/ port: http scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst enableServiceLinks: true restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 --- apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: '3' meta.helm.sh/release-name: authentik meta.helm.sh/release-namespace: authentik labels: app.kubernetes.io/component: worker app.kubernetes.io/instance: authentik app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: authentik app.kubernetes.io/part-of: authentik app.kubernetes.io/version: 2026.2.1 helm.sh/chart: authentik-2026.2.1 name: authentik-worker namespace: authentik spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 3 selector: matchLabels: app.kubernetes.io/component: worker app.kubernetes.io/instance: authentik app.kubernetes.io/name: authentik strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/secret: 33bbfa6b27c433d2d2ee2d03db5b13ab0eb5a19c87496fc82077dfacba684a24 labels: app.kubernetes.io/component: worker app.kubernetes.io/instance: authentik app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: authentik app.kubernetes.io/part-of: authentik app.kubernetes.io/version: 2026.2.1 helm.sh/chart: authentik-2026.2.1 spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/component: worker app.kubernetes.io/instance: authentik app.kubernetes.io/name: authentik topologyKey: kubernetes.io/hostname weight: 100 containers: - args: - worker env: - name: AUTHENTIK_LISTEN__HTTP value: 0.0.0.0:9000 - name: AUTHENTIK_LISTEN__METRICS value: 0.0.0.0:9300 envFrom: - secretRef: name: authentik image: ghcr.io/goauthentik/server:2026.2.1 imagePullPolicy: IfNotPresent livenessProbe: exec: command: - ak - healthcheck failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 name: worker ports: - containerPort: 9000 name: http protocol: TCP - containerPort: 9300 name: metrics protocol: TCP readinessProbe: exec: command: - ak - healthcheck failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 resources: limits: cpu: 500m memory: 512Mi requests: cpu: 200m memory: 256Mi startupProbe: exec: command: - ak - healthcheck failureThreshold: 60 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst enableServiceLinks: true restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: authentik serviceAccountName: authentik terminationGracePeriodSeconds: 30