docs: update kratos doc #514
Conversation
agathanatasha
requested review from
Demonsthere and
piotrmsc
as code owners
|
|
| connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true | ||
| selfservice: | ||
| default_browser_return_url: http://127.0.0.1:4455/ | ||
| automigration: |
There was a problem hiding this comment.
Automigration is set to job by default, if we want to specify here which values have to be enabled, the we can shorten that to:
automigration:
enabled: trueHowever, this doesn't have to be enabled, as you can and sometimes might want to run the migrations manually
There was a problem hiding this comment.
I think it's worth setting it to true to provide an example that would work without modification. Or else user would likely see database error in pod.
I would remove the other configs under automigration.
| ``` | ||
|
|
||
| Next use it on `kratos.identitySchemas`: | ||
| 2. Encode json schema in base64 |
There was a problem hiding this comment.
I will verify this part myself, please don't remove yet :)
There was a problem hiding this comment.
let me know how it goes. I will update the doc accordingly
There was a problem hiding this comment.
Hi there, sorry it took so much time 😞. Anyway, the feature works as expected, with the following values.yaml snippet:
---
autoscaling:
enabled: false
kratos:
automigration:
enabled: true
customCommand:
- kratos
customArgs:
- "migrate"
- "sql"
- "-e"
- "--yes"
- "--config"
- "/etc/config/kratos.yaml"
identitySchemas:
"identity.default.schema.json": |-
{{ .Values.extraSchemas.foo }}
config:
# ciphers:
# algorithm: aes
dsn: "postgres://postgres:ory@postgresql.default.svc.cluster.local/ory?sslmode=disable&max_conn_lifetime=10s"
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
log:
level: debug
secrets:
default:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
- "OG5XbmxXa3dYeGplQXpQanYxeEFuRUFa"
- "foo bar 123 456 lorem"
- "foo bar 123 456 lorem 1"
- "foo bar 123 456 lorem 2"
- "foo bar 123 456 lorem 3"
hashers:
argon2:
parallelism: 1
memory: 128MB
iterations: 2
salt_length: 16
key_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=trueAnd installing it via:
helm install kratos ./helm/charts/kratos -f hacks/values/kratos.yaml --debug --atomic --set-file extraSchemas.foo=schema.jsonThe result is a configmap which holds the user specified schemas, taken from the file:
apiVersion: v1
data:
identity.default.schema.json: |2-
{
"$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
kratos.yaml: |
courier:
smtp: {}
hashers:
argon2:
iterations: 2
key_length: 16
memory: 128MB
parallelism: 1
salt_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
log:
level: debug
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
serve:
admin:
port: 4434
public:
port: 4433
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: kratos
meta.helm.sh/release-namespace: default
creationTimestamp: "2022-10-04T07:14:43Z"
labels:
app.kubernetes.io/instance: kratos
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kratos
app.kubernetes.io/version: v0.10.1
helm.sh/chart: kratos-0.25.4
name: kratos-config
namespace: default
resourceVersion: "887"
uid: aa79b558-3c4b-40d1-8ca3-74036d035bdbWe may improve the wording here to reflect that both kratos.identitySchemas and kratos.config.identity.schemas need to be set
There was a problem hiding this comment.
Thanks for checking. I could install following your instructions. I updated the doc
There was a problem hiding this comment.
I has encountered this problem on k8s helm installation today, method mentioned by @agathanatasha is valid.👍
| ``` | ||
|
|
||
| Next use it on `kratos.identitySchemas`: | ||
| 2. Encode json schema in base64 |
There was a problem hiding this comment.
Hi there, sorry it took so much time 😞. Anyway, the feature works as expected, with the following values.yaml snippet:
---
autoscaling:
enabled: false
kratos:
automigration:
enabled: true
customCommand:
- kratos
customArgs:
- "migrate"
- "sql"
- "-e"
- "--yes"
- "--config"
- "/etc/config/kratos.yaml"
identitySchemas:
"identity.default.schema.json": |-
{{ .Values.extraSchemas.foo }}
config:
# ciphers:
# algorithm: aes
dsn: "postgres://postgres:ory@postgresql.default.svc.cluster.local/ory?sslmode=disable&max_conn_lifetime=10s"
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
log:
level: debug
secrets:
default:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
- "OG5XbmxXa3dYeGplQXpQanYxeEFuRUFa"
- "foo bar 123 456 lorem"
- "foo bar 123 456 lorem 1"
- "foo bar 123 456 lorem 2"
- "foo bar 123 456 lorem 3"
hashers:
argon2:
parallelism: 1
memory: 128MB
iterations: 2
salt_length: 16
key_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=trueAnd installing it via:
helm install kratos ./helm/charts/kratos -f hacks/values/kratos.yaml --debug --atomic --set-file extraSchemas.foo=schema.jsonThe result is a configmap which holds the user specified schemas, taken from the file:
apiVersion: v1
data:
identity.default.schema.json: |2-
{
"$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
kratos.yaml: |
courier:
smtp: {}
hashers:
argon2:
iterations: 2
key_length: 16
memory: 128MB
parallelism: 1
salt_length: 16
identity:
default_schema_id: default
schemas:
- id: default
url: file:///etc/config/identity.default.schema.json
log:
level: debug
selfservice:
default_browser_return_url: http://127.0.0.1:4455/
methods:
password:
enabled: true
serve:
admin:
port: 4434
public:
port: 4433
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: kratos
meta.helm.sh/release-namespace: default
creationTimestamp: "2022-10-04T07:14:43Z"
labels:
app.kubernetes.io/instance: kratos
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kratos
app.kubernetes.io/version: v0.10.1
helm.sh/chart: kratos-0.25.4
name: kratos-config
namespace: default
resourceVersion: "887"
uid: aa79b558-3c4b-40d1-8ca3-74036d035bdbWe may improve the wording here to reflect that both kratos.identitySchemas and kratos.config.identity.schemas need to be set
agathanatasha
requested review from
Demonsthere
and removed request for
piotrmsc
This PR updates the kratos helm chart install documentation. The doc is updated with a complete
kratos-config.yamlwhere users could install kratos without errors. I also updated the section on setting identity schemas, providing up to date options. I removed the--set-fileoption from identity schema section as I can't reproduce it.Related Issue or Design Document
#449
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got green light (please contact security@ory.sh) from the maintainers to push the changes.
Further comments