Hello :wave:,
I've been stuck on an issue for quit...
# talk-kratosv
victorious-eye-56567
07/05/2023, 3:52 PMHello 👋,
I've been stuck on an issue for quite some time now.
I have a kubernetes external secret to store my database secret values on aws.
I use the official Kratos Helm chart to deploy Kratos and I would like the DSN to be dynamically set based on my secret values.
For now, my kratos
values.yaml Copy code
kratos:
kratos:
tolerations:
- key: "lifecycle"
operator: "Equal"
value: "Ec2Spot"
effect: "NoSchedule"
deployment:
replicas: 2
podLabels:
app: kratos
extraEnv:
- name: KRATOS_HOST
valueFrom:
secretKeyRef:
name: kratos-credentials
key: KRATOS_HOST
- name: KRATOS_USERNAME
valueFrom:
secretKeyRef:
name: kratos-credentials
key: KRATOS_USERNAME
- name: KRATOS_PASSWORD
valueFrom:
secretKeyRef:
name: kratos-credentials
key: KRATOS_PASSWORD
- name: KRATOS_PORT
valueFrom:
secretKeyRef:
name: kratos-credentials
key: KRATOS_PORT
- name: KRATOS_DATABASE
valueFrom:
secretKeyRef:
name: kratos-credentials
key: KRATOS_DATABASE
- name: DSN
value: "postgres://$(KRATOS_USERNAME):$(KRATOS_PASSWORD)@$(KRATOS_HOST):$(KRATOS_PORT)/$(KRATOS_DATABASE)?sslmode=disable&max_conns=20&max_idle_conns=4"victorious-eye-56567
07/05/2023, 3:52 PMHere is the External Secret for reference:
Copy code
apiVersion: <http://external-secrets.io/v1beta1|external-secrets.io/v1beta1>
kind: ExternalSecret
metadata:
name: kratos-credentials
namespace: ory
spec:
secretStoreRef:
name: aws-secrets
kind: ClusterSecretStore
data:
- secretKey: KRATOS_HOST
remoteRef:
key: kratos/credentials
property: KRATOS_HOST
- secretKey: KRATOS_PORT
remoteRef:
key: kratos/credentials
property: KRATOS_PORT
- secretKey: KRATOS_USERNAME
remoteRef:
key: kratos/credentials
property: KRATOS_USERNAME
- secretKey: KRATOS_PASSWORD
remoteRef:
key: kratos/credentials
property: KRATOS_PASSWORD
- secretKey: KRATOS_DATABASE
remoteRef:
key: kratos/credentials
property: KRATOS_DATABASE