When configuring Kratos from the Helm Chart I noticed that I Ory Community #ory-selfhosting

When configuring Kratos from the Helm Chart I noti...

adorable-dream-95774

05/14/2025, 3:07 PM

When configuring Kratos from the Helm Chart I noticed that I need to set the SMTP connection URL in two places when using custom secrets: 1. As the

smtpConnectionURI

in secrets data, AND 2. As the

kratos.config.courier.smtp.connection_uri

in the values.yaml It was a bit confusing and seems redundant to need to place the value in two places for two different reasons: •

smtpConnectionURI

so that the configuration is validated and the container boots, and •

kratos.config.courier.smtp.connection_uri

so that the environment variable is set Secrets Terraform example:

Copy code

resource "kubernetes_secret" "kratos_custom_secrets" {
  metadata {
    name = "kratos-values-secret"
    namespace = kubernetes_namespace.kratos.metadata[0].name
  }
  data = {
    "dsn" = local.kratos_dsn
    "secretsDefault" = local.decrypted_secrets["kratos_default_secret"]
    "secretsCookie" = local.decrypted_secrets["kratos_cookie_secret"]
    "secretsCipher" = local.decrypted_secrets["kratos_cipher_secret"]
    "smtpConnectionURI" = local.smtp_connection_uri
  }
}

...
resource "helm_release" "ory_kratos" {
  name = "ory-kratos"
  repository = "<https://k8s.ory.sh/helm/charts>"
  chart = "kratos"
  version = "0.53.0"
  namespace = kubernetes_namespace.kratos.metadata[0].name
  create_namespace = false

  values = [
    yamlencode({
      secret = {
        enabled = false
        nameOverride = "kratos-values-secret"
      }
      kratos = {
        config = local.kratos_config
        automigration = { enabled = true }
      }
      ...
    })
  ]
}

Reference: https://github.com/ory/k8s/blob/master/helm/charts/kratos/templates/secrets.yaml

adorable-dream-95774

05/14/2025, 3:09 PM

This is working, so not a huge issue but took a while to figure out

2 Views

Open in Slack