kratos

Kratos

Channel Revision Published Runs on
latest/stable 527 20 Jan 2025
Ubuntu 22.04
latest/edge 566 12 Dec 2025
Ubuntu 22.04
istio/edge 548 10 Mar 2025
Ubuntu 22.04
0.5/edge 565 24 Nov 2025
Ubuntu 22.04
0.4/edge 561 13 Aug 2025
Ubuntu 22.04
0.3/edge 419 05 Jul 2024
Ubuntu 22.04
0.2/stable 406 26 Jun 2024
Ubuntu 22.04
0.2/edge 406 02 May 2024
Ubuntu 22.04
0.1/edge 383 29 Sep 2023
Ubuntu 22.04
juju deploy kratos --channel 0.5/edge
Show information

Learn to deploy on juju >

Platform:

Learn about configurations >

  • cpu | string

    K8s cpu resource limit, e.g. "1" or "500m". Default is unset (no limit). This value is used for the "limits" portion of the resource requirements (the "requests" portion is automatically deduced from it). See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

  • default_identity_schema_id | string

    The default identity schema id, this option only works when identity_schemas is defined

  • dev | boolean

    Run Kratos on dev mode, it is needed if HTTPS is not set up. This should only be used for development purposes.

  • enable_local_idp | boolean

    Default: True

    Enable Kratos Identity Provider

  • enable_oidc_webauthn_sequencing | boolean

    Enforce setting up a WebAuthn key (e.g. with YubiKey or Google Password Manager on Android) after signing in with an external identity provider. Requires enable_passwordless_login_method=False. WARNING: Do not enable this option unless you are sure that this feature applies to your deployment.

  • enable_passwordless_login_method | boolean

    Enable passwordless authentication via webauthn. Requires enable_local_idp=True.

  • enforce_mfa | boolean

    Default: True

    Enforce users to set up and use multi factor authentication. Disabling this option will allow users to log in with password or webauthn without completing 2fa.

  • http_proxy | string

    URL of the HTTP proxy eg http://proxy.internal:6666, it will set the HTTP_PROXY var in the workload environment

  • https_proxy | string

    URL of the HTTPS proxy eg http://proxy.internal:6666, it will set the HTTPS_PROXY var in the workload environment

  • identity_schemas | string

    A mapping of schema_id to identity schemas. For example: { "user_v0": { "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json", "$schema": "http://json-schema.org/draft-07/schema#", "title": "Person", "type": "object", "properties": { "traits": { "type": "object", "properties": { "email": { "type": "string", "format": "email", "title": "E-Mail", "minLength": 3, "ory.sh/kratos": { "verification": { "via": "email" } } }, "name": { "type": "string" } } }, "additionalProperties": true } } }

  • log_level | string

    Default: info

    The verbosity of logs produced by Kratos. Available values are: panic, fatal, error, warn, info, debug, and trace.

  • memory | string

    K8s memory resource limit, e.g. "1Gi". Default is unset (no limit). This value is used for the "limits" portion of the resource requirements (the "requests" portion is automatically deduced from it). See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

  • no_proxy | string

    Domains that need to be excluded from proxying no_proxy="test.com,test.co.uk", it is a comma separate list

  • recovery_email_template | string

    The custom html template used to send emails with recovery codes. For example:

    Hi, Please enter the following code to recover your account: {{ .RecoveryCode }}