https://www.ory.sh/ logo
Join Slack
Powered by
hi there, I'm having trouble installing kratos in ...
# ory-selfhosting
h
hi there, I'm having trouble installing kratos in k8s, I'm using hem chart and a sample config file, but the installation fails with message about some mail property.
t
are you setting the SMTP endpoint? Kratos requires SMTP to be setup
h
nope, which SMTP endpoint should I set for it ?
t
Copy code
courier:
          smtp:
            connection_uri: <snip>
You'll need to have your own, or use a provider (like sendgrid, etc)
h
and what should be the connection_uri ? - i suppose if it's not correct it wil fail again ?
t
you can put a dummy value in for the time being if you're just having a play
For example;
Copy code
courier:
          smtp:
            connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>
h
10x will try that one 😉
the next one
identity.schemas: <nil> - configuration error is what I get, after getting rid of the mail stuff
will it be ok to attach my config.yaml here for you to review ?
if you have a nice and simple startup config file it will be great ! I compiled this one from various sources...
t
Here's a cut down (but working) version of one of my test envs;
Copy code
values:
    kratos:
      config:
        ciphers:
          algorithm: xchacha20-poly1305
        cookies:
          domain: <your_domain>
          path: /
          same_site: Lax
        courier:
          smtp:
            connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>
        hashers:
          algorithm: bcrypt
          bcrypt:
            cost: 8
        identity:
          default_schema_id: default
          schemas:
          - id: default
            url: file:///etc/config/identity.default.schema.json
        selfservice:
          allowed_return_urls:
          - <your_domain>
          default_browser_return_url: <your_domain>
          flows:
            error:
              ui_url: <your_domain>
            login:
              lifespan: 10m
              ui_url: <your_domain>
              after:
                default_browser_return_url: <your_domain>
            recovery:
              enabled: true
              ui_url: <your_domain>
            registration:
              enabled: false
              ui_url: <your_domain>
            settings:
              privileged_session_max_age: 15m
              ui_url: <your_domain>
            verification:
              enabled: true
          methods:
            password:
              enabled: true
        serve:
          admin:
            port: 4434
          public:
            base_url: <your_domain>
            cors:
              allowed_headers:
              - Authorization
              - Cookie
              - Content-Type
              allowed_methods:
              - POST
              - GET
              - PUT
              - PATCH
              - DELETE
              allowed_origins:
              - <your_domain>
              enabled: true
              exposed_headers:
              - Content-Type
              - Set-Cookie
            port: 4433
        session:
          cookie:
            domain: <your_domain>
            same_site: Lax
      identitySchemas:
        identity.default.schema.json: |
          {
            "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",
            "$schema": "<http://json-schema.org/draft-07/schema#>",
            "title": "Person",
            "type": "object",
            "properties": {
              "traits": {
                "type": "object",
                "properties": {
                  "email": {
                    "type": "string",
                    "format": "email",
                    "title": "E-Mail",
                    "minLength": 3,
                    "<http://ory.sh/kratos|ory.sh/kratos>": {
                      "credentials": {
                        "password": {
                          "identifier": true
                        }
                      },
                      "verification": {
                        "via": "email"
                      },
                      "recovery": {
                        "via": "email"
                      }
                    }
                  },
                  "name": {
                    "type": "object",
                    "properties": {
                      "first": {
                        "title": "First Name",
                        "type": "string"
                      },
                      "last": {
                        "title": "Last Name",
                        "type": "string"
                      }
                    }
                  }
                },
                "required": [
                  "email"
                ],
                "additionalProperties": false
              }
            }
          }
h
wow! many thanks man!!
should I set there my own domain ? I suppose so ?
t
yeah, you'll need to make sure the return URL's are correct for your usage too
h
ok, I'll try to manage that - 10x again!
now I'm back at couldn't find key smtpConnectionURI in Secret default/kratos-test: CreateContainerConfigError - this is with the config you've provided and changing the domain
secret "kratos-test" not found: CreateContainerConfigError
kratos-test is the name of my deployment, but what kind of secret should I create ?
the last errors are from the config you gave me
2022-05-30T130437.054200509Z ^-- additionalProperties "identitySchemas", "serve", "session" not allowed Error 2022-05-30T130437.054203939Z{} Error 2022-05-30T130437.054239069Ztime=2022-05-30T130437Z level=fatal msg=Unable to instantiate configuration. audience=application error=map[message:I[#/selfservice/flows] S[#/properties/selfservice/properties/flows/additionalProperties] additionalProperties "identitySchemas", "serve", "session" not allowed] service_name=Ory Kratos service_version=v0.9.0-alpha.3
k
Hey @handsome-traffic-58007 I am facing the same issue on deploying Kratos-k8s Is your issue resolved now?
h
@kind-artist-12687 still not, but I will give it a try and will ping here if solution is found
k
@magnificent-actor-67130
f
You have a issue with your yaml config file, usually a spaceing issue. Look close to identitySchemas: server: session.
h
yamllint kratos-v3test.yaml kratos-v3test.yaml 1:1 warning missing document start "---" (document-start) 126:81 error line too long (108 > 80 characters) (line-length)
no spacing issues - i have checked more than twice
w
Hi there, looking at the file it seems like a spacing issue, or rather indentation issue. The serve,session part of the config seems to get merged with the identitySchemas, which is an error
you can always take a look on the sample values we use in our charts: https://github.com/ory/k8s/blob/master/.circleci/values/kratos.yaml
and please compare them to the reference https://www.ory.sh/docs/kratos/reference/configuration 😉
h
i used this file as a start for mine, and @magnificent-energy-493 has adviced this indentitiy configuration - 100% working in their test env
w
for helm you 100% don’t need the starting 
values:
object
h
ок, can you please send me a working start yaml file to deploy with helm ?
w
Copy code
--- 
kratos:
  autoMigrate: true
  config:
    dsn: "<postgres://postgres:ory@postgresql.default.svc.cluster.local/ory?sslmode=disable&max_conn_lifetime=10s>"
    ciphers: 
      algorithm: xchacha20-poly1305
    cookies: 
      domain: <http://foo.domain.com|foo.domain.com>
      path: /
      same_site: Lax
    courier: 
      smtp: 
        connection_uri: "<smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>"
    hashers: 
      algorithm: bcrypt
      bcrypt: 
        cost: 8
    identity: 
      default_schema_id: default
      schemas: 
        - 
          id: default
          url: "file:///etc/config/identity.default.schema.json"
    selfservice: 
      allowed_return_urls: 
        - <http://test.foo.domain.com|test.foo.domain.com>
      default_browser_return_url: <http://test.foo.domain.com|test.foo.domain.com>
      flows: 
        error: 
          ui_url: <http://test.foo.domain.com/errors|test.foo.domain.com/errors>
        login: 
          after: 
            default_browser_return_url: <http://test.foo.domain.com/foo|test.foo.domain.com/foo>
          lifespan: 10m
          ui_url: <http://test.foo.domain.com/foo|test.foo.domain.com/foo>
        recovery: 
          enabled: true
          ui_url: <http://test.foo.domain.com/foo|test.foo.domain.com/foo>
        registration: 
          enabled: false
          ui_url: <http://test.foo.domain.com/foo|test.foo.domain.com/foo>
        settings: 
          privileged_session_max_age: 15m
          ui_url: <http://test.foo.domain.com/foo|test.foo.domain.com/foo>
        verification: 
          enabled: true
      methods: 
        password: 
          enabled: true
    serve: 
      admin: 
        port: 4434
      public: 
        base_url: <http://test.foo.domain.com|test.foo.domain.com>
        cors: 
          allowed_headers: 
            - Authorization
            - Cookie
            - Content-Type
          allowed_methods: 
            - POST
            - GET
            - PUT
            - PATCH
            - DELETE
          allowed_origins: 
            - https://*.<http://domain.com|domain.com>
          enabled: true
          exposed_headers: 
            - Content-Type
            - Set-Cookie
        port: 4433
    session: 
      cookie: 
        domain: <http://foo.domain.com|foo.domain.com>
        same_site: Lax
  identitySchemas: 
    identity.default.schema.json: |-
        {
          "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",
          "$schema": "<http://json-schema.org/draft-07/schema#>",
          "title": "Person",
          "type": "object",
          "properties": {
            "traits": {
              "type": "object",
              "properties": {
                "email": {
                  "type": "string",
                  "format": "email",
                  "title": "E-Mail",
                  "minLength": 3,
                  "<http://ory.sh/kratos|ory.sh/kratos>": {
                    "credentials": {
                      "password": {
                        "identifier": true
                      }
                    },
                    "verification": {
                      "via": "email"
                    },
                    "recovery": {
                      "via": "email"
                    }
                  }
                },
                "name": {
                  "type": "object",
                  "properties": {
                    "first": {
                      "title": "First Name",
                      "type": "string"
                    },
                    "last": {
                      "title": "Last Name",
                      "type": "string"
                    }
                  }
                }
              },
              "required": [
                "email"
              ],
              "additionalProperties": false
            }
          }
        }
This makes kratos happy 😉
Copy code
kubectl logs kratos-7dc7654d7c-kzj2g                                                                            
time=2022-06-01T07:35:26Z level=info msg=No tracer configured - skipping tracing setup audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=warning msg=The config has no version specified. Add the version to improve your development experience. audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=error msg=Configuration key serve.public.base_url is not a valid URL. Falling back to optimistically guessing the server's base URL. Please set a value to avoid problems with redirects and cookies. audience=application error=map[message:parse "<http://test.foo.domain.com|test.foo.domain.com>": invalid URI for request] service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=info msg=Software quality assurance features are enabled. Learn more at: <https://www.ory.sh/docs/ecosystem/sqa> audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=info msg=TLS has not been configured for public, skipping audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=info msg=Starting the public httpd on: 0.0.0.0:4433 audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=error msg=Configuration key serve.public.base_url is not a valid URL. Falling back to optimistically guessing the server's base URL. Please set a value to avoid problems with redirects and cookies. audience=application error=map[message:parse "<http://test.foo.domain.com|test.foo.domain.com>": invalid URI for request] service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=info msg=TLS has not been configured for admin, skipping audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:35:26Z level=info msg=Starting the admin httpd on: 0.0.0.0:4434 audience=application service_name=Ory Kratos service_version=v0.9.0-alpha.2
time=2022-06-01T07:36:04Z level=info msg=started handling request http_request=map[headers:map[accept:*/* connection:close user-agent:kube-probe/1.23] host:10.244.0.14:4434 method:GET path:/admin/health/ready query:<nil> remote:10.244.0.1:34088 scheme:http]
time=2022-06-01T07:36:04Z level=info msg=started handling request http_request=map[headers:map[accept:*/* connection:close user-agent:kube-probe/1.23] host:10.244.0.14:4434 method:GET path:/admin/health/alive query:<nil> remote:10.244.0.1:34090 scheme:http]
time=2022-06-01T07:36:04Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* connection:close user-agent:kube-probe/1.23] host:10.244.0.14:4434 method:GET path:/admin/health/alive query:<nil> remote:10.244.0.1:34090 scheme:http] http_response=map[headers:map[cache-control:private, no-cache, no-store, must-revalidate content-type:application/json; charset=utf-8] size:16 status:200 text_status:OK took:884.368µs]
time=2022-06-01T07:36:04Z level=info msg=completed handling request http_request=map[headers:map[accept:*/* connection:close user-agent:kube-probe/1.23] host:10.244.0.14:4434 method:GET path:/admin/health/ready query:<nil> remote:10.244.0.1:34088 scheme:http] http_response=map[headers:map[cache-control:private, no-cache, no-store, must-revalidate content-type:application/json; charset=utf-8] size:16 status:200 text_status:OK took:56.46212ms]
h
many many thanks!
hi again, we are almost done, but the conenction to cloud sql fails ( other services connect to it without issues)
Error 2022-06-01T131411.364999132Ztime=2022-06-01T131411Z level=warning msg=Unable to determine network, retrying. audience=application error=map[debug: message:Unable to locate the table reason: stack_trace:
w
this looks as if it was able to connect to the db, but could not find the required table
plus, do you run the automigration?
that spawns a special job, which creates the db tables and schemas for kratos to operate
if you dont, then you would need to setup the db yourself
h
ok, so I should set automigrate to true in the file ?
tried with automigrate: true ...
now I have the following errors
logs from Cloud SQL "2022-06-02 072255.051 UTC [311732]: [2-1] db=kratos,user=kratos STATEMENT: SELECT networks.created_at, networks.id, networks.updated_at FROM networks AS networks ORDER BY created_at ASC LIMIT 1"
logs from pod: Error 2022-06-02T071717.759619397Ztime=2022-06-02T071717Z level=warning msg=Unable to ping database, retrying. audience=application error=map[message:failed to connect to `host=10.63.0.5 user=kratos database=kratos`: server error (FATAL: remaining connection slots are reserved for non-replication superuser connections (SQLSTATE 53300)) stack_trace:
how many connections to db by default are opened by kratos - it looks like we have hit this limit currently
fixed this, now it says unable to find some table... wil restart the install to see if it will pass...
with got autoMigrate: true , or false , got the same error
2022-06-02T082128.364464314Ztime=2022-06-02T082128Z level=warning msg=Unable to determine network, retrying. audience=application error=map[debug: message:Unable to locate the table reason: stack_trace:
i think it needs some table, but why if it's first time install?
l
same error with my Db setup (on aws RDS)
w
@high-optician-2097 take a look here if you can 😉
h
with autoMigrate: true and version 0.10.1 we got it running!
🥳 1
🙌 1
🎉 1
2 Views
Open in Slack
PreviousNext
Powered by