ORY Keto Helm Chart

The ORY Keto Helm Chart helps you deploy ORY Keto on Kubernetes using Helm.

Installation

Add the helm repository

$ helm repo add ory https://k8s.ory.sh/helm/charts
$ helm repo update

To install ORY Keto, the following values must be set (documentation):

If you wish to install ORY Keto with an in-memory database run:

$ helm install \
    --set 'keto.config.dsn=memory' \
    ory/keto

With SQL Database

To run ORY Keto against a SQL database, set the connection string. For example:

$ helm install \
    ...
    --set 'dsn=postgres://foo:bar@baz:1234/db' \
    ory/keto

This chart does not require MySQL, PostgreSQL, or CockroachDB as dependencies because we strongly encourage you not to run a database in Kubernetes but instead recommend to rely on a managed SQL database such as Google Cloud SQL or AWS Aurora.

With Google Cloud SQL

To connect to Google Cloud SQL, you could use the gcloud-sqlproxy chart:

$ helm upgrade pg-sqlproxy rimusz/gcloud-sqlproxy --namespace sqlproxy \
    --set 'serviceAccountKey="$(cat service-account.json | base64 | tr -d '\n')"' \
    ...

When bringing up ORY Keto, set the host to pg-sqlproxy-gcloud-sqlproxy as documented here:

$ helm install \
    ...
    --set 'dsn=postgres://foo:bar@pg-sqlproxy-gcloud-sqlproxy:5432/db' \
    ory/keto

Set up DSN variable on runtime

If you use need to construct DSN environment variable on the fly, you can leave keto.config.dsn empty and provide custom DSN variable via extraEnv, e.g.:

Note: extraEnvs are defined separatly for individual objects (deployments, statefulsets, jobs etc), and therefore you need to define the env for all objects using it. Please refer to kratos values as an example

deployment:
  extraEnv:
    - name: DSN
      valueFrom:
        secretKeyRef:
          name: keto-dsn-secret
          key: dsn

Configuration

You can pass your ORY Keto configuration file by creating a yaml file with key keto.config

# keto-config.yaml
keto:
  config:
    # e.g.:
    serve:
      port: 8080
    # ...

and passing that as a value override to helm:

$ helm install -f ./path/to/keto-config.yaml ory/keto

Additionally, the following extra settings are available:

Upgrade

From 0.18.0

Since this version we support only kubernetes >= v1.18 for the ingress definition.

If you enabled ingresses you need to migrate values from:

ingress:
  read:
    hosts:
      - host: chart-example.local
        paths: ["/read"]
  write:
    hosts:
      - host: chart-example.local
        paths: ["/write"]

to

ingress:
  read:
    className: ""
    hosts:
      - host: chart-example.local
        paths:
          - path: /read
            pathType: Prefix
  write:
    className: ""
    hosts:
      - host: chart-example.local
        paths:
          - path: /write
            pathType: Prefix

where changes are on: