Akeyless Gateway on K8s


Please review the Akeyless GW prerequisites for a list of needed prerequisites.

Please ensure that the following prerequisites are met:

1.Kubectl Installed.

2.Helm Installed.

3.Kubernetes metrics server installed on your cluster


Akeyless GW can be deployed using Helm. This chart bootstraps Akeyless GW deployment on a K8s cluster using the Helm package manager. This chart has been tested to work with NGINX Ingress and cert-manager.

More Information can be found at: https://github.com/akeylesslabs/helm-charts/tree/main/charts/akeyless-api-gateway

Deploy Akeyless GW via Helm

Add the following repository to your Helm repository list:

helm repo add akeyless https://akeylesslabs.github.io/helm-charts
helm repo update
helm show values akeyless/akeyless-api-gateway


The following information must be provided:

  • Admin Access ID.

  • Admin Access Key or Admin Password in case you are using email authentication.

  • Cluster name (default value is: “defaultCluster”).

  • Encryption key name that will be used to encrypt configuration (if not provided default account key will be used).

  • Customer Fragments - In case you are working with Zero Knowledge



Make sure your GW authentication method has the right access permissions using a dedicated access role.

Helm Chart

Edit the values.yaml file locally:




Akeyless Access ID (can used as email address)


Akeyless Access Key


Akeyless Access Password (should be used only when akeylessUserAuth.adminAccessId is email)


Akeyless Gateway cluster name


Akeyless Protection key name


Akeyless Gateway customer fragment


List of allowed Access ID's to enable multiple users to be able to login and manage Akeyless GW.

Default is set to none- i.e. 1 admin user.

Note: While using a shared Authentication method, please make sure to provide the relevant sub claims as well.


Unique display name to be shown inside Akeyless gateways monitor screen.

To add your own Fragment please insert this to the values.yaml file

# Customer Fragment is a critical component that allow customers to use a Zero-Knowledge Encryption.
# For more information: https://akeyless.readme.io/docs/implement-zero-trust
customerFragments: |
      "customer_fragments": [
              "id": "cf-xxxxxxxxxxxxx",
              "value": "xxxxxxxxxxxxxxxxxxxxxx"

Deploy the Akeyless Gateway

Deploy the Helm chart.

helm install <RELEASE_NAME>  akeyless/akeyless-api-gateway -f values.yaml 

Validate the Akeyless Gateway

Once your pods are up and running you verify the deployment:

kubectl logs <Your Pod name>

Access the Akeyless Gateway

On your browser: http:// Your server IP:8000


Configure TLS

Please configure TLS on your first login which can be found on the General menu.

Login using your Akeyless admin credentials and start configuring the Akeyless Gateway.

Did this page help you?