authentik consists of a handful of components, most of which are required for a functioning setup.
The core sub-component handles most of authentik's logic, such as API requests, flow executions, any kind of SSO requests, etc.
/mediais used to store icons and such, but not required, and if not mounted, authentik will allow you to set a URL to icons in place of a file upload
This container executes background tasks, such as sending emails, the event notification system, and everything you can see on the System Tasks page in the frontend.
/certsis used for authentik to import external certs, which in most cases shouldn't be used for SAML, but rather if you use authentik without a reverse proxy, this can be used for example for the Let's Encrypt integration
/templatesis used for custom email templates, and as with the other ones fully optional
authentik uses PostgreSQL to store all of its configuration and other data (excluding uploaded files).
/var/lib/postgresql/datais used to store the PostgreSQL database
On Kubernetes, with the default Helm chart and using the packaged PostgreSQL sub-chart, persistent data is stored in a PVC.
authentik uses Redis as a message-queue and a cache. Data in Redis is not required to be persistent, however you should be aware that restarting Redis will cause the loss of all sessions.
/datais used to store the Redis data
On Kubernetes, with the default Helm chart and using the packaged Redis sub-chart, persistent data is stored in a PVC.