morning I would like to deploy Kratos onto EKS using the pro Ory Community #ory-selfhosting

morning - I would like to deploy Kratos onto EKS u...

dazzling-napkin-4938

03/03/2023, 10:14 PM

morning - I would like to deploy Kratos onto EKS using the provided helm charts. We use PostgreSQL on RDS for the database, with DB username and password configured with password rotation in AWS Secrets manager. Therefore, the DSN can’t be hardcoded, but should come from a kubernetes secret. Is it possible to use Kubernetes secrets via environment variables to configure Kratos’s DSN?

🙏 1

dazzling-napkin-4938

03/03/2023, 10:30 PM

Yes you can. you can define extra environment variables in the deployment section of values.yaml, and these will be available in Kratos. So you can do the following:

Copy code

deployment:
  extraEnv:
    - name: DSN
      value: <postgres://postgres@MY_HOST:5432/kratos>

And if you need to use a kubernetes secret, you can do this:

Copy code

deployment:
  extraEnv:
    - name: DSN
      valueFrom: 
        secretKeyRef:
          name: postgres-secret
          key: dsn

dazzling-napkin-4938

03/03/2023, 10:51 PM

specifically for secrets manager and RDS, you can combine valued in the secret into a DSN:

Copy code

deployment:
  extraEnv:
    - name: DB_USER 
      valueFrom: 
        secretKeyRef:
          name: postgres
          key: username 
    - name: DB_PASS
      valueFrom: 
        secretKeyRef:
          name: postgres
          key: password
    - name: DB_HOST
      valueFrom: 
        secretKeyRef:
          name: postgres
          key: host 
    - name: DB_PORT
      valueFrom: 
        secretKeyRef:
          name: postgres
          key: port 
    - name: DB_DATABASE
      valueFrom: 
        secretKeyRef:
          name: postgres
          key: dbname
    - name: DSN
      value: "postgres://$(DB_USER):$(DB_PASS)@$(DB_HOST):$(DB_PORT)/$(DB_DATABASE)"

red-machine-69654

03/04/2023, 11:53 AM

I had no idea this interpolation works. Thanks for sharing

dazzling-napkin-4938

03/06/2023, 3:33 AM

it’s a bit hard to find, but combining env vars is in the Kubernetes docs: https://kubernetes.io/docs/tasks/inject-data-application/define-interdependent-environment-variables/

🙏 1

dazzling-napkin-4938

03/06/2023, 3:33 AM

And Ory projects allow overriding config values with environment variables

kind-stone-45737

03/08/2023, 9:41 AM

My solution is creating a

kratos_template.yml

and use

envsubst

to interpolate all envs to

kratos.yml

when container is starting. After that, you can run

kratos serve -c ...

8 Views

Open in Slack

Previous Next