[kratos-keto-oathkeeper-k8s] test-oauthkeeper can not start

[boskiv]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Network project.
• [X] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

test-oauthkeeper does not start in examples/kratos-keto-oathkeeper-k8s

Just the following README.md with no extra change.

Reproducing the bug

Follow README.md with minikube

Relevant log output

{"audience":"application","level":"fatal","msg":"The services failed to start because the configuration is invalid. Check the output above for more details.","service_name":"oathkeeper","service_version":"","time":"2023-01-09T09:36:10Z"}
{"audience":"application","level":"info","msg":"Config file loaded successfully.","path":"/etc/config/config.yaml","service_name":"oathkeeper","service_version":"","time":"2023-01-09T09:38:51Z"}
{"audience":"application","config_file":"/etc/config/config.yaml","level":"error","msg":"The provided configuration is invalid and could not be loaded. Check the output below to understand why.","service_name":"oathkeeper","service_version":"","time":"2023-01-09T09:38:51Z"}

authorizers.remote_json: map[config:map[forward_response_headers_to_upstream:<nil> payload:{
  "subject": "{{ print .Subject }}",
  "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"
}
 remote:http://keto-api:4456/check retry:map[give_up_after:1s max_delay:100ms]] enabled:true]
                         ^-- oneOf failed

authorizers.remote_json.config: map[forward_response_headers_to_upstream:<nil> payload:{
  "subject": "{{ print .Subject }}",
  "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"
}
 remote:http://keto-api:4456/check retry:map[give_up_after:1s max_delay:100ms]]
                                ^-- doesn't validate with "#/definitions/configAuthorizersRemoteJSON"

authorizers.remote_json.config.forward_response_headers_to_upstream: <nil>
                                                                     ^-- expected array, but got null

authorizers.remote_json.enabled: true
                                 ^-- value must be false

{"audience":"application","level":"fatal","msg":"The services failed to start because the configuration is invalid. Check the output above for more details.","service_name":"oathkeeper","service_version":"","time":"2023-01-09T09:38:51Z"}

Relevant configuration

No response

Version

master

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Kubernetes

Additional Context

No response

[bartekus]

Please ensure that your oath keeper/config/config.yaml looks like this:

authorizers:
  allow:
    enabled: true
  remote_json:
    enabled: true
    config:
      remote: http://keto-api:4456/check
      forward_response_headers_to_upstream: []
      payload: |
        {
          "subject": "{{ print .Subject }}",
          "resource": "{{ printIndex .MatchContext.RegexpCaptureGroups 0 }}"
        }

Notice forward_response_headers_to_upstream: [] which you are missing.