terraform-kratos-module

A Terraform module for easy deployment of Ory Kratos.

Requirements

Name	Version
terraform	>= 1.9
kubernetes	>= 2.20
random	>= 3.5

Providers

Name	Version
kubernetes	2.37.1
random	3.7.2

Modules

No modules.

Resources

Name	Type
kubernetes_config_map_v1.kratos_config_files	resource
kubernetes_deployment_v1.kratos	resource
kubernetes_deployment_v1.kratos_courier	resource
kubernetes_ingress_v1.kratos_ingress	resource
kubernetes_job_v1.kratos_migrations	resource
kubernetes_secret_v1.kratos_config_yaml	resource
kubernetes_secret_v1.kratos_secret	resource
kubernetes_service_v1.kratos_service	resource
random_password.kratos_cipher_secret	resource
random_password.kratos_cookie_secret	resource
kubernetes_namespace_v1.kratos_ns	data source

Inputs

Name	Description	Type	Default	Required
config_files	Additional files to be mounted at /etc/kratos, e.g. identity schemas and courier templates	map(string)	{}	no
config_yaml	Content of kratos.yaml configuration file	string	n/a	yes
courier_mode	Message courier deployment mode, one of: "disabled", "background", "standalone"	string	n/a	yes
courier_resources	Resource requests and limits for courier Kratos pod	object({ requests = object({ cpu = string memory = string }) limits = object({ cpu = string memory = string }) })	n/a	yes
courier_smtp_connection_uri	SMTP connection data and credentials in URI form for email delivery, e.g. smtps://apikey:[email protected]:465	string	n/a	yes
dsn	Data source name, database connection data and credentials in URI form, e.g. postgresql://kratos:correct%20horse%20battery%20staple@postgresd:5432/kratosdb?sslmode=require&max_conns=20&max_idle_conns=4	string	n/a	yes
env	A list of additional environment variables that will be passed as the env block in pods	list(object({ name = string value = optional(string) value_from = optional(object({ config_map_key_ref = optional(object({ optional = bool name = string key = string })) secret_key_ref = optional(object({ optional = bool name = string key = string })) field_ref = optional(object({ api_version = string field_path = string })) resource_field_ref = optional(object({ container_name = string divisor = string resource = string })) })) }))	[]	no
image	Image repository and version to use for deployment	string	"docker.io/oryd/kratos:v1.0.0"	no
ingress_host	Create an ingress to expose public Kratos endpoint under this hostname if provided	string	n/a	yes
labels	Kubernetes labels to attach to created resources	map(string)	{}	no
namespace	Kubernetes namespace to deploy to	string	n/a	yes
project	Project name to used as label and prefix for created resources	string	n/a	yes
replicas	Number of main Kratos pod replicas, must be a positive integer	number	1	no
resources	Resource requests and limits for main Kratos pods	object({ requests = object({ cpu = string memory = string }) limits = object({ cpu = string memory = string }) })	n/a	yes
secrets	External secrets to import and use instead of generating new ones, cookie must be at least 16 characters long and cipher must be exactly 32 characters long	object({ cookie = string cipher = string })	null	no

Outputs

Name	Description
cipher_secret	Used (generated or imported) cipher secret
cookie_secret	Used (generated or imported) cookie secret
external_ingress_url	Public URL for connecting to deployed Kratos instance from outside the cluster, if ingress_host was provided
internal_service_url	Cluster-private URLs for connecting to deployed Kratos instance, both public and admin API endpoints
service_name	Name of created Kubernetes service for use with other routing schemes