https://www.ory.sh/ logo
Join Slack
Powered by
Hello, I am using the Keto Helm chart to deploy it...
# talk-keto
v
Hello, I am using the Keto Helm chart to deploy it in my Kubernetes project. I want to use the OPL to be able to implement RBAC. The issue I have is that I can’t understand how am I supposed to provide my TS (OPL) files in the helm chart ? I use the Keto repository to try to understand things but it uses Docker Compose. The helm chart configuration does not seem to have any field for this. Does someone has an idea ?
s
you can use base64 encoded URIs, or just mount the file as a volume and reference it using a 
file:///your/path
file URI
v
Thanks for your answer ❤️
But how does that work though ? 1. What's the key name in the helm chart 2. Let's say this is my permission:
Copy code
class File implements Namespace {
	related: {
		parents: (File | Folder)[]
		viewers: (User | SubjectSet<Group, "members">)[]
		owners: (User | SubjectSet<Group, "members">)[]
	}

	// Some comment
	permits = {
		view: (ctx: Context): boolean =>
			this.related.parents.traverse((p) => p.permits.view(ctx)) ||
			this.related.viewers.includes(ctx.subject) ||
			this.related.owners.includes(ctx.subject),

		edit: (ctx: Context) => this.related.owners.includes(ctx.subject),
	}
}
How can Keto know about it and use this ?
s
you have to mount that file in a volume (passed in as 
extraVolumes
) and then reference it in the config under 
namespaces.location
or base64 encode the whole file and put it in the 
namespaces.location
v
Ahhh I see, thanks for the clarification! I better understand 1) now. Does that mean that Keto automaticaly reads all files in `namespaces.location`and uses all classes from there ? (Here the File permissions)
s
I think currently everything has to be in one file, but yeah
v
Thanks a lot, this was a bit obscure to me and I was feeling stuck. It is greatly appreciated!
s
np
m
You could also set up an sidecar container(busybox) perhaps that has a volume mount to a config map that contains your opl files. And then when the pod executes it will query your keto container with the opl files and when its done the container will stop.
s
@mammoth-hydrogen-54044 @victorious-eye-56567 were you able to implement this? I'm trying to do the same but I;m getting the following error: 
destination for keto.keto.config.namespaces is a table. Ignoring non-table value ([map[id:0 name:sample]])
I'm deploying keto with helm using this chart: https://artifacthub.io/packages/helm/ory/keto/0.28.2 My values regarding this are as follow:
Copy code
config:
    dsn: memory 
    serve:
      read:
        port: 4466
      write:
        port: 4467
      metrics:
        port: 4468

    namespaces: 
      location: file:///etc/namespaces/namespaces.keto.ts
The file inside /etc/namespaces/namespaces.keto.ts is loaded via volumes/configmap:
Copy code
extraVolumes:
  - name: olp-file
    configMap:
      name: keto-olp

extraVolumeMounts:
  - name: olp-file
    mountPath: /etc/namespaces
If i get into the pod, the file is correctly created. The ts file used is the one provided as example in the ory website.
17 Views
Open in Slack
PreviousNext
Powered by