ory / k8s

Kubernetes Helm Charts for the ORY ecosystem.
https://k8s.ory.sh/helm
Apache License 2.0
336 stars 259 forks source link

[Kratos] - allow for custom yaml configmap name #486

Closed Davincible closed 2 years ago

Davincible commented 2 years ago

Preflight checklist

Describe your problem

Currently, you can only config Kratos through either inline yaml in values.yaml, or specify every option through the env variables. Since the config contains info I don't want in VCS, I'm trying to avoid the former, but the latter becomes tedious when you want to specify a lot of custom values.

Describe your ideal solution

It would be much nicer if just like with the secret, you could provide a custom configmap name that will be used as configuration, so you can in yaml define the whole config, and avoid it going into VCS.

Workarounds or alternatives

Envs

Version

latest

Additional Context

No response

Davincible commented 2 years ago

Just found out that as a work around I can add an extra -c file.yaml and volume mount

Demonsthere commented 2 years ago

Hi there! If you are concerned about leaking sensitive data within the values/VCS, I would recommend overwriting those values with envs that are read from secrets. this should be more secure then providing a custom cm 😉

Davincible commented 2 years ago

Yes but you don't want to write out 20 ENVs. I managed to solve it like this, but the stateful set is missing the extraArgs option

deployment:
  extraVolumes:
    - name: config-volume
      configMap:
        name: kratos-config-extra
  extraVolumeMounts:
    - name: config-volume
      mountPath: /etc/kratos/
  extraArgs:
    - -c
    - /etc/kratos/config.yaml

statefulset:
  extraVolumes:
    - name: config-volume
      configMap:
        name: kratos-config-extra
  extraVolumeMounts:
    - name: config-volume
      mountPath: /etc/kratos/
  extraArgs:
    - -c
    - /etc/kratos/config.yaml