Ory integration guide #20973
Ory integration guide #20973
Conversation
✅ Deploy Preview for cockroachdb-interactivetutorials-docs canceled.
|
✅ Deploy Preview for cockroachdb-api-docs canceled.
|
Files changed:
|
|
|
||
| ### Alternative: Terraform setup | ||
|
|
||
| Provisioning a distributed identity stack can be time-consuming when done manually. The [Ory/CockroachDB sandbox](https://github.com/amineelkouhen/crdb-ory-sandbox) project encapsulates all necessary steps — from creating the CockroachDB cluster and its three Ory databases, to deploying Ory (Kratos, Hydra, and Keto) into an EKS cluster. |
There was a problem hiding this comment.
Docs question: All throughout this document there are links to amine's github. That's where the images are coming from, plus there are two hyperlinks that the reader can follow (both here and on line 923) that lead to projects on amine's github. Should all of this stuff instead be hosted on Cockroach corporate github accounts?
✅ Netlify Preview
To edit notification comments on pull requests, go to your Netlify project configuration. |
| @@ -0,0 +1,23 @@ | |||
| { | |||
| "title": "Integrate", | |||
There was a problem hiding this comment.
Happy for any feedback on where to put these pages or what to call them.
|
|
||
| {% include_cached copy-clipboard.html %} | ||
| ~~~ shell | ||
| $ hydra_admin_hostname=$(kubectl get svc --namespace ory ory-hydra-admin --template "") |
There was a problem hiding this comment.
Note for Amine: I was getting errors when the trying to build with the original line here, which is why the --template flag is an empty string. The original line contained something like
"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
which the build was failing to deal with. There are six instances of this on the page, all of which I removed.
There was a problem hiding this comment.
@bsanchez-the-roach I think that jekill considers { as a special character, so it fails.
I suggest to replace all code block :
{% include_cached copy-clipboard.html %}
~~~ shell
$ hydra_admin_hostname=$(kubectl get svc --namespace ory ory-hydra-admin --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
$ hydra_public_hostname=$(kubectl get svc --namespace ory ory-hydra-public --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
$ export HYDRA_ADMIN_URL=http://$hydra_admin_hostname:4445
$ export HYDRA_PUBLIC_URL=http://$hydra_public_hostname:4444
~~~
By the following html block:
<div class="highlight">
<pre>
<code class="language-shell" data-lang="shell">
<span class="nv">$ hydra_admin_hostname</span>
<span class="o">=</span>
<span class="si">$(</span>kubectl get svc
<span class="nt">--namespace</span> ory ory-hydra-admin
<span class="nt">--template</span>
<span class="s2">"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"</span>
<span class="si">)</span>
<span class="nv">$ hydra_public_hostname</span>
<span class="o">=</span>
<span class="si">$(</span>kubectl get svc
<span class="nt">--namespace</span> ory ory-hydra-public
<span class="nt">--template</span>
<span class="s2">"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"</span>
<span class="si">)</span>
<span class="nv">$ </span>
<span class="nb">export </span>
<span class="nv">HYDRA_ADMIN_URL</span>
<span class="o">=</span>http://
<span class="nv">$hydra_admin_hostname</span>:4445
<span class="nv">$ </span>
<span class="nb">export </span>
<span class="nv">HYDRA_PUBLIC_URL</span>
<span class="o">=</span>http://
<span class="nv">$hydra_public_hostname</span>:4444
</code>
</pre>
</div>
| ~~~ shell | ||
| $ helm repo add ory https://k8s.ory.sh/helm/charts | ||
| ~~~ | ||
|
|
There was a problem hiding this comment.
To @bsanchez-the-roach, add the following text here:
You should now get the following message, confirming the repository was added.
| $ export KRATOS_ADMIN_URL=http://$kratos_admin_hostname:4433 | ||
| $ export KRATOS_PUBLIC_URL=http://$kratos_public_hostname:4434 | ||
| ~~~ | ||
|
|
There was a problem hiding this comment.
@bsanchez-the-roach I think that jekill considers { as a special character, so it fails.
I suggest to replace all code block :
{% include_cached copy-clipboard.html %}
$ kratos_admin_hostname=$(kubectl get svc --namespace ory ory-kratos-admin --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
$ kratos_public_hostname=$(kubectl get svc --namespace ory ory-kratos-public --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
$ export KRATOS_ADMIN_URL=http://$kratos_admin_hostname:4433
$ export KRATOS_PUBLIC_URL=http://$kratos_public_hostname:4434 By the following html block:
<div class="highlight">
<pre>
<code class="language-shell" data-lang="shell">
<span class="nv">$ kratos_admin_hostname</span>
<span class="o">=</span>
<span class="si">$(</span>kubectl get svc
<span class="nt">--namespace</span> ory ory-kratos-admin
<span class="nt">--template</span>
<span class="s2">"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"</span>
<span class="si">)</span>
<span class="nv">$ kratos_public_hostname</span>
<span class="o">=</span>
<span class="si">$(</span>kubectl get svc
<span class="nt">--namespace</span> ory ory-kratos-public
<span class="nt">--template</span>
<span class="s2">"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"</span>
<span class="si">)</span>
<span class="nv">$ </span>
<span class="nb">export </span>
<span class="nv">KRATOS_ADMIN_URL</span>
<span class="o">=</span>http://
<span class="nv">$kratos_admin_hostname</span>:4433
<span class="nv">$ </span>
<span class="nb">export </span>
<span class="nv">KRATOS_PUBLIC_URL</span>
<span class="o">=</span>http://
<span class="nv">$kratos_public_hostname</span>:4434
</code>
</pre>
</div>
| $ export KETO_WRITE_REMOTE=http://$keto_write_hostname:4467 | ||
| $ export KETO_READ_REMOTE=http://$keto_read_hostname:4466 | ||
| ~~~ | ||
|
|
There was a problem hiding this comment.
@bsanchez-the-roach I think that jekill considers '{' as a special character, so it fails.
I suggest to replace all code block :
{% include_cached copy-clipboard.html %}
$ keto_read_hostname=$(kubectl get svc --namespace ory ory-keto-read --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
$ keto_write_hostname=$(kubectl get svc --namespace ory ory-keto-write --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
$ export KETO_WRITE_REMOTE=http://$keto_write_hostname:4467
$ export KETO_READ_REMOTE=http://$keto_read_hostname:4466By the following html block:
<div class="highlight">
<pre>
<code class="language-shell" data-lang="shell">
<span class="nv">$ keto_read_hostname</span>
<span class="o">=</span>
<span class="si">$(</span>kubectl get svc
<span class="nt">--namespace</span> ory ory-keto-read
<span class="nt">--template</span>
<span class="s2">"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"</span>
<span class="si">)</span>
<span class="nv">$ keto_write_hostname</span>
<span class="o">=</span>
<span class="si">$(</span>kubectl get svc
<span class="nt">--namespace</span> ory ory-keto-write
<span class="nt">--template</span>
<span class="s2">"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"</span>
<span class="si">)</span>
<span class="nv">$ </span>
<span class="nb">export </span>
<span class="nv">KETO_WRITE_REMOTE</span>
<span class="o">=</span>http://
<span class="nv">$keto_write_hostname</span>:4467
<span class="nv">$ </span>
<span class="nb">export </span>
<span class="nv">KETO_READ_REMOTE</span>
<span class="o">=</span>http://
<span class="nv">$keto_read_hostname</span>:4466
</code>
</pre>
</div>
| {% include_cached copy-clipboard.html %} | ||
| ~~~ shell | ||
| $ cockroach sql \ | ||
| --url "cockroach://root@CRDB_FQDN:26257/defaultdb?sslmode=disable" |
There was a problem hiding this comment.
I think this is maybe supposed to be postgresql://root@CRDB_FQDN:26257/defaultdb?sslmode=disable
|
|
||
| {% include_cached copy-clipboard.html %} | ||
| ~~~ sql | ||
| CREATE USER ory WITH PASSWORD 'securepass'; |
There was a problem hiding this comment.
I'm having trouble with this "CREATE USER" command. I get the following:
ERROR: setting or updating a password is not supported in insecure mode
but it looks like we're explicitly asking them to use that with the "sslmode=disable" part of the "cockroach sql command above" so I'm a bit confused.
2 participants
I've restructured and partially edited Amine El Kouhen's Ory/CRDB Integration Guide.
I've put the information on two separate pages. There's the Ory Overview, which just has information about Ory for people who aren't familiar. This page should ultimately make no mention of CockroachDB. The other page is the Ory Integration Guide, which begins with an overview of what an integration could look like, and then walks you through how to do the integration and test it.
I haven't yet gone through the tutorial step by step myself, I wanted to get more eyes on this first to see if things were looking good. I've left a few comments on the PR. I mainly want thoughts on structure and general content - line-editing won't be as useful at this point, as there are sections that I already know I want to work on.