ory-community #talk-kratos

Channels

announcements

ask-gpt

general

thankful-secretary-66849

04/03/2022, 5:29 PM

has anyone used aws ses as email service for kratos. mine doesn't seem to work and not sure why. my kratos is running locally on my m1 mac not in docker. and the config i have is this

Copy code

courier:
  smtp:
    connection_uri: <smtps://AKI>..username:REDACTED@email-smtp.us-east-1.amazonaws.com:587/
    from_address: <mailto:no-reply@my-domain.com|no-reply@my-domain.com>
    from_name: MyName

thousands-church-11419

04/01/2022, 3:57 PM

hmm, looks like I found a bug, seems like the

after_registration

password webhook can’t work, because it requires that
- session
come before
- web_hook
but

session

returns an error to prevent a cookie from being created cc:@User since git blames you 😛 EDIT: No I’m just tired, it does work but the session returning an error for flow control thing is real

millions-van-11508

04/01/2022, 6:19 AM

In a perfect world, I'd be able to use Kratos for social sign-in with the following features: 1. Trivial linking of multiple social logins 2. Able to link social logins that use different emails a. e.g. github with abc@gmail.com and google with xyz@gmail.com linked to the same Kratos identity 3. Able to have different identities for different social logins with the same email a. e.g. github with abc@gmail.com and google with abc@gmail.com linked to different Kratos identities 4. Able to link social logins of the same site with different emails a. e.g. github with abc@gmail.com and github with xyz@gmail.com linked to the same Kratos identity 5. Able to link already-registered social logins a. Implies being able to merge existing Kratos identities 6. Able to register with a social login without reading user email at all Can someone from Ory chime in on how realistically I can achieve each of these with Kratos now or in the foreseeable future?

➕ 1

quiet-intern-84955

03/31/2022, 5:27 PM

Anyone used Ory Kratos in a browser extension?

numerous-address-95894

03/31/2022, 6:45 AM

Hi Guys Actually I want to connect the Kratos to Identity platform of Google Cloud Platform as a identity provider. For that I need the issuer Url So how can I get the issuer url for OIDC in ory Kratos? And please provide some suggestion if any other configuration need to be changed. Thanks in advance

purple-apple-47041

03/30/2022, 6:35 PM

What is the expected response time of the whoami lookup? I understand this varies based on the infrastructure but I was wondering what speeds others were experiencing. Our api and database is very fast computing complex queries in under 100ms, but our whoami lookup can take upwards of 250ms. Additionally with Hydra we experience a lot of latency in the oauth flow. Does anyone else experience this? If not what infrastructure do you use when self hosting? We have been thinking about moving to kratos managed, but hydra is not supported just yet so we need to continue to self host that in the meantime regardless. Any help or input would be appreciated

orange-lock-46074

03/30/2022, 10:48 AM

Hi, is ther any documentation about how to generate a client from kratos schema? I can see that there are a few schema files in the repo, I assume that I should generate a client for

openapi.json

in that directory, is that correct? Is there any difference compared to

api.openapi.json

? - how do I know which I should use? This is the files in the repo where I am looking: https://github.com/ory/kratos/tree/master/.schema

high-optician-2097

03/29/2022, 5:45 PM

unfortunately not, it would be very difficult to index that at scale in JSON 😕

orange-lock-46074

03/28/2022, 11:50 AM

Hi, I try to setup Kratos but I struggle with the DSN for the database connection. I get this error log message:

Copy code

level=fatal msg=dsn must be set audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.3

but it is hard for me to see what I should adjust to make it work. If I copy-paste those values and add them to the dsn, it just result in the same error message. I don't find any documentation about those

audience=application

values in the DSN, any suggestions?

rapid-dawn-63448

03/28/2022, 10:50 AM

Hello, How can I change the label “ID” on the login page (kratos-self-servise-ui) In docs I do not found

cold-evening-80162

03/28/2022, 9:50 AM

Hey, I would like to ask if there is a possibility to disable sending a Mail if an account access is attempted (eg. Email not known to kratos on password-reset)

flat-rose-25983

03/28/2022, 8:01 AM

Hey folks , How I do check if the user clicked on expired verification link ?

swift-chef-97535

03/27/2022, 1:41 PM

Hey @User we are looking for advice on addressing Schrem 2. The best way to add features such as data encryption is to open an issue in GitHub. That way we can track it. And yes we plan to provide engineering frameworks for Schrem, Gdpr and Hippa for instance.

🙌 1

ripe-alarm-21163

03/26/2022, 7:27 PM

After upgrading

kratos to 0.9

, sending emails doesn't work on local mail server (

mailhog

mailslurper

) in docker. Is anyone having similar problem? it worked in

0.8

for me. logs say that it sent the mail but i don't receive anything. docker-compose:

# --------------------------------------------------------------------------------

mailhog:

image: mailhog/mailhog:latest

ports:

- "8025:8025"

- "1025:1025"

networks:

- intranet

# --------------------------------------------------------------------------------

mailslurper:

image: oryd/mailslurper:smtps-latest

ports:

- "4436:4436"

- "4437:4437"

- "1025:1025"

networks:

- intranet

# --------------------------------------------------------------------------------

i tried many things for `connection_uri`:

<smtp://mailhog:1025?disable_starttls=true&skip_ssl_verify=true>

<smtp://test:test@mailhog:1025?disable_starttls=true>

<smtp://mailslurper:1025?disable_starttls=true&skip_ssl_verify=true>

<smtp://test:test@mailslurper:1025?disable_starttls=true>

👍 1

proud-controller-61667

03/25/2022, 12:43 PM

Hey everone, I'm trying to add some sort of asynchronous validation on the self-service registration (basically, querying an API to check if the email can actually register). It seems that the "after registration hook" happens after persist. Is there a way to configure it as a prepersist hook?

quiet-autumn-46792

03/25/2022, 9:17 AM

Hi Guys I am using this admin-ui projec https://github.com/dfoxg/kratos-admin-ui But when I try to send request I get CORS issues

Access to XMLHttpRequest at '<https://account.freshes.ca/admin/identities>' from origin '<https://client.freshes.ca>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I am using ory/kratos-client and I am using cloud kratos.

high-policeman-20247

03/24/2022, 10:23 PM

does anyone have working helm charts for ory kratos with the standalone ui? i've been trying to run it through kubernetes and having issues

jolly-tiger-57705

03/24/2022, 5:26 PM

Would Kratos support something like a multi-tenant environment? User logs in, gets asked to which env he's giving access. Token would have to contain additional claim with the env_id or maybe introspection could check it.

icy-scooter-69472

03/24/2022, 3:36 PM

Hey all - first off, so impressed with Ory, especially love the Software Architecture and Philosophy document - so good. We are looking really closely at Kratos. but we've hit 2 questions i'm having trouble finding an answer to, as we build out this POC. They are: 1. Is there a way to store and keep up to date access tokens, not just the initial one? 2. When a refresh token expired and the user then logs in again, the provider will issue a new refresh token, is this then automatically stored in Kratos?

cold-evening-80162

03/24/2022, 1:14 PM

Hi, I would like to configure a web hook after successfull registration but before the indentity is saved in the database. I found this

_After registration:_ is executed when a registration was successful:

◦

_Before persisting:_ runs before the identity is saved in the database.

◦

_After persisting:_ runs after the identity was saved in the database.

in documentation but there is no example on how to configure this correctly in kratos.yml file.

sticky-guitar-94474

03/24/2022, 11:52 AM

Hi @ #kratos I am facing the following issues when trying to trigger any flow after getting the flow ID Using SelfService UI Node installed it via Helm Chart

Copy code

{
  "message": "read ECONNRESET",
  "name": "Error",
  "stack": "Error: read ECONNRESET\n    at TCP.onStreamRead (node:internal/stream_base_commons:211:20)",
  "config": {
    "url": "<http://kratos-public.orydemo.svc.cluster.local:4433/self-service/login/flows?id=45788f28-d2c9-425d-94e0-141e2e699ad6>",
    "method": "get",
    "headers": {
      "Accept": "application/json, text/plain, */*",
      "User-Agent": "axios/0.21.4"
    },
    "transformRequest": [
      null
    ],
    "transformResponse": [
      null
    ],
    "timeout": 0,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "maxBodyLength": -1,
    "transitional": {
      "silentJSONParsing": true,
      "forcedJSONParsing": true,
      "clarifyTimeoutError": false
    }
  },
  "code": "ECONNRESET"
}

Accessed the Uinode’s shell and tried wget to the kratos-public service with flow id Which throws the following error

error getting response: Connection reset by peer

Some times facing 403 Forbidden While the same call to public API is succeeding i.e

<https://kratos-api-public-dev.abcgoogle.com/self-service/login/flows?id=49d265f4-795f-48e0-bb1e-5296e4da57a1>

Has anyone faced the same issue?

cuddly-father-90762

03/23/2022, 8:39 PM

Is it fair to say that, with current version of kratos, to enforce captcha would require intercepting calls to kratos by another service?

orange-boots-71535

03/23/2022, 7:55 PM

Hey 👋 everyone. We’re trying to build an SSO auth system right now and we’re looking at basing it all on Kratos. However, we have a GraphQL/Prisma backend, and we need some way to validate the session token from the API side (at least as I understand it). Is there any route we can call in the Kratos HTTP API to verify the token passed from the browser? I’m not fully understanding how this part is expected to work https://www.ory.sh/docs/kratos/reference/api#operation/toSession. Right now we run everything on JWT authorization tokens that we can verify server-side, so I’m not sure how the communication between our server/API and the Kratos service/API is supposed to happen. We would appreciate any help we can get! CC’ing @User

brash-iron-23043

03/23/2022, 2:38 PM

Is it possible to log the user in after verification, like with the session hook in password?

narrow-kitchen-3944

03/23/2022, 8:10 AM

Hey guys! I am fairly new to Kratos so bare with me 🙂 I've tried looking thru the issues on Github, docs, and also looked thru this chat for answers, but I can't seem to wrap my head around how to solve my issue. So, I run Kratos in my AKS, installed with helm chart and using image tag: v0.9.0-alpha.2 and testing it with kratos-selfservice-ui-react-nextjs locally. Register & login works perfect, but as soon as I add Microsoft OIDC I run into problems when I try to "Sign in with Microsoft". Error in the UI:

Copy code

{
  "id": "4f4d6d4f-2a2e-4a5a-8b48-c99e3ffdc77a",
  "error": {
    "code": 400,
    "debug": "key ory_kratos_oidc_auth_code_session does not exist in cookie: ory_kratos_continuity\<http://ngithub.com/ory/kratos/x.SessionGetString.func1\n\t/project/x/cookie.go:27\ngithub.com/ory/kratos/x.SessionGetString\n\t/project/x/cookie.go:46\ngithub.com/ory/kratos/continuity.(*ManagerCookie).sid\n\t/project/continuity/manager_cookie.go:97\ngithub.com/ory/kratos/continuity.(*ManagerCookie).container\n\t/project/continuity/manager_cookie.go:109\ngithub.com/ory/kratos/continuity.(*ManagerCookie).Continue\n\t/project/continuity/manager_cookie.go:64\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).validateCallback\n\t/project/selfservice/strategy/oidc/strategy.go:254\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleCallback\n\t/project/selfservice/strategy/oidc/strategy.go:298\ngithub.com/ory/kratos/selfservice/strategy.disabledWriter\n\t/project/selfservice/strategy/handler.go:25\ngithub.com/ory/kratos/selfservice/strategy.IsDisabled.func1\n\t/project/selfservice/strategy/handler.go:30\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:18\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:18\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:387\ngithub.com/ory/nosurf.(*CSRFHandler).handleSuccess\n\t/go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:234\ngithub.com/ory/nosurf.(*CSRFHandler).ServeHTTP\n\t/go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:191\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/kratos/x.glob..func1\n\t/project/x/clean_url.go:12\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:198\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:101\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:68\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:76\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerRequestSize.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:165\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/ory/x/prometheusx.Metrics.instrumentHandlerStatusBucket.func1\n\t/go/pkg/mod/github.com/ory/x@v0.0.358/prometheusx/metrics.go:108|ngithub.com/ory/kratos/x.SessionGetString.func1\n\t/project/x/cookie.go:27\ngithub.com/ory/kratos/x.SessionGetString\n\t/project/x/cookie.go:46\ngithub.com/ory/kratos/continuity.(*ManagerCookie).sid\n\t/project/continuity/manager_cookie.go:97\ngithub.com/ory/kratos/continuity.(*ManagerCookie).container\n\t/project/continuity/manager_cookie.go:109\ngithub.com/ory/kratos/continuity.(*ManagerCookie).Continue\n\t/project/continuity/manager_cookie.go:64\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).validateCallback\n\t/project/selfservice/strategy/oidc/strategy.go:254\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleCallback\n\t/project/selfservice/strategy/oidc/strategy.go:298\ngithub.com/ory/kratos/selfservice/strategy.disabledWriter\n\t/project/selfservice/strategy/handler.go:25\ngithub.com/ory/kratos/selfservice/strategy.IsDisabled.func1\n\t/project/selfservice/strategy/handler.go:30\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:18\ngithub.com/ory/kratos/x.NoCacheHandle.func1\n\t/project/x/nocache.go:18\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:387\ngithub.com/ory/nosurf.(*CSRFHandler).handleSuccess\n\t/go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:234\ngithub.com/ory/nosurf.(*CSRFHandler).ServeHTTP\n\t/go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:191\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/kratos/x.glob..func1\n\t/project/x/clean_url.go:12\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:198\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:101\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:68\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:76\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerRequestSize.func1\n\t/go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:165\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2047\ngithub.com/ory/x/prometheusx.Metrics.instrumentHandlerStatusBucket.func1\n\t/go/pkg/mod/github.com/ory/x@v0.0.358/prometheusx/metrics.go:108>",
    "reason": "The browser does not contain the neccesary cookie to resume the session. This is a security violation and was thus blocked. Please clear your browser's cookies and cache and try again!",
    "status": "Bad Request",
    "message": "no resumable session found"
  },
  "created_at": "2022-03-23T07:37:14.567199Z",
  "updated_at": "2022-03-23T07:37:14.567199Z"
}

helm install kratos -f values.yaml ory/kratos values.yaml

Copy code

kratos:
  autoMigrate: true

  identitySchemas:
    "identity.default.schema.json": |
      {
        "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",
        "$schema": "<http://json-schema.org/draft-07/schema#>",
        "title": "Person",
        "type": "object",
        "properties": {
          "traits": {
            "type": "object",
            "properties": {
              "email": {
                "type": "string",
                "format": "email",
                "title": "E-Mail",
                "minLength": 3,
                "<http://ory.sh/kratos|ory.sh/kratos>": {
                  "credentials": {
                    "password": {
                      "identifier": true
                    },
                    "totp": {
                      "account_name": true
                    }
                  },
                  "verification": {
                    "via": "email"
                  },
                  "recovery": {
                    "via": "email"
                  }
                }
              },
              "name": {
                "type": "object",
                "properties": {
                  "first": {
                    "title": "First Name",
                    "type": "string"
                  },
                  "last": {
                    "title": "Last Name",
                    "type": "string"
                  }
                }
              },
              "role": {
                "title": "Role",
                "type": "string",
                "default": "user",
                "enum": ["user", "admin"]
              },
              "group": {
                "title": "Group",
                "type":"array",
                "items": {
                  "type": "string"
                }
              }
            },
            "required": [
              "email"
            ],
            "additionalProperties": true
          }
        }
      }
  config:
    version: v0.9.0-alpha.2

    serve:
      public:
        base_url: <https://kratos.mydomain.com>
        cors:
          enabled: true

    dsn: <postgres://hidden>

    courier:
      smtp:
        connection_uri: <smtps://hidden>

    identity:
      default_schema_id: default
      schemas:
        - id: default
          url: file:///etc/config/identity.default.schema.json
    
    log:
      level: debug
      format: text
      leak_sensitive_values: true

    selfservice:
      default_browser_return_url: <http://localhost:3000/>
      allowed_return_urls:
        - <http://localhost:3000>
      
      methods:
        oidc:
          enabled: true
          config:
            providers:
              - id: microsoft # this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
                provider: microsoft
                client_id: ... # Replace this with the Application ID from the App Registration
                client_secret: ... # Replace this with the generated Secret value from the App Registration 0ee5be1e-4071-45a5-b18d-14b6183ee327
                microsoft_tenant: ... # Replace this with the Tenant of your choice (see below)
                mapper_url: file:///etc/config/kratos/oidc.microsoft.jsonnet
                scope:
                  - profile
                  - email
        password:
          enabled: true

      flows:
        error:
          ui_url: <http://localhost:3000/error>

        settings:
          ui_url: <http://localhost:3000/settings>
          privileged_session_max_age: 15m

        recovery:
          enabled: true
          ui_url: <http://localhost:3000/recovery>

        verification:
          enabled: true
          ui_url: <http://localhost:3000/verification>
          after:
            default_browser_return_url: <http://localhost:3000/>

        logout:
          after:
            default_browser_return_url: <http://localhost:3000/login>

        login:
          ui_url: <http://localhost:3000/login>
          lifespan: 10m

        registration:
          lifespan: 10m
          ui_url: <http://localhost:3000/registration>
          after:
            oidc:
              hooks:
                - hook: session
            password:
              hooks:
                - hook: session
    
    ciphers:
      algorithm: xchacha20-poly1305
    
    hashers:
      algorithm: bcrypt
      bcrypt:
        cost: 8

    secrets:
      cookie:
        - SOME_RANDOM_VALUE_HERE
      cipher:
        - SOME_RANDOM_VALUE_HERE_TOO
    
    cookies:
      domain: .<http://mydomain.com|mydomain.com>
      same_site: Lax

    session:
      cookie:
        domain: .<http://mydomain.com|mydomain.com>
        same_site: Lax

image:
  repository: oryd/kratos
  tag: v0.9.0-alpha.2
  imagePullPolicy: Always

deployment:
  livenessProbe:
    httpGet:
      path: /health/alive
      port: http-admin
    initialDelaySeconds: 60
    periodSeconds: 10
    failureThreshold: 5
  readinessProbe:
    httpGet:
      path: /health/ready
      port: http-admin
    initialDelaySeconds: 60
    periodSeconds: 10
    failureThreshold: 5
  
  extraVolumes: #[]
    - name: oidc-microsoft-jsonnet
      secret:
        secretName: oidc-microsoft-jsonnet
  extraVolumeMounts: #[]
    - name: oidc-microsoft-jsonnet
      mountPath: /etc/config/kratos
      readOnly: true

ingress:
  admin:
    enabled: true
    className: nginx
    annotations:
      <http://kubernetes.io/ingress.allow-http|kubernetes.io/ingress.allow-http>: "false"
      <http://nginx.ingress.kubernetes.io/proxy-body-size|nginx.ingress.kubernetes.io/proxy-body-size>: "0"
      <http://nginx.ingress.kubernetes.io/proxy-read-timeout|nginx.ingress.kubernetes.io/proxy-read-timeout>: "600"
      <http://nginx.ingress.kubernetes.io/proxy-send-timeout|nginx.ingress.kubernetes.io/proxy-send-timeout>: "600"
      <http://nginx.ingress.kubernetes.io/force-ssl-redirect|nginx.ingress.kubernetes.io/force-ssl-redirect>: "true"
      <http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>: letsencrypt
    hosts:
      - host: <http://admin.kratos.mydomain.com|admin.kratos.mydomain.com>
        paths:
          - path: /
            pathType: ImplementationSpecific
    tls:
      - secretName: kratosadmin-tls
        hosts:
          - <http://admin.kratos.mydomain.com|admin.kratos.mydomain.com>
  public:
    enabled: true
    annotations:
      <http://kubernetes.io/ingress.allow-http|kubernetes.io/ingress.allow-http>: "false"
      <http://nginx.ingress.kubernetes.io/proxy-body-size|nginx.ingress.kubernetes.io/proxy-body-size>: "0"
      <http://nginx.ingress.kubernetes.io/proxy-read-timeout|nginx.ingress.kubernetes.io/proxy-read-timeout>: "600"
      <http://nginx.ingress.kubernetes.io/proxy-send-timeout|nginx.ingress.kubernetes.io/proxy-send-timeout>: "600"
      <http://nginx.ingress.kubernetes.io/force-ssl-redirect|nginx.ingress.kubernetes.io/force-ssl-redirect>: "true"
      <http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>: letsencrypt
    className: nginx
    hosts:
      - host: <http://kratos.mydomain.com|kratos.mydomain.com>
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: kratos-pub-tls
        hosts:
          - <http://kratos.mydomain.com|kratos.mydomain.com>

silly-postman-71595

03/22/2022, 7:38 AM

Hello, I am not sure if this is the right channel for this question. I would like to use the ory kratos helm chart for v0.8.2-alpha.1 which has been release for more than 3 months now. But as I can see the latest version of the helm chart (0.22.2) is still on v0.8.0-alpha.3 https://github.com/ory/k8s/tree/master/helm/charts/kratos. How would I upgrade the version while still using the helm chart? Thanks

faint-energy-48611

03/21/2022, 11:40 AM

Hi, is there any info on when kratos 0.8.9 will be released? 🙏

modern-controller-1963

03/21/2022, 3:05 AM

What does it mean when an issue is added to the stable release milestone? Does it mean it's already out or that it will be soon? Specifically I noticed some PRs merge with passwordless auth (magic link) so I'm not sure if thats ready yet or not

breezy-air-36947

03/18/2022, 2:24 PM

I’m deploying kratos via the official helm chart and configuring the verification email template like so: kratos-values.yml

Copy code

kratos:
  config:
    courier:
      templates:
        verification:
          valid:
            email:
              body:
                html: ${verification_email_html}
                plaintext: ${verification_email_plaintext}

incalculable-lizard-67404

03/17/2022, 2:31 PM

Let's say we have iframe UI with registration form in Electron. After form submission an email with verification link is being sent by Kratos. After click on the verification link, Kratos didn't respond - it stays in "infinite" loading. My colleague will add more details about this issue below.