k8s
k8s copied to clipboard
Published
20 hours ago •
ory
ory
Lacking documentation for installing kratos helm chart
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [ ] I have joined the Ory Community Slack.
- [X] I am signed up to the Ory Security Patch Newsletter.
Describe the bug
The documentation for the Kratos helm chart on https://k8s.ory.sh/helm/kratos.html does not mention that the following config keys are required to be set for kratos to even start
selfservice.default_browser_return_urlcourier.smtp.connection_uriidentity.schemas
Also the courier pod won't start because the key smtpConnectionURI is not present in the kratos secret made by the chart
Reproducing the bug
Follow the documentation on the website to install the helm chart for kratos which will lead you to a command that looks like this
helm install --set kratos.config.secrets.default={supersecretawesometest} --set kratos.config.dsn=memory --create-namespace --namespace ory kratos ory/kratos
Relevant log output
`kubectl logs kratos-684b87485-mfwfb`
The configuration contains values or keys which are invalid:
The configuration contains values or keys which are invalid:
courier.smtp.connection_uri: <nil>
^-- one or more required properties are missing
The configuration contains values or keys which are invalid:
selfservice.default_browser_return_url: <nil>
^-- one or more required properties are missing
The configuration contains values or keys which are invalid:
identity.schemas: <nil>
^-- one or more required properties are missing
time=2022-06-28T20:57:39Z level=fatal msg=Unable to instantiate configuration. audience=application error=map[message:I[#] S[#] validation failed
I[#/courier/smtp] S[#/properties/courier/properties/smtp/required] missing properties: "connection_uri"
I[#/selfservice] S[#/properties/selfservice/required] missing properties: "default_browser_return_url"
I[#/identity] S[#/properties/identity/required] missing properties: "schemas"] service_name=Ory Kratos service_version=v0.9.0-alpha.2
`kubectl describe pod kratos-courier-0`
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 28m default-scheduler Successfully assigned ory/kratos-courier-0 to <redacted>
Normal Pulling 28m kubelet Pulling image "oryd/kratos:v0.9.0-alpha.2"
Normal Pulled 28m kubelet Successfully pulled image "oryd/kratos:v0.9.0-alpha.2" in 4.828346305s
Warning Failed 26m (x12 over 28m) kubelet Error: couldn't find key smtpConnectionURI in Secret ory/kratos
Normal Pulled 3m34s (x116 over 28m) kubelet Container image "oryd/kratos:v0.9.0-alpha.2" already present on machine
Relevant configuration
No response
Version
v0.23.2
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes with Helm
Additional Context
No response
I got the following working (at least running without panic on startup). Not sure how to get the pod to access the identity.schema.json by passing it in as a helm value, so I decided to use the base64 encode option, passing in the encoded demo values.
# kratos.yml
kratos:
config:
dsn: memory
serve:
public:
base_url: http://127.0.0.1:4433/
cors:
enabled: true
admin:
base_url: http://kratos:4434/
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
secrets:
cookie:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
cipher:
- 32-LONG-SECRET-NOT-SECURE-AT-ALL
identity:
schemas:
- id: user
url: base64://ewogICIkaWQiOiAiaHR0cHM6Ly9zY2hlbWFzLm9yeS5zaC9wcmVzZXRzL2tyYXRvcy9xdWlja3N0YXJ0L2VtYWlsLXBhc3N3b3JkL2lkZW50aXR5LnNjaGVtYS5qc29uIiwKICAiJHNjaGVtYSI6ICJodHRwOi8vanNvbi1zY2hlbWEub3JnL2RyYWZ0LTA3L3NjaGVtYSMiLAogICJ0aXRsZSI6ICJQZXJzb24iLAogICJ0eXBlIjogIm9iamVjdCIsCiAgInByb3BlcnRpZXMiOiB7CiAgICAidHJhaXRzIjogewogICAgICAidHlwZSI6ICJvYmplY3QiLAogICAgICAicHJvcGVydGllcyI6IHsKICAgICAgICAiZW1haWwiOiB7CiAgICAgICAgICAidHlwZSI6ICJzdHJpbmciLAogICAgICAgICAgImZvcm1hdCI6ICJlbWFpbCIsCiAgICAgICAgICAidGl0bGUiOiAiRS1NYWlsIiwKICAgICAgICAgICJtaW5MZW5ndGgiOiAzLAogICAgICAgICAgIm9yeS5zaC9rcmF0b3MiOiB7CiAgICAgICAgICAgICJjcmVkZW50aWFscyI6IHsKICAgICAgICAgICAgICAicGFzc3dvcmQiOiB7CiAgICAgICAgICAgICAgICAiaWRlbnRpZmllciI6IHRydWUKICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJ2ZXJpZmljYXRpb24iOiB7CiAgICAgICAgICAgICAgInZpYSI6ICJlbWFpbCIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInJlY292ZXJ5IjogewogICAgICAgICAgICAgICJ2aWEiOiAiZW1haWwiCiAgICAgICAgICAgIH0KICAgICAgICAgIH0KICAgICAgICB9LAogICAgICAgICJuYW1lIjogewogICAgICAgICAgInR5cGUiOiAib2JqZWN0IiwKICAgICAgICAgICJwcm9wZXJ0aWVzIjogewogICAgICAgICAgICAiZmlyc3QiOiB7CiAgICAgICAgICAgICAgInRpdGxlIjogIkZpcnN0IE5hbWUiLAogICAgICAgICAgICAgICJ0eXBlIjogInN0cmluZyIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgImxhc3QiOiB7CiAgICAgICAgICAgICAgInRpdGxlIjogIkxhc3QgTmFtZSIsCiAgICAgICAgICAgICAgInR5cGUiOiAic3RyaW5nIgogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgfQogICAgICB9LAogICAgICAicmVxdWlyZWQiOiBbCiAgICAgICAgImVtYWlsIgogICAgICBdLAogICAgICAiYWRkaXRpb25hbFByb3BlcnRpZXMiOiBmYWxzZQogICAgfQogIH0KfQoK
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
And install with helm with terraform:
resource "helm_release" "kratos" {
repository = "https://k8s.ory.sh/helm/charts"
chart = "kratos"
timeout = var.helm_release_timeout
version = "v0.23.3"
name = "kratos"
namespace = var.k8s_namespace
values = [
file("${path.module}/kratos.yml"),
# Uncomment below if you know what to replace the base64 encoded identity.schema.json file with
# yamlencode({
# kratos = {
# identitySchemas = {
# "identity.schema.json" = file("${path.module}/identity.schema.json")
# }
# }
# })
]
}
Closing as #514 was merged :) If some areas are still not within the docs please reopen the issue
