diff --git a/charts/authentik/README.md b/charts/authentik/README.md
index 0bc848e..a4aaa67 100644
--- a/charts/authentik/README.md
+++ b/charts/authentik/README.md
@@ -108,6 +108,7 @@ The secret `authentik-postgres-credentials` must have `username` and `password`
 | authentik.email.use_ssl | bool | `false` | Enable either use_tls or use_ssl, they can't be enabled at the same time. |
 | authentik.email.use_tls | bool | `false` | Enable either use_tls or use_ssl, they can't be enabled at the same time. |
 | authentik.email.username | string | `""` | SMTP credentials, when left empty, no authentication will be done |
+| authentik.enabled | bool | `true` | whether to create the authentik configuration secret |
 | authentik.error_reporting.enabled | bool | `false` | This sends anonymous usage-data, stack traces on errors and performance data to sentry.beryju.org, and is fully opt-in |
 | authentik.error_reporting.environment | string | `"k8s"` | This is a string that is sent to sentry with your error reports |
 | authentik.error_reporting.send_pii | bool | `false` | Send PII (Personally identifiable information) data to sentry |
@@ -217,6 +218,7 @@ The secret `authentik-postgres-credentials` must have `username` and `password`
 | server.deploymentStrategy | object | `{}` (defaults to global.deploymentStrategy) | Deployment strategy to be added to the authentik server Deployment |
 | server.dnsConfig | object | `{}` | [DNS configuration] |
 | server.dnsPolicy | string | `""` | Alternative DNS policy for authentik server pods |
+| server.enabled | bool | `true` | whether to enable server resources |
 | server.env | list | `[]` (See [values.yaml]) | Environment variables to pass to the authentik server. Does not apply to GeoIP See configuration options at https://goauthentik.io/docs/installation/configuration/ |
 | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the authentik server. Does not apply to GeoIP |
 | server.extraContainers | list | `[]` | Additional containers to be added to the authentik server pod # Note: Supports use of custom Helm templates |
@@ -328,6 +330,7 @@ The secret `authentik-postgres-credentials` must have `username` and `password`
 | worker.deploymentStrategy | object | `{}` (defaults to global.deploymentStrategy) | Deployment strategy to be added to the authentik worker Deployment |
 | worker.dnsConfig | object | `{}` | [DNS configuration] |
 | worker.dnsPolicy | string | `""` | Alternative DNS policy for authentik worker pods |
+| worker.enabled | bool | `true` | whether to enable worker resources |
 | worker.env | list | `[]` (See [values.yaml]) | Environment variables to pass to the authentik worker. Does not apply to GeoIP See configuration options at https://goauthentik.io/docs/installation/configuration/ |
 | worker.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the authentik worker. Does not apply to GeoIP |
 | worker.extraContainers | list | `[]` | Additional containers to be added to the authentik worker pod # Note: Supports use of custom Helm templates |
diff --git a/charts/authentik/templates/secret.yaml b/charts/authentik/templates/secret.yaml
index 4475cb3..b93a287 100644
--- a/charts/authentik/templates/secret.yaml
+++ b/charts/authentik/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.authentik.enabled }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -15,3 +16,4 @@ data:
   GEOIPUPDATE_ACCOUNT_ID: {{ required "geoip account id required" .Values.geoip.accountId | b64enc | quote }}
   GEOIPUPDATE_LICENSE_KEY: {{ required "geoip license key required" .Values.geoip.licenseKey | b64enc | quote }}
   {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/server/deployment.yaml b/charts/authentik/templates/server/deployment.yaml
index ebaff20..6b17d8e 100644
--- a/charts/authentik/templates/server/deployment.yaml
+++ b/charts/authentik/templates/server/deployment.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -234,3 +235,4 @@ spec:
       {{- if .Values.server.dnsPolicy }}
       dnsPolicy: {{ .Values.server.dnsPolicy }}
       {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/server/hpa.yaml b/charts/authentik/templates/server/hpa.yaml
index f2b80a7..c201356 100644
--- a/charts/authentik/templates/server/hpa.yaml
+++ b/charts/authentik/templates/server/hpa.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.enabled }}
 {{- if .Values.server.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
@@ -43,3 +44,4 @@ spec:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/server/ingress.yaml b/charts/authentik/templates/server/ingress.yaml
index 582bcd6..c8d3d84 100644
--- a/charts/authentik/templates/server/ingress.yaml
+++ b/charts/authentik/templates/server/ingress.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.enabled }}
 {{- if .Values.server.ingress.enabled -}}
 {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
 {{- $paths := .Values.server.ingress.paths -}}
@@ -69,3 +70,4 @@ spec:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/server/metrics.yaml b/charts/authentik/templates/server/metrics.yaml
index 0ab9fa5..2952b60 100644
--- a/charts/authentik/templates/server/metrics.yaml
+++ b/charts/authentik/templates/server/metrics.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.enabled }}
 {{- if .Values.server.metrics.enabled }}
 apiVersion: v1
 kind: Service
@@ -32,3 +33,4 @@ spec:
   selector:
     {{- include "authentik.selectorLabels" (dict "context" . "component" .Values.server.name) | nindent 4 }}
 {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/server/pdb.yaml b/charts/authentik/templates/server/pdb.yaml
index 76a1881..bb945b4 100644
--- a/charts/authentik/templates/server/pdb.yaml
+++ b/charts/authentik/templates/server/pdb.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.enabled }}
 {{- if .Values.server.pdb.enabled }}
 apiVersion: policy/v1
 kind: PodDisruptionBudget
@@ -23,3 +24,4 @@ spec:
     matchLabels:
       {{- include "authentik.selectorLabels" (dict "context" . "component" .Values.server.name) | nindent 6 }}
 {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/server/service.yaml b/charts/authentik/templates/server/service.yaml
index de39b1e..670a5b0 100644
--- a/charts/authentik/templates/server/service.yaml
+++ b/charts/authentik/templates/server/service.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -67,3 +68,4 @@ spec:
   {{- with .Values.server.service.publishNotReadyAddresses }}
   publishNotReadyAddresses: {{ . }}
   {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/server/servicemonitor.yaml b/charts/authentik/templates/server/servicemonitor.yaml
index 5194715..91d2ad9 100644
--- a/charts/authentik/templates/server/servicemonitor.yaml
+++ b/charts/authentik/templates/server/servicemonitor.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.enabled }}
 {{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
@@ -48,3 +49,4 @@ spec:
     matchLabels:
       {{- include "authentik.selectorLabels" (dict "context" . "component" (printf "%s-metrics" .Values.server.name)) | nindent 6 }}
 {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/worker/deployment.yaml b/charts/authentik/templates/worker/deployment.yaml
index 3a41c23..b480780 100644
--- a/charts/authentik/templates/worker/deployment.yaml
+++ b/charts/authentik/templates/worker/deployment.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.worker.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -240,3 +241,4 @@ spec:
       {{- if .Values.worker.dnsPolicy }}
       dnsPolicy: {{ .Values.worker.dnsPolicy }}
       {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/worker/hpa.yaml b/charts/authentik/templates/worker/hpa.yaml
index c5fa273..7d36c37 100644
--- a/charts/authentik/templates/worker/hpa.yaml
+++ b/charts/authentik/templates/worker/hpa.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.worker.enabled }}
 {{- if .Values.worker.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
@@ -43,3 +44,4 @@ spec:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
+{{- end }}
diff --git a/charts/authentik/templates/worker/pdb.yaml b/charts/authentik/templates/worker/pdb.yaml
index b9ec5fb..21aa364 100644
--- a/charts/authentik/templates/worker/pdb.yaml
+++ b/charts/authentik/templates/worker/pdb.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.worker.enabled }}
 {{- if .Values.worker.pdb.enabled }}
 apiVersion: policy/v1
 kind: PodDisruptionBudget
@@ -23,3 +24,4 @@ spec:
     matchLabels:
       {{- include "authentik.selectorLabels" (dict "context" . "component" .Values.worker.name) | nindent 6 }}
 {{- end }}
+{{- end }}
diff --git a/charts/authentik/values.yaml b/charts/authentik/values.yaml
index 960730c..3e82f78 100644
--- a/charts/authentik/values.yaml
+++ b/charts/authentik/values.yaml
@@ -143,6 +143,8 @@ global:
 
 ## Authentik configuration
 authentik:
+  # -- whether to create the authentik configuration secret
+  enabled: true
   # -- Log level for server and worker
   log_level: info
   # -- Secret key used for cookie singing and unique user IDs,
@@ -219,6 +221,9 @@ blueprints:
 
 ## authentik server
 server:
+  # -- whether to enable server resources
+  enabled: true
+
   # -- authentik server name
   name: server
 
@@ -607,6 +612,9 @@ server:
 
 ## authentik worker
 worker:
+  # -- whether to enable worker resources
+  enabled: true
+
   # -- authentik worker name
   name: worker