New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: update kratos doc #514
Conversation
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true | ||
selfservice: | ||
default_browser_return_url: http://127.0.0.1:4455/ | ||
automigration: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Automigration is set to job by default, if we want to specify here which values have to be enabled, the we can shorten that to:
automigration:
enabled: true
However, this doesn't have to be enabled, as you can and sometimes might want to run the migrations manually
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's worth setting it to true to provide an example that would work without modification. Or else user would likely see database error in pod.
I would remove the other configs under automigration.
``` | ||
|
||
Next use it on `kratos.identitySchemas`: | ||
2. Encode json schema in base64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will verify this part myself, please don't remove yet :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let me know how it goes. I will update the doc accordingly
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi there, sorry it took so much time 😞. Anyway, the feature works as expected, with the following values.yaml snippet:
---
autoscaling:
enabled: false
kratos:
automigration:
enabled: true
customCommand:
- kratos
customArgs:
- "migrate"
- "sql"
- "-e"
- "--yes"
- "--config"
- "/etc/config/kratos.yaml"
identitySchemas:
"identity.default.schema.json": |-
{{ .Values.extraSchemas.foo }}
config:
# ciphers:
# algorithm: aes
dsn: "postgres://postgres:ory@postgresql.default.svc.cluster.local/ory?sslmode=disable&max_conn_lifetime=10s"
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
log:
level: debug
secrets:
default:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
- "OG5XbmxXa3dYeGplQXpQanYxeEFuRUFa"
- "foo bar 123 456 lorem"
- "foo bar 123 456 lorem 1"
- "foo bar 123 456 lorem 2"
- "foo bar 123 456 lorem 3"
hashers:
argon2:
parallelism: 1
memory: 128MB
iterations: 2
salt_length: 16
key_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
And installing it via:
helm install kratos ./helm/charts/kratos -f hacks/values/kratos.yaml --debug --atomic --set-file extraSchemas.foo=schema.json
The result is a configmap which holds the user specified schemas, taken from the file:
apiVersion: v1
data:
identity.default.schema.json: |2-
{
"$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
kratos.yaml: |
courier:
smtp: {}
hashers:
argon2:
iterations: 2
key_length: 16
memory: 128MB
parallelism: 1
salt_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
log:
level: debug
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
serve:
admin:
port: 4434
public:
port: 4433
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: kratos
meta.helm.sh/release-namespace: default
creationTimestamp: "2022-10-04T07:14:43Z"
labels:
app.kubernetes.io/instance: kratos
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kratos
app.kubernetes.io/version: v0.10.1
helm.sh/chart: kratos-0.25.4
name: kratos-config
namespace: default
resourceVersion: "887"
uid: aa79b558-3c4b-40d1-8ca3-74036d035bdb
We may improve the wording here to reflect that both kratos.identitySchemas
and kratos.config.identity.schemas
need to be set
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for checking. I could install following your instructions. I updated the doc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I has encountered this problem on k8s helm installation today, method mentioned by @agathanatasha is valid.👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do not remove the set-file
part, as it works but needs better wording :)
``` | ||
|
||
Next use it on `kratos.identitySchemas`: | ||
2. Encode json schema in base64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi there, sorry it took so much time 😞. Anyway, the feature works as expected, with the following values.yaml snippet:
---
autoscaling:
enabled: false
kratos:
automigration:
enabled: true
customCommand:
- kratos
customArgs:
- "migrate"
- "sql"
- "-e"
- "--yes"
- "--config"
- "/etc/config/kratos.yaml"
identitySchemas:
"identity.default.schema.json": |-
{{ .Values.extraSchemas.foo }}
config:
# ciphers:
# algorithm: aes
dsn: "postgres://postgres:ory@postgresql.default.svc.cluster.local/ory?sslmode=disable&max_conn_lifetime=10s"
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
log:
level: debug
secrets:
default:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
- "OG5XbmxXa3dYeGplQXpQanYxeEFuRUFa"
- "foo bar 123 456 lorem"
- "foo bar 123 456 lorem 1"
- "foo bar 123 456 lorem 2"
- "foo bar 123 456 lorem 3"
hashers:
argon2:
parallelism: 1
memory: 128MB
iterations: 2
salt_length: 16
key_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
And installing it via:
helm install kratos ./helm/charts/kratos -f hacks/values/kratos.yaml --debug --atomic --set-file extraSchemas.foo=schema.json
The result is a configmap which holds the user specified schemas, taken from the file:
apiVersion: v1
data:
identity.default.schema.json: |2-
{
"$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
kratos.yaml: |
courier:
smtp: {}
hashers:
argon2:
iterations: 2
key_length: 16
memory: 128MB
parallelism: 1
salt_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
log:
level: debug
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
serve:
admin:
port: 4434
public:
port: 4433
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: kratos
meta.helm.sh/release-namespace: default
creationTimestamp: "2022-10-04T07:14:43Z"
labels:
app.kubernetes.io/instance: kratos
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kratos
app.kubernetes.io/version: v0.10.1
helm.sh/chart: kratos-0.25.4
name: kratos-config
namespace: default
resourceVersion: "887"
uid: aa79b558-3c4b-40d1-8ca3-74036d035bdb
We may improve the wording here to reflect that both kratos.identitySchemas
and kratos.config.identity.schemas
need to be set
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job, thanks :)
This PR updates the kratos helm chart install documentation. The doc is updated with a complete
kratos-config.yaml
where users could install kratos without errors. I also updated the section on setting identity schemas, providing up to date options. I removed the--set-file
option from identity schema section as I can't reproduce it.Related Issue or Design Document
#449
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got green light (please contact security@ory.sh) from the maintainers to push the changes.
Further comments