Hello wave I m trying to deploy Keto in my Kubernetes cluste Ory Community #ory-selfhosting

Hello :wave:, I’m trying to deploy Keto in my Kube...

victorious-eye-56567

04/26/2023, 4:58 PM

Hello 👋, I’m trying to deploy Keto in my Kubernetes cluster using the official Helm chart. Everything deploys fine, and I use the official OpenAPI specification to interact with the Keto API. I expose my service properly and can see the incoming requests in the pod logs. The command I used to expose the service is

kubectl --namespace ory port-forward svc/keto-read 4466:80

My issue is that all endpoints I am calling always return a 404 error and I can’t figure out what is going wrong. As I said, I can see the requests in the logs so I suspect that there is a misconfiguration in the endpoints or maybe even in which protocol is used. I try to interact with the API using HTTP. From what I understand, the basic configuration is GRPC. So maybe there is a mismatch on the protocol level ? I am posting my values-yaml file in a thread. Any help would be appreciated!

victorious-eye-56567

04/26/2023, 5:00 PM

Here is my values.yaml file, I tried with and without the quoted part:

Copy code

keto:
    config:
        log:
            format: json
            level: debug
        dsn: <postgres://postgres:postgres@host.minikube.internal:5432/aube?sslmode=disable&max_conns=20&max_idle_conns=4> # To set for prod
        serve:
            read:
                port: 4466
            write:
                port: 4467
            metrics:
                port: 4468
        namespaces: {My rules as base64 url}
# service:
#     # -- Read service
#     read:
#         enabled: true
#         name: tcp-read
#         port: 80
#         appProtocol: tcp
#     # -- Write service
#     write:
#         enabled: true
#         name: tcp-write
#         port: 80
#         appProtocol: tcp
#     # -- Metrics service
#     metrics:
#         enabled: false
#         name: http-metrics
#         port: 80
#         annotations: {}

victorious-eye-56567

04/26/2023, 5:11 PM

I noticed that no table has been created in my database which is surprising as it uses the same DSN than Kratos that works well on my side. Maybe both issues are related.

enough-yak-81379

04/26/2023, 6:23 PM

Hi there, did you run the migration procedure? the chart has an automigration option that will take care of that for you

victorious-eye-56567

04/27/2023, 9:18 AM

Thank you for helping, when adding :

Copy code

keto:
    automigration:
        enabled: true
    config: ...

I get the following error:

Copy code

Error: stat : no such file or directory
Usage:
  keto migrate up [flags]

Flags:
      --format string   Set the output format. One of table, json, yaml, and json-pretty. (default "default")
  -h, --help            help for up
  -q, --quiet           Be quiet with output printing.
  -y, --yes             yes to all questions, no user input required

Global Flags:
  -c, --config strings   Config files to load, overwriting in the order specified. (default [/home/ory/keto.yml])

stat : no such file or directory

I remember that even before adding automigration, on the endpoint GET

/relation-tuples

I already had this error. Do you know this could be coming from ?

enough-yak-81379

04/27/2023, 11:39 AM

the

Error: stat : no such file or directory

looks sus, like missing config

enough-yak-81379

04/27/2023, 11:40 AM

you can take a look at https://github.com/ory/k8s/blob/master/hacks/values/keto.yaml for reference

victorious-eye-56567

04/27/2023, 1:10 PM

Following the reference, I tried to add

customCommand

but I still get a timeout with the stat error shown above. I did like this:

Copy code

keto:
    automigration:
        enabled: true
        customCommand:
         - keto
    config:...

What surprises me is that in the reference, there is no field

namespaces

. How are the OPL permissions passed to Keto then ? Am I doing it the right way ?

3 Views

Open in Slack

Previous Next