Clean up and some basic documentation

1074fbd9 · root · d693700c · 1074fbd9 · 1074fbd9 · d693700c
Commit 1074fbd9 authored 3 years ago by root
--- a/helmchart/single-sign-on/README.md
+++ b/helmchart/single-sign-on/README.md
 Please refer to the [online documentation](.../helmchart)


-# apply PVC
-kubectl apply -f pvc.yaml -n oas

-# install
-helm upgrade -f ../current.yaml single-sign-on . --debug -n oas
+This helmchart provides a first iteration of kratos services
+as backend for user database storage. 
+
+The Kratos backend is not used by applications yet and is just
+added to provide an infrastructure to develop the new frontend.
+
+To apply this helmchart for testing and add kratos to your
+stackspin cluster for development, follow those steps. Please
+note, it can be needed to specify the right namesapce (`ex: -n oas`)
+
+1. Backup you cluster values:
+```
+helm get values single-sign-on > cluster-values.yaml
+```
+
+2. Upgrade the helm chart to include kratos
+
+```
+helm upgrade -f ../cluster-values.yaml single-sign-on . --debug
+```

--- a/helmchart/single-sign-on/values.yaml
+++ b/helmchart/single-sign-on/values.yaml
@@ -86,6 +86,9 @@ kratos:
      tag: v0.7.3-alpha.1

  kratos:
+    # TODO: This schema is not complete yet. This schema is 
+    #       put on the config disk as a seperate file by the
+    #       helm chart
    identitySchemas:
      "identity.default.schema.json": | 
        {
@@ -104,17 +107,22 @@ kratos:
    autoMigrate: true
    config:
      identity:
+        # This points to the filename in above identitySchemas section. 
        default_schema_url: file://identity.default.schema.json
+
      dsn: postgres://kratos:kratos@single-sign-on-postgresql:5432/kratos
+
      selfservice:
+        # TODO: Have to figure out a decent default
        default_browser_return_url: https://stackspin.net

      secrets:
        session:
          - a password goes here
-          - a secred goes here
+          - a secret goes here
      log:
        level: info
+
      courier: 
        smtp: 
          connection_uri: smtps://kratos:kratos@smtp.greenhost.nl:465/

--- a/kratos/Dockerfile
+++ b/kratos/Dockerfile
-FROM oryd/kratos:v0.7.6-alpha.1-sqlite
-
-ENV DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
-
-COPY identity.schema.json /etc/config/kratos/identity.schema.json
-COPY kratos.yml /etc/config/kratos/kratos.yml
--- a/kratos/identity.schema.json
+++ b/kratos/identity.schema.json
-{
-  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "Person",
-  "type": "object",
-  "properties": {
-    "traits": {
-      "type": "object",
-      "properties": {
-        "username": {
-          "type": "string",
-          "title": "Username",
-          "minLength": 1,
-          "ory.sh/kratos": {
-            "credentials": {
-              "password": {
-                "identifier": true
-              }
-            }
-          }
-        },
-        "email": {
-          "type": "string",
-          "format": "email",
-          "title": "E-Mail",
-          "minLength": 3,
-          "ory.sh/kratos": {
-            "verification": {
-              "via": "email"
-            },
-            "recovery": {
-              "via": "email"
-            }
-          }
-        },
-        "name": {
-          "type": "object",
-          "properties": {
-            "first": {
-              "type": "string",
-              "title": "First name"
-            },
-            "last": {
-              "type": "string",
-              "title": "Last name"
-            }
-          }
-        }
-      },
-      "required": ["email", "username"],
-      "additionalProperties": false
-    }
-  }
-}
--- a/kratos/kratos.yml
+++ b/kratos/kratos.yml
-version: v0.7.6-alpha.1
-
-dsn: memory
-
-serve:
-  public:
-    base_url: http://127.0.0.1:4433/
-    cors:
-      enabled: true
-  admin:
-    base_url: http://127.0.0.1:4434/
-
-selfservice:
-  default_browser_return_url: http://127.0.0.1:5000/settings
-  whitelisted_return_urls:
-    - http://127.0.0.1:4455
-    - http://127.0.0.1:5000
-    - http://127.0.0.1:5000/login
-    - http://127.0.0.1:5000/recover
-    - http://127.0.0.1:5000/settings
-
-  methods:
-    password:
-      enabled: true
-    link:
-      enabled: true
-
-  flows:
-    error:
-      ui_url: http://127.0.0.1:4455/error
-
-    settings:
-      ui_url: http://127.0.0.1:5000/settings
-      privileged_session_max_age: 15m
-
-    recovery:
-      enabled: true
-      ui_url: http://127.0.0.1:5000/recover
-
-    verification:
-      enabled: true
-      ui_url: http://127.0.0.1:4455/verify
-      after:
-        default_browser_return_url: http://127.0.0.1:4455/
-
-    logout:
-      after:
-        default_browser_return_url: http://127.0.0.1:4455/auth/login
-
-    login:
-      ui_url: http://127.0.0.1:5000/auth
-      lifespan: 10m
-
-    registration:
-      lifespan: 10m
-      ui_url: http://127.0.0.1:4455/auth/registration
-      # after:
-      #   password:
-      #     hooks:
-      #       -
-      #         hook: session
-
-log:
-  level: debug
-  format: text
-  leak_sensitive_values: true
-
-secrets:
-  cookie:
-    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
-
-identity:
-  default_schema_url: file:///etc/config/kratos/identity.schema.json
-
-courier:
-  smtp:
-    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true&legacy_ssl=true
-
-hashers:
-  argon2:
-    parallelism: 1
-    memory: 128MB
-    iterations: 2
-    salt_length: 16
-    key_length: 16