Add OEL image support to Ory Kratos and Hydra modules (#186)

* Add OEL image support to Ory Kratos and Hydra modules

* Remove image_registry variable: Ory Helm chart ignores it, use full path in image_repository

Author: bobbyiliev

kubernetes/modules/ory-hydra/main.tf

@@ -24,6 +24,17 @@ locals {
   secrets_system = var.secrets_system != null ? var.secrets_system : random_password.secrets_system[0].result
   secrets_cookie = var.secrets_cookie != null ? var.secrets_cookie : random_password.secrets_cookie[0].result
 
+  image_config = var.image_repository != null || var.image_tag != null ? {
+    image = merge(
+      var.image_repository != null ? { repository = var.image_repository } : {},
+      var.image_tag != null ? { tag = var.image_tag } : {},
+    )
+  } : {}
+
+  image_pull_secrets_config = length(var.image_pull_secrets) > 0 ? {
+    imagePullSecrets = [for name in var.image_pull_secrets : { name = name }]
+  } : {}
+
   urls_config = merge(
     {
       self = {
@@ -35,7 +46,7 @@ locals {
     var.logout_url != null ? { logout = var.logout_url } : {},
   )
 
-  default_helm_values = {
+  default_helm_values = merge({
     replicaCount = var.replica_count
 
     secret = {
@@ -115,7 +126,7 @@ locals {
         port    = 4445
       }
     }
-  }
+  }, local.image_config, local.image_pull_secrets_config)
 }
 
 resource "helm_release" "hydra" {

kubernetes/modules/ory-hydra/variables.tf

@@ -164,6 +164,25 @@ variable "maester_enabled" {
   nullable    = false
 }
 
+variable "image_repository" {
+  description = "Override the Docker image repository for Hydra. Must include the full registry path as the Ory Helm chart ignores image.registry. Example: europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel"
+  type        = string
+  default     = null
+}
+
+variable "image_tag" {
+  description = "Override the Docker image tag for Hydra. If not set, the chart default will be used."
+  type        = string
+  default     = null
+}
+
+variable "image_pull_secrets" {
+  description = "List of Kubernetes secret names for pulling images from private registries. Required for OEL deployments."
+  type        = list(string)
+  default     = []
+  nullable    = false
+}
+
 variable "helm_values" {
   description = "Additional values to pass to the Helm chart. These will be deep-merged with the module's default values, with these values taking precedence."
   type        = any

kubernetes/modules/ory-kratos/main.tf

@@ -35,6 +35,17 @@ locals {
     identitySchemas = var.identity_schemas
   } : {}
 
+  image_config = var.image_repository != null || var.image_tag != null ? {
+    image = merge(
+      var.image_repository != null ? { repository = var.image_repository } : {},
+      var.image_tag != null ? { tag = var.image_tag } : {},
+    )
+  } : {}
+
+  image_pull_secrets_config = length(var.image_pull_secrets) > 0 ? {
+    imagePullSecrets = [for name in var.image_pull_secrets : { name = name }]
+  } : {}
+
   smtp_config = var.smtp_connection_uri != null ? {
     courier = {
       smtp = merge(
@@ -45,7 +56,7 @@ locals {
     }
   } : {}
 
-  default_helm_values = {
+  default_helm_values = merge({
     replicaCount = var.replica_count
 
     secret = {
@@ -130,7 +141,7 @@ locals {
         port    = 4434
       }
     }
-  }
+  }, local.image_config, local.image_pull_secrets_config)
 }
 
 resource "helm_release" "kratos" {

kubernetes/modules/ory-kratos/variables.tf

@@ -172,6 +172,25 @@ variable "smtp_from_name" {
   default     = null
 }
 
+variable "image_repository" {
+  description = "Override the Docker image repository for Kratos. Must include the full registry path as the Ory Helm chart ignores image.registry. Example: europe-docker.pkg.dev/ory-artifacts/ory-enterprise-kratos/kratos-oel"
+  type        = string
+  default     = null
+}
+
+variable "image_tag" {
+  description = "Override the Docker image tag for Kratos. If not set, the chart default will be used."
+  type        = string
+  default     = null
+}
+
+variable "image_pull_secrets" {
+  description = "List of Kubernetes secret names for pulling images from private registries. Required for OEL deployments."
+  type        = list(string)
+  default     = []
+  nullable    = false
+}
+
 variable "helm_values" {
   description = "Additional values to pass to the Helm chart. These will be deep-merged with the module's default values, with these values taking precedence."
   type        = any