Skip to the content.

Ory Kratos Helm Chart

The Ory Kratos Helm Chart helps you deploy Ory Kratos on Kubernetes using Helm.

Installation

Add the helm repository

$ helm repo add ory https://k8s.ory.sh/helm/charts
$ helm repo update

To install Ory Kratos, the following values must be set (documentation):

You can create a values.yaml file to set the required values, like so:

kratos:
  config:
    dsn: postgres://foo:[email protected]:5432/db
    secrets:
      default:
        - dolore occaecat nostrud Ut
        - sit et commodoaute ut voluptate consectetur Duis
    identity:
      default_schema_id: default
      schemas:
        - id: default
          url: file:///etc/config/identity.default.schema.json
    courier:
      smtp:
        connection_uri: smtps://test:[email protected]:1025/?skip_ssl_verify=true
    selfservice:
      default_browser_return_url: http://127.0.0.1:4455/
  automigration:
    enabled: true
  identitySchemas:
    "identity.default.schema.json": |
      {
        "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
        "$schema": "http://json-schema.org/draft-07/schema#",
        "title": "Person",
        "type": "object",
        "properties": {
          "traits": {
            "type": "object",
            "properties": {
              "email": {
                "type": "string",
                "format": "email",
                "title": "E-Mail",
                "ory.sh/kratos": {
                  "credentials": {
                    "password": {
                      "identifier": true
                    }
                  },
                  "recovery": {
                    "via": "email"
                  },
                  "verification": {
                    "via": "email"
                  }
                }
              }
            },
            "required": [
              "email"
            ],
            "additionalProperties": false
          }
        }
      }

Install Ory Kratos by running this command:

$ helm install \
    ...
    -f values.yaml \
    ory/kratos

Ory Kratos Configuration

You can pass your Ory Kratos configuration file by creating a yaml file with key kratos.config

# kratos-config.yaml

kratos:
  config:
    # e.g.:
    log:
      level: trace
    # ...

and passing that as a value override to helm:

$ helm install -f ./path/to/kratos-config.yaml ory/kratos

Helm Chart Configuration

For the full list of chart values, please refer to the Ory Kratos Helm Chart README, or the values.yaml directly

Additionally, the following extra settings are available:

Custom Secrets

secret:
  # -- switch to false to prevent creating the secret
  enabled: false
  # -- Provide custom name of existing secret, or custom name of secret to be created
  nameOverride: "my-custom-secret"

Remember: In this case, you are responsible for supplying the required values, which need to be in the same format that the created secret uses. For more details please take a look here.

Identity Schemas

There are two options to provide identity schemas:

Note: You are free to name <schema-id> and <schema-name> whatever you want.

  1. Write json to kratos.identitySchemas:
kratos:
  identitySchemas:
    <schema-name>.schema.json: |-
      {
        "$id": "..."
      }
  config:
    identity:
      schemas:
        - id: <schema-id>
          # match the name of the identitySchema
          url: file:///etc/config/<schema-name>.schema.json
  1. Encode json schema in base64
kratos:
  config:
    identity:
      schemas:
        - id: <schema-id>
          url: base64://<base64-encoded-json>
  1. Pass file using --set-file Helm CLI argument:
# values.yaml
kratos:
  identitySchemas:
    <schema-name>.schema.json: |-
      
  config:
    identity:
      schemas:
        - id: <schema-id>
          # match the name of the identitySchema
          url: file:///etc/config/<schema-name>.schema.json

Install Kratos using the following command:

helm install kratos ory/kratos \
    -f values.yaml \
    --set-file <your-key>=/path/to/<your-file>.json

Upgrade

From 0.18.0

Since this version we support only kubernetes >= v1.18 for the ingress definition.

If you enabled ingresses you need to migrate values from:

ingress:
  public:
    hosts:
      - host: kratos.public.local.com
        paths: ["/"]
  admin:
    hosts:
      - host: kratos.admin.local.com
        paths: ["/"]

to

ingress:
  public:
    className: ""
    hosts:
      - host: kratos.public.local.com
        paths:
          - path: /
            pathType: ImplementationSpecific
  admin:
    className: ""
    hosts:
      - host: kratos.admin.local.com
        paths:
          - path: /
            pathType: ImplementationSpecific

where changes are on: