Skip to content
Snippets Groups Projects
Commit 1074fbd9 authored by root's avatar root
Browse files

Clean up and some basic documentation

parent d693700c
No related branches found
No related tags found
1 merge request!46Add kratos container
Pipeline #8982 failed with stages
in 1 minute and 4 seconds
Please refer to the [online documentation](.../helmchart)
# apply PVC
kubectl apply -f pvc.yaml -n oas
# install
helm upgrade -f ../current.yaml single-sign-on . --debug -n oas
This helmchart provides a first iteration of kratos services
as backend for user database storage.
The Kratos backend is not used by applications yet and is just
added to provide an infrastructure to develop the new frontend.
To apply this helmchart for testing and add kratos to your
stackspin cluster for development, follow those steps. Please
note, it can be needed to specify the right namesapce (`ex: -n oas`)
1. Backup you cluster values:
```
helm get values single-sign-on > cluster-values.yaml
```
2. Upgrade the helm chart to include kratos
```
helm upgrade -f ../cluster-values.yaml single-sign-on . --debug
```
......@@ -86,6 +86,9 @@ kratos:
tag: v0.7.3-alpha.1
kratos:
# TODO: This schema is not complete yet. This schema is
# put on the config disk as a seperate file by the
# helm chart
identitySchemas:
"identity.default.schema.json": |
{
......@@ -104,17 +107,22 @@ kratos:
autoMigrate: true
config:
identity:
# This points to the filename in above identitySchemas section.
default_schema_url: file://identity.default.schema.json
dsn: postgres://kratos:kratos@single-sign-on-postgresql:5432/kratos
selfservice:
# TODO: Have to figure out a decent default
default_browser_return_url: https://stackspin.net
secrets:
session:
- a password goes here
- a secred goes here
- a secret goes here
log:
level: info
courier:
smtp:
connection_uri: smtps://kratos:kratos@smtp.greenhost.nl:465/
......
FROM oryd/kratos:v0.7.6-alpha.1-sqlite
ENV DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
COPY identity.schema.json /etc/config/kratos/identity.schema.json
COPY kratos.yml /etc/config/kratos/kratos.yml
{
"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"username": {
"type": "string",
"title": "Username",
"minLength": 1,
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
}
}
},
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 3,
"ory.sh/kratos": {
"verification": {
"via": "email"
},
"recovery": {
"via": "email"
}
}
},
"name": {
"type": "object",
"properties": {
"first": {
"type": "string",
"title": "First name"
},
"last": {
"type": "string",
"title": "Last name"
}
}
}
},
"required": ["email", "username"],
"additionalProperties": false
}
}
}
version: v0.7.6-alpha.1
dsn: memory
serve:
public:
base_url: http://127.0.0.1:4433/
cors:
enabled: true
admin:
base_url: http://127.0.0.1:4434/
selfservice:
default_browser_return_url: http://127.0.0.1:5000/settings
whitelisted_return_urls:
- http://127.0.0.1:4455
- http://127.0.0.1:5000
- http://127.0.0.1:5000/login
- http://127.0.0.1:5000/recover
- http://127.0.0.1:5000/settings
methods:
password:
enabled: true
link:
enabled: true
flows:
error:
ui_url: http://127.0.0.1:4455/error
settings:
ui_url: http://127.0.0.1:5000/settings
privileged_session_max_age: 15m
recovery:
enabled: true
ui_url: http://127.0.0.1:5000/recover
verification:
enabled: true
ui_url: http://127.0.0.1:4455/verify
after:
default_browser_return_url: http://127.0.0.1:4455/
logout:
after:
default_browser_return_url: http://127.0.0.1:4455/auth/login
login:
ui_url: http://127.0.0.1:5000/auth
lifespan: 10m
registration:
lifespan: 10m
ui_url: http://127.0.0.1:4455/auth/registration
# after:
# password:
# hooks:
# -
# hook: session
log:
level: debug
format: text
leak_sensitive_values: true
secrets:
cookie:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
identity:
default_schema_url: file:///etc/config/kratos/identity.schema.json
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true
hashers:
argon2:
parallelism: 1
memory: 128MB
iterations: 2
salt_length: 16
key_length: 16
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment