https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
r

red-arm-61759

12/08/2021, 8:46 PM
Hi, I am trying to get kratos running on a kubernetes cluster using the helmchart. However I am struggling providing the database and smtp secret since I do not want to hardcode them into the helm deployment. I did the following: 1. Create a posgres db using helmfile:
Copy code
repositories:
  - name: bitnami
    url: <https://charts.bitnami.com/bitnami>
releases:
  - name: psql-user-management
    chart: bitnami/postgresql
    namespace: default
    values:
      - volumePermissions.enabled: true
2. create a new user on the postgres instance with username kratos and a new database called kratos
3. create a mailaccount on a mail provider with an smtp server
4. Create this secret:
Copy code
apiVersion: v1
kind: Secret
metadata:
  name: secret-kratos-db
stringData:
  DSN: <postgres://kratos>:my-db-secret@psql-user-management-postgresql:5432/kratos
  COURIER_SMTP_CONNECTION_URI: <smtps://my-mail-username>@my-mail-provider.com:my-mail-ps@my-smtp-hostname.com
5. Add an ory kratos deployment to the helmfile referencing the secret:
Copy code
repositories:
  - name: bitnami
    url: <https://charts.bitnami.com/bitnami>
  - name: ory
    url: <https://k8s.ory.sh/helm/charts>

releases:
  - name: psql-user-management
    chart: bitnami/postgresql
    namespace: default
    values:
      - volumePermissions.enabled: true

  - name: kratos
    chart: ory/kratos
    values:
      - deployment.environmentSecretsName: secret-kratos-db
      - secrets.default:
          - some-trash
          - another-trash
However, the referencing of the mail secret and dns secret does not seem to work:
Copy code
[olep@ideapad deployment]$ kubectl describe pod kratos-courier-0
Name:         kratos-courier-0
Namespace:    default
Priority:     0
Node:         v2202106151041156183/5.45.97.52
Start Time:   Wed, 08 Dec 2021 21:36:14 +0100
Labels:       <http://app.kubernetes.io/instance=kratos|app.kubernetes.io/instance=kratos>
              <http://app.kubernetes.io/name=kratos-courier|app.kubernetes.io/name=kratos-courier>
              controller-revision-hash=kratos-courier-78c65f4886
              <http://statefulset.kubernetes.io/pod-name=kratos-courier-0|statefulset.kubernetes.io/pod-name=kratos-courier-0>
Annotations:  <none>
Status:       Pending
IP:           10.42.0.49
IPs:
  IP:           10.42.0.49
Controlled By:  StatefulSet/kratos-courier
Containers:
  kratos-courier:
    Container ID:  
    Image:         oryd/kratos:v0.8.0-alpha.3
    Image ID:      
    Port:          <none>
    Host Port:     <none>
    Args:
      courier
      watch
      --config
      /etc/config/kratos.yaml
    State:          Waiting
      Reason:       CreateContainerConfigError
    Ready:          False
    Restart Count:  0
    Environment:
      LOG_FORMAT:                   json
      LOG_LEVEL:                    trace
      DSN:                          <set to the key 'dsn' in secret 'kratos'>                Optional: false
      SECRETS_DEFAULT:              <set to the key 'secretsDefault' in secret 'kratos'>     Optional: true
      SECRETS_COOKIE:               <set to the key 'secretsCookie' in secret 'kratos'>      Optional: true
      SECRETS_CIPHER:               <set to the key 'secretsCipher' in secret 'kratos'>      Optional: true
      COURIER_SMTP_CONNECTION_URI:  <set to the key 'smtpConnectionURI' in secret 'kratos'>  Optional: false
    Mounts:
      /etc/config from kratos-config-volume (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-fr457 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  kratos-config-volume:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      kratos-config
    Optional:  false
  kube-api-access-fr457:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 <http://node.kubernetes.io/not-ready:NoExecute|node.kubernetes.io/not-ready:NoExecute> op=Exists for 300s
                             <http://node.kubernetes.io/unreachable:NoExecute|node.kubernetes.io/unreachable:NoExecute> op=Exists for 300s
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  51s               default-scheduler  Successfully assigned default/kratos-courier-0 to v2202106151041156183
  Normal   Pulled     2s (x6 over 50s)  kubelet            Container image "oryd/kratos:v0.8.0-alpha.3" already present on machine
  Warning  Failed     2s (x6 over 50s)  kubelet            Error: couldn't find key smtpConnectionURI in Secret default/kratos
What am I doing wrong?
45 Views