Merge branch 'master' into feat/keto-automigration-configure-resources

docs/helm/hydra.md

@@ -308,6 +308,11 @@ $ hydra token client \
 If you use need to construct DSN environment variable on the fly, you can leave
 `hydra.config.dsn` empty and provide custom DSN variable via `extraEnv`, e.g.:
 
+> **Note:** extraEnvs are defined separatly for individual objects (deployments,
+> statefulsets, jobs etc), and therefore you need to define the env for all
+> objects using it. Please refer to
+> [kratos values as an example](https://github.dev/ory/k8s/blob/master/helm/charts/kratos/values.yaml)
+
 ```yaml
 deployment:
   extraEnv:

docs/helm/keto.md

@@ -63,6 +63,26 @@ $ helm install \
     ory/keto
 ```
 
+### Set up DSN variable on runtime
+
+If you use need to construct DSN environment variable on the fly, you can leave
+`keto.config.dsn` empty and provide custom DSN variable via `extraEnv`, e.g.:
+
+> **Note:** extraEnvs are defined separatly for individual objects (deployments,
+> statefulsets, jobs etc), and therefore you need to define the env for all
+> objects using it. Please refer to
+> [kratos values as an example](https://github.dev/ory/k8s/blob/master/helm/charts/kratos/values.yaml)
+
+```yaml
+deployment:
+  extraEnv:
+    - name: DSN
+      valueFrom:
+        secretKeyRef:
+          name: keto-dsn-secret
+          key: dsn
+```
+
 ## Configuration
 
 You can pass your

docs/helm/kratos.md

@@ -137,6 +137,48 @@ Additionally, the following extra settings are available:
 - `ingress.public.enabled` (bool): If enabled, an ingress is created on public
   endpoint Check values.yaml for more configuration options.
 
+### Set up DSN variable on runtime
+
+If you use need to construct DSN environment variable on the fly, you can leave
+`kratos.config.dsn` empty and provide custom DSN variable via `extraEnv`, e.g.:
+
+> **Note:** extraEnvs are defined separatly for individual objects (deployments,
+> statefulsets, jobs etc), and therefore you need to define the env for all
+> objects using it. Please refer to
+> [kratos values as an example](https://github.dev/ory/k8s/blob/master/helm/charts/kratos/values.yaml)
+
+```yaml
+deployment:
+  extraEnv:
+    - name: DSN
+      valueFrom:
+        secretKeyRef:
+          name: dsn-secret
+          key: dsn
+statefulSet:
+  extraEnv:
+    - name: DSN
+      valueFrom:
+        secretKeyRef:
+          name: dsn-secret
+          key: dsn
+job:
+  extraEnv:
+    - name: DSN
+      valueFrom:
+        secretKeyRef:
+          name: dsn-secret
+          key: dsn
+cronjob:
+  cleanup:
+    extraEnv:
+      - name: DSN
+        valueFrom:
+          secretKeyRef:
+            name: dsn-secret
+            key: dsn
+```
+
 ### Custom Secrets
 
 ```

hacks/manifests/dsn-secret.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+data:
+  dsn: cG9zdGdyZXM6Ly9wb3N0Z3JlczpvcnlAcG9zdGdyZXNxbC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsL29yeV9rcmF0b3M/c3NsbW9kZT1kaXNhYmxlJm1heF9jb25uX2xpZmV0aW1lPTEwcwo=
+kind: Secret
+metadata:
+  name: dsn-secret

hacks/values/kratos.yaml

@@ -73,7 +73,6 @@ kratos:
   config:
     # ciphers:
     #   algorithm: aes
-    dsn: "postgres://postgres:[email protected]/ory_kratos?sslmode=disable&max_conn_lifetime=10s"
     selfservice:
       #      default_browser_return_url: http://127.0.0.1:4455/
       default_browser_return_url: "http://{{ .Values.global.dnsDomain }}:4455/"
@@ -230,6 +229,11 @@ deployment:
   extraEnv:
     - name: FOO
       value: BAR
+    - name: DSN
+      valueFrom:
+        secretKeyRef:
+          name: dsn-secret
+          key: dsn
   customLivenessProbe:
     failureThreshold: 5
     exec:
@@ -259,9 +263,12 @@ deployment:
   environmentSecretsName: env-secrets
 
 statefulSet:
-  extraArgs:
-    - --expose-metrics-port
-    - "8080"
+  extraEnv:
+    - name: DSN
+      valueFrom:
+        secretKeyRef:
+          name: dsn-secret
+          key: dsn
   podMetadata:
     labels:
       ory.sh/pod_label: kratos_courier
@@ -272,6 +279,11 @@ statefulSet:
 
 job:
   extraEnv:
+    - name: DSN
+      valueFrom:
+        secretKeyRef:
+          name: dsn-secret
+          key: dsn
     - name: LOREM
       value: IPSUM
   extraInitContainers: |
@@ -328,6 +340,12 @@ cronjob:
         ory.sh/pod_annotation: kratos
     podSecurityContext:
       runAsNonRoot: true
+    extraEnv:
+      - name: DSN
+        valueFrom:
+          secretKeyRef:
+            name: dsn-secret
+            key: dsn
 
 serviceMonitor:
   enabled: true
@@ -340,6 +358,3 @@ test:
   busybox:
     repository: docker.io/library/busybox
     tag: 1.36
-service:
-  admin:
-    metricsPath: "/admin/metrics/different-prometheus-path"

helm/charts/example-idp/Chart.yaml

@@ -4,5 +4,5 @@ description:
   A Helm chart for deploying the reference implementation for the User Login and
   Consent Flow in Kubernetes
 name: example-idp
-version: 0.41.0
+version: 0.42.1
 type: application

helm/charts/example-idp/README.md

@@ -1,6 +1,6 @@
 # example-idp
 
-![Version: 0.41.0](https://img.shields.io/badge/Version-0.41.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.6](https://img.shields.io/badge/AppVersion-1.4.6-informational?style=flat-square)
+![Version: 0.42.1](https://img.shields.io/badge/Version-0.42.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.6](https://img.shields.io/badge/AppVersion-1.4.6-informational?style=flat-square)
 
 A Helm chart for deploying the reference implementation for the User Login and Consent Flow in Kubernetes
 

helm/charts/hydra-maester/Chart.yaml

@@ -3,5 +3,5 @@ appVersion: "v0.0.33"
 description: A Helm chart for Kubernetes
 name: hydra-maester
 icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
-version: 0.41.0
+version: 0.42.1
 type: application

helm/charts/hydra-maester/README.md

@@ -1,6 +1,6 @@
 # hydra-maester
 
-![Version: 0.41.0](https://img.shields.io/badge/Version-0.41.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.33](https://img.shields.io/badge/AppVersion-v0.0.33-informational?style=flat-square)
+![Version: 0.42.1](https://img.shields.io/badge/Version-0.42.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.33](https://img.shields.io/badge/AppVersion-v0.0.33-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 

helm/charts/hydra/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: hydra-maester
   repository: file://../hydra-maester
-  version: 0.41.0
-digest: sha256:e910a17fb1b8284cdaab6abd2ad3373f10199079c86e7a5ece5903c7dbc781ae
-generated: "2024-04-10T08:10:51.273881568Z"
+  version: 0.42.1
+digest: sha256:7e63766b6fc62dd31d8bf69d3b0ea91c555455b47b1ca8b11eff52f2db3a4859
+generated: "2024-05-15T12:49:36.265804268Z"

helm/charts/hydra/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "v2.2.0"
 description: A Helm chart for deploying ORY Hydra in Kubernetes
 name: hydra
 icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
-version: 0.41.0
+version: 0.42.1
 keywords:
   - oauth2
   - openid-connect
@@ -23,7 +23,7 @@ maintainers: # (optional)
 type: application
 dependencies:
   - name: hydra-maester
-    version: 0.41.0
+    version: 0.42.1
     condition: maester.enabled
     alias: hydra-maester
     repository: file://../hydra-maester

helm/charts/hydra/README.md

@@ -1,6 +1,6 @@
 # hydra
 
-![Version: 0.41.0](https://img.shields.io/badge/Version-0.41.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.0](https://img.shields.io/badge/AppVersion-v2.2.0-informational?style=flat-square)
+![Version: 0.42.1](https://img.shields.io/badge/Version-0.42.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.0](https://img.shields.io/badge/AppVersion-v2.2.0-informational?style=flat-square)
 
 A Helm chart for deploying ORY Hydra in Kubernetes
 
@@ -21,7 +21,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 
 | Repository | Name | Version |
 |------------|------|---------|
-| file://../hydra-maester | hydra-maester(hydra-maester) | 0.41.0 |
+| file://../hydra-maester | hydra-maester(hydra-maester) | 0.42.1 |
 
 ## Values
 

helm/charts/keto/Chart.yaml

@@ -21,7 +21,7 @@ maintainers:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.41.0
+version: 0.42.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

helm/charts/keto/README.md

@@ -1,6 +1,6 @@
 # keto
 
-![Version: 0.41.0](https://img.shields.io/badge/Version-0.41.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.0](https://img.shields.io/badge/AppVersion-v0.12.0-informational?style=flat-square)
+![Version: 0.42.1](https://img.shields.io/badge/Version-0.42.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.0](https://img.shields.io/badge/AppVersion-v0.12.0-informational?style=flat-square)
 
 Access Control Policies as a Server
 

helm/charts/keto/templates/_helpers.tpl

@@ -45,7 +45,9 @@ Create chart name and version as used by the chart label.
 Generate the dsn value
 */}}
 {{- define "keto.dsn" -}}
+{{ if .Values.keto.config.dsn }}
 {{- .Values.keto.config.dsn }}
+{{- end }}
 {{- end -}}
 
 {{/*
@@ -115,12 +117,12 @@ checksum/keto-secrets: {{ include (print $.Template.BasePath "/secrets.yaml") .
 {{- end }}
 
 {{/*
-Check the migration type value and fail if unexpected 
+Check the migration type value and fail if unexpected
 */}}
 {{- define "keto.automigration.typeVerification" -}}
 {{- if and .Values.keto.automigration.enabled  .Values.keto.automigration.type }}
   {{- if and (ne .Values.keto.automigration.type "initContainer") (ne .Values.keto.automigration.type "job") }}
     {{- fail "keto.automigration.type must be either 'initContainer' or 'job'" -}}
-  {{- end }}  
+  {{- end }}
 {{- end }}
 {{- end }}

helm/charts/keto/templates/deployment.yaml

@@ -92,11 +92,13 @@ spec:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           env:
+            {{- if not (empty ( include "keto.dsn" . )) }}
             - name: DSN
               valueFrom:
                 secretKeyRef:
                   name: {{ include "keto.secretname" . }}
                   key: dsn
+            {{- end }}
             {{- with $migrationExtraEnv }}
               {{- toYaml . | nindent 12 }}
             {{- end }}
@@ -181,11 +183,13 @@ spec:
           resources:
             {{- toYaml $resources | nindent 12 }}
           env:
+            {{- if not (empty ( include "keto.dsn" . )) }}
             - name: DSN
               valueFrom:
                 secretKeyRef:
                   name: {{ include "keto.secretname" . }}
                   key: dsn
+            {{- end }}
             {{- with .Values.deployment.extraEnv }}
               {{- toYaml . | nindent 12 }}
             {{- end }}

helm/charts/keto/templates/job-migration.yaml

@@ -75,11 +75,13 @@ spec:
           {{- toYaml . | nindent 10 }}
         {{- end }}
         env:
+          {{- if not (empty ( include "keto.dsn" . )) }}
           - name: DSN
             valueFrom:
               secretKeyRef:
                 name: {{ include "keto.secretname" . }}
                 key: dsn
+          {{- end }}
           {{- with $migrationExtraEnv }}
             {{- toYaml . | nindent 10 }}
           {{- end }}

helm/charts/kratos-selfservice-ui-node/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 appVersion: "v0.13.0-4"
 description: A Helm chart for ORY Kratos's example ui for Kubernetes
 name: kratos-selfservice-ui-node
-version: 0.41.0
+version: 0.42.1
 type: application

helm/charts/kratos-selfservice-ui-node/README.md

@@ -1,6 +1,6 @@
 # kratos-selfservice-ui-node
 
-![Version: 0.41.0](https://img.shields.io/badge/Version-0.41.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0-4](https://img.shields.io/badge/AppVersion-v0.13.0--4-informational?style=flat-square)
+![Version: 0.42.1](https://img.shields.io/badge/Version-0.42.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0-4](https://img.shields.io/badge/AppVersion-v0.13.0--4-informational?style=flat-square)
 
 A Helm chart for ORY Kratos's example ui for Kubernetes
 

helm/charts/kratos/Chart.yaml

@@ -3,5 +3,5 @@ appVersion: "v1.1.0"
 description: A ORY Kratos Helm chart for Kubernetes
 name: kratos
 icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-kratos.svg
-version: 0.41.0
+version: 0.42.1
 type: application

helm/charts/kratos/README.md

@@ -1,6 +1,6 @@
 # kratos
 
-![Version: 0.41.0](https://img.shields.io/badge/Version-0.41.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.1.0](https://img.shields.io/badge/AppVersion-v1.1.0-informational?style=flat-square)
+![Version: 0.42.1](https://img.shields.io/badge/Version-0.42.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.1.0](https://img.shields.io/badge/AppVersion-v1.1.0-informational?style=flat-square)
 
 A ORY Kratos Helm chart for Kubernetes
 
@@ -150,6 +150,14 @@ A ORY Kratos Helm chart for Kubernetes
 | service.admin.nodePort | string | `""` |  |
 | service.admin.port | int | `80` |  |
 | service.admin.type | string | `"ClusterIP"` |  |
+| service.courier.annotations | object | `{}` | Provide custom annotations. |
+| service.courier.containerPort | int | `4434` | Container Port |
+| service.courier.enabled | bool | `true` |  |
+| service.courier.labels | object | `{}` | Provide custom labels. Use the same syntax as for annotations. |
+| service.courier.metricsPath | string | `"/metrics/prometheus"` | Path to the metrics endpoint |
+| service.courier.name | string | `"http-metrics"` | The service port name. Useful to set a custom service port name if it must follow a scheme (e.g. Istio) |
+| service.courier.port | int | `80` | Service Port |
+| service.courier.type | string | `"ClusterIP"` |  |
 | service.public.annotations | object | `{}` | If you do want to specify annotations, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'annotations:'. |
 | service.public.enabled | bool | `true` |  |
 | service.public.labels | object | `{}` | Provide custom labels. Use the same syntax as for annotations. |

helm/charts/kratos/templates/_helpers.tpl

@@ -46,7 +46,9 @@ Create chart name and version as used by the chart label.
 Generate the dsn value
 */}}
 {{- define "kratos.dsn" -}}
+{{ if .Values.kratos.config.dsn }}
 {{- .Values.kratos.config.dsn }}
+{{- end }}
 {{- end -}}
 
 {{/*