https://www.ory.sh/ logo
Join Slack
Powered by
Hi Ory Community! I’ve got a question about keto n...
# talk-keto
c
Hi Ory Community! I’ve got a question about keto namespaces. In configs’ documentation (https://www.ory.sh/docs/keto/reference/configuration) I see a usage of a http URL in namespaces setting:
namespaces: http://a.aaa
Is it implemented? We were trying to load namespaces config via http but upon writing the tuples, keto throws an error:
Copy code
Error: 2 UNKNOWN: stat : no such file or directory
Part of our 
keto.yml
regarding namespaces:
Copy code
namespaces: <http://host.docker.internal:5000/namespaces.yml>
and served data under the url is:
Copy code
- id: 0
  name: estates
- id: 1
  name: users
s
yes it is implemented and should work from the error it looks like it is trying to open a file with an empty file name 🤔
but also the syscall`stat` means it is in the local file branch...
c
looks like it is trying to open a file with an empty file name
Yeah, that what we thought, which is quite puzzling.
s
ok it is not quite what it seems to be 😅 the remote only works for the websocket server you can find at https://github.com/ory/x/blob/master/watcherx/websocket_server.go
and yeah, it should not 
stat
if the scheme is not 
file
what is your use-case for remote configs?
c
Our Keto namespaces are actually defined by the application logic that uses Keto. The application is in different git repository than our keto.yml, so it is not easy to manage those two, finding and extracting the namespaces from application code and copying them to keto.yml is error prone and it would be impossible to manage them swiftly on the CI/CD environment. So we’ve though that we could start a service that would dynamically generate namespaces from the application code and serve them to keto over http.
s
ok makes sense... is it one Keto instance per application? is it in the same deployment or completely remote? and what language/stack are you using for the application?
c
It’s one keto per application deployment (there are many application instances sharing the same code). Application and Keto are in one k8s cluster. Application uses NodeJS with NestJS framework and communicates with Keto over GRPC.
s
so it is kind of a SaaS where the application can be configured by your customer and Keto has to adapt to that?
c
Yes, something like that, but more like application can be configured for the customer and keto has to adapt to that.
s
the setup is similar to Ory Cloud then, which means you need a similar solution 🤔 did you consider using Ory Cloud instead and creating/updating the config there through the API?
c
That’s an interesting idea, although it is too late in the project to introduce the Ory Cloud instead of self-serviced version.
s
hmm, then the easiest solution will be to use the file system tbh if it shares some that is easy, otherwise you could use the kubernetes API to write the Keto config map
c
Although, when we are self-servicing Keto together with the application deployment, we can have as many different keto configurations as we have different codebases, and it’s all managed by CD. If we would use Ory Cloud instead, would we be able do dynamically create Ory Cloud projects when new deployment arrives?
By dynamically, I mean through an API, without human interaction.
s
sure, all available through API
c
Cool, we will take in into consideration in the next projects.
s
👍
4 Views
Open in Slack
PreviousNext
Powered by