is anybody running kratos on Kubernetes 1.24 or 1....
# ory-selfhostinga
alert-queen-57751
03/02/2023, 4:46 PMis anybody running kratos on Kubernetes 1.24 or 1.25? I am deploying via helm charts and having challenges. It looks like that the helm templates do not create a secret for the ServiceAccountTokens to access the Kubernetes APIs. After 1.24 a token is not automatically created by Kubernetes. Do I need to add one?
r
red-machine-69654
03/02/2023, 4:58 PMSomeone asked something similar. I think the service accounts do not get automatically mounted.
red-machine-69654
03/02/2023, 4:58 PMmight be a change for 1.24, I haven't checked yet
a
alert-queen-57751
03/02/2023, 4:59 PMI am wondering what the best approach is to fix - should we modify the helm charts to create a token - that seems pretty simple.
alert-queen-57751
03/02/2023, 5:02 PMI can submit an issue and try myself ( I need to up my helm template skills) - what do you think?
r
red-machine-69654
03/02/2023, 5:04 PMI don't know if there is one already, maybe look at the slack archive first to find the thread. it was just a few days ago, or last week
red-machine-69654
03/02/2023, 5:04 PMi can be wrong, i just remember the SA is created, but not automatically mounted to the pod/container
red-machine-69654
03/02/2023, 5:05 PMmay be a k8s BC break for "security"
a
alert-queen-57751
03/02/2023, 5:07 PMI think we may be talking about slightly different things, I am talking about the SA tokens not getting created for the SAs - the SA account tokens should still be auto mounted if they are created - they just need to be created manually. Either way I will check the slack history
w
witty-midnight-20567
03/02/2023, 5:48 PMI am running the ORY stack on 1.26, I would recommend using the helm manifests as a base for your deployment. At least personally, I had to make a lot of changes to get it to a workable state.
witty-midnight-20567
03/02/2023, 5:48 PM Copy code
helm template ... > hydra.yamla
alert-queen-57751
03/02/2023, 11:22 PMin the Ory helm values.yaml - you can set it up to use your own service account by setting
job.serviceAccount.createfalsedeployment.serviceAccount.createfalsealert-queen-57751
03/02/2023, 11:24 PMI made sure that I created a new token for my service account using the example in the link as an example
alert-queen-57751
03/02/2023, 11:24 PMit all works !
🎉 1
s
shy-beach-55709
03/09/2023, 8:23 PM@alert-queen-57751 hi! I was wondering, did you connect your kratos with microsoft? We are running kratos and mysql on k8s, trying to add microsoft as an oidc but the callback url breaks with 404 error.
The flow is as follows:
Click on login botton --> choose microsoft --> microsoft requests user and passwords --> redirection to callback brealks.
The callback url looks something like:
http://localhost:4455/self-service/methods/oidc/callback/microsoft?code=BLABLA&state=BLABLA&session_state=BLABLA
7 Views