https://github.com/leancodepl/terraform-kratos-module

https://github.com/leancodepl/terraform-kratos-module

Last synced: 3 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/leancodepl/terraform-kratos-module
• Owner: leancodepl
• Created: 2023-05-22T13:43:31.000Z (about 3 years ago)
• Default Branch: master
• Last Pushed: 2026-02-18T10:48:54.000Z (4 months ago)
• Last Synced: 2026-02-27T18:38:11.055Z (3 months ago)
• Language: HCL
• Size: 30.3 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# terraform-kratos-module

A Terraform module for easy deployment of Ory Kratos.

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.9 |

|  [kubernetes](#requirement\_kubernetes) | >= 2.20 |

|  [random](#requirement\_random) | >= 3.5 |

## Providers

| Name | Version |

|------|---------|

|  [kubernetes](#provider\_kubernetes) | >= 2.20 |

|  [random](#provider\_random) | >= 3.5 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [kubernetes_config_map_v1.kratos_config_files](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1) | resource |

| [kubernetes_deployment_v1.kratos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment_v1) | resource |

| [kubernetes_deployment_v1.kratos_courier](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment_v1) | resource |

| [kubernetes_ingress_v1.kratos_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource |

| [kubernetes_job_v1.kratos_migrations](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/job_v1) | resource |

| [kubernetes_secret_v1.kratos_config_yaml](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |

| [kubernetes_secret_v1.kratos_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |

| [kubernetes_service_account_v1.kratos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |

| [kubernetes_service_v1.kratos_service](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_v1) | resource |

| [random_password.kratos_cipher_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |

| [random_password.kratos_cookie_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |

| [kubernetes_namespace_v1.kratos_ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/namespace_v1) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [config\_files](#input\_config\_files) | Additional files to be mounted at /etc/kratos, e.g. identity schemas and courier templates | `map(string)` | `{}` | no |

|  [config\_yaml](#input\_config\_yaml) | Content of kratos.yaml configuration file | `string` | n/a | yes |

|  [courier\_mode](#input\_courier\_mode) | Message courier deployment mode, one of: "disabled", "background", "standalone" | `string` | n/a | yes |

|  [courier\_resources](#input\_courier\_resources) | Resource requests and limits for courier Kratos pod | 
object({
    requests = object({
      cpu    = string
      memory = string
    })
    limits = object({
      cpu    = string
      memory = string
    })
  })
 | n/a | yes |

|  [courier\_smtp\_connection\_uri](#input\_courier\_smtp\_connection\_uri) | SMTP connection data and credentials in URI form for email delivery, e.g. smtps://apikey:SG.myapikey@smtp.sendgrid.net:465 | `string` | n/a | yes |

|  [dsn](#input\_dsn) | Data source name, database connection data and credentials in URI form, e.g. postgresql://kratos:correct%20horse%20battery%20staple@postgresd:5432/kratosdb?sslmode=require&max_conns=20&max_idle_conns=4 | `string` | n/a | yes |

|  [env](#input\_env) | A list of additional environment variables that will be passed as the `env` block in pods | 
list(object({
    name  = string
    value = optional(string)
    value_from = optional(object({
      config_map_key_ref = optional(object({
        optional = bool
        name     = string
        key      = string
      }))
      secret_key_ref = optional(object({
        optional = bool
        name     = string
        key      = string
      }))
      field_ref = optional(object({
        api_version = string
        field_path  = string
      }))
      resource_field_ref = optional(object({
        container_name = string
        divisor        = string
        resource       = string
      }))
    }))
  }))
 | `[]` | no |

|  [image](#input\_image) | Image repository and version to use for deployment | `string` | `"docker.io/oryd/kratos:v1.0.0"` | no |

|  [ingress\_host](#input\_ingress\_host) | Create an ingress to expose public Kratos endpoint under this hostname if provided | `string` | n/a | yes |

|  [labels](#input\_labels) | Kubernetes labels to attach to created resources | `map(string)` | `{}` | no |

|  [namespace](#input\_namespace) | Kubernetes namespace to deploy to | `string` | n/a | yes |

|  [project](#input\_project) | Project name to used as label and prefix for created resources | `string` | n/a | yes |

|  [replicas](#input\_replicas) | Number of main Kratos pod replicas, must be a positive integer | `number` | `1` | no |

|  [resources](#input\_resources) | Resource requests and limits for main Kratos pods | 
object({
    requests = object({
      cpu    = string
      memory = string
    })
    limits = object({
      cpu    = string
      memory = string
    })
  })
 | n/a | yes |

|  [secrets](#input\_secrets) | External secrets to import and use instead of generating new ones, cookie must be at least 16 characters long and cipher must be exactly 32 characters long | 
object({
    cookie = string
    cipher = string
  })
 | `null` | no |


## Outputs

| Name | Description |

|------|-------------|

|  [cipher\_secret](#output\_cipher\_secret) | Used (generated or imported) cipher secret |

|  [cookie\_secret](#output\_cookie\_secret) | Used (generated or imported) cookie secret |

|  [external\_ingress\_url](#output\_external\_ingress\_url) | Public URL for connecting to deployed Kratos instance from outside the cluster, if ingress\_host was provided |

|  [internal\_service\_url](#output\_internal\_service\_url) | Cluster-private URLs for connecting to deployed Kratos instance, both public and admin API endpoints |

|  [service\_account\_name](#output\_service\_account\_name) | Name of created Kubernetes service account for the main Kratos server workload |

|  [service\_name](#output\_service\_name) | Name of created Kubernetes service for use with other routing schemes |