feat: add kratos to oci-factory

oci/kratos/.trivyignore

@@ -0,0 +1,10 @@
+# Upstream CVEs
+
+# github.com/jackc/pgproto3/v2 - pgproto3 SQL Injection via Protocol Message Size Overflow
+GHSA-7jwh-3vrq-q3m8
+# github.com/jackc/pgx/v4 - pgx SQL Injection via Line Comment Creation
+CVE-2024-27289
+# github.com/jackc/pgx/v4 - pgx SQL Injection via Protocol Message Size Overflow
+CVE-2024-27304
+# github.com/docker/docker - Authz zero length regression 
+CVE-2024-41110

oci/kratos/contacts.yaml

@@ -0,0 +1,5 @@
+notify:
+  emails:
+    - identity.charmers@lists.launchpad.net
+  mattermost-channels:
+    - ofi4for9obfq8m978h318x56ar

oci/kratos/documentation.yaml

@@ -0,0 +1,67 @@
+version: 1
+application: kratos
+is_chiselled: True
+description: |
+  Ory Kratos is the developer-friendly, security-hardened and battle-tested Identity, 
+  User Management and Authentication system for the Cloud.
+
+  The identity management server Ory Kratos enables you to implement user management, 
+  login and registration in a secure and straightforward way. 
+  Don't rewrite every aspect of identity management yourself. 
+  Ory Kratos implements all common flows such as login and logout, account activation, 
+  mfa/2fa, profile and session management, user facing errors and account recovery methods. 
+  Just spin up a docker image and write a simple UI for it in the language or framework of 
+  your choice. 
+docker:
+  parameters:
+    - -p 4433:4433
+    - -p 4434:4434
+  access: Access your Kratos Public API at `http://localhost:4433`, Admin API at `http://localhost:4434`.
+parameters:
+  - type: -e
+    value: 'TRACING_ENABLED=true'
+    description: Tracing enablement.
+  - type: -e
+    value: 'TRACING_PROVIDER=otel'
+    description: Tracing protocol to be used.
+  - type: -e
+    value: 'TRACING_PROVIDERS_OTLP_INSECURE=true'
+    description: Allow Tracing via non TLS/insecure communication.
+  - type: -e
+    value: 'TRACING_PROVIDERS_OTLP_SAMPLING_SAMPLING_RATIO=1.0'
+    description: Tracing sampling ratio.
+  - type: -e
+    value: 'TRACING_PROVIDERS_OTLP_SERVER_URL=tempo.server.io:4318'
+    description: Tracing server url and port.
+  - type: -e
+    value: 'SERVE_PUBLIC_BASE_URL=https://kratos.io/dev/path'
+    description: Public URL kratos will be served from.
+  - type: -e
+    value: 'DSN=postgres://user:pass@postgresql:5432/db'
+    description: Database connection string for postgresql database.
+  - type: -e
+    value: 'HTTPS_PROXY=http://proxy.internal'
+    description: HTTPS proxy used in air gapped environments.
+  - type: -e
+    value: 'HTTP_PROXY=http://proxy.internal'
+    description: HTTP proxy used in air gapped environments.
+  - type: -e
+    value: 'NO_PROXY=*.canonical.com'
+    description: Domain that needs to be exluded from the proxy, used in air gapped environments.
+  - type: -p
+    value: '4433:4433'
+    description: Kratos Public API port.
+  - type: -p
+    value: '4434:4434'
+    description: Kratos Admin API port.
+  - type: -v
+    value: '/path/to/Kratos/config.yaml:/kratos.yaml'
+    description: >
+      Kratos config contains all the information needed to successfully configure it as an OIDC
+      Provider, see https://www.ory.sh/docs/kratos/reference/configuration as a reference
+  - type: CMD
+    value: 'kratos serve all --config /kratos.yaml'
+    description: >
+      Launch Kratos web server(s) using a mix of environment variables and the config mounted via volume.
+debug:
+  text: ""

oci/kratos/image.yaml

@@ -0,0 +1,12 @@
+version: 1
+upload:
+  - source: "canonical/kratos-rock"
+    commit: 396bf3a71cb65f97cf853540117858d6859ef43b
+    directory: .
+    release:
+      1.1.0-22.04:
+        risks:
+          - stable
+          - candidate
+          - edge
+        end-of-life: "2025-05-01T00:00:00Z"