< chilly king 10285> I use the official Helm charts to deplo Ory Community #ory-copilot

<@U04UQ68083H> I use the official Helm charts to d...

victorious-eye-56567

06/12/2023, 1:13 PM

@chilly-king-10285 I use the official Helm charts to deploy kratos and oathkeeper in my kubernetes cluster. The charts require a "dsn" value in the values.yaml file to be able to connect to the database. In production, theses credentials are hosted on AWS and can be accessed by the cluster through an external-secret. My issue is that the values.yaml file is only used in the templating processed to generate kubernetes ressources dynamically. It thus cannot interact with kubernetes and has no way of interacting with the external secret. What is the standard way to solve this issue ?

chilly-king-10285

06/12/2023, 1:13 PM

A message from kapa.ai

chilly-king-10285

06/12/2023, 1:14 PM

You can use an existing Kubernetes Secret to provide the DSN value for your Ory Kratos and Oathkeeper deployments. In the case of Ory Hydra, the following example demonstrates how to create a secret and use it in the Helm chart:

Copy code

bash kubectl create secret generic my-secure-secret --from-literal=dsn=<postgres://foo:[[email> protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>):1234/db  helm install \ ... --set 'hydra.existingSecret=my-secure-secret' \ ... ory/hydra

Source: [Kubernetes Helm Chart - Installation - Part 1](https://www.ory.sh/docs/hydra/self-hosted/kubernetes-helm-chart) You can follow a similar approach for Ory Kratos and Oathkeeper. First, ensure that your external secret is accessible as a Kubernetes Secret in your cluster. Then, modify the Helm chart values to use the existing secret for the DSN value. Unfortunately, the exact Helm chart values for Kratos and Oathkeeper are not provided in the given extracts. You may need to refer to their respective Helm chart documentation for the specific values to set for using an existing secret.

9 Views

Open in Slack

Previous Next