Skip to content

Commit

Permalink
fix: dont template oathkeeper config by default (#709)
Browse files Browse the repository at this point in the history
  • Loading branch information
Demonsthere authored Oct 11, 2024
1 parent 6476a2a commit c3edf73
Show file tree
Hide file tree
Showing 5 changed files with 9 additions and 3 deletions.
4 changes: 1 addition & 3 deletions hacks/values/oathkeeper.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,7 @@ ingress:
name: myservice
port:
number: 80
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
annotations: {}
api:
enabled: true
priorityClassName: "system-cluster-critical"
Expand Down
1 change: 1 addition & 0 deletions helm/charts/oathkeeper/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ A Helm chart for deploying ORY Oathkeeper in Kubernetes
| nameOverride | string | `""` | Chart name override |
| oathkeeper.accessRules | string | `""` | If set, uses the given access rules. |
| oathkeeper.config | object | `{"access_rules":{"repositories":["file:///etc/rules/access-rules.json"]},"serve":{"api":{"port":4456},"prometheus":{"port":9000},"proxy":{"port":4455}}}` | The ORY Oathkeeper configuration. For a full list of available settings, check: https://github.com/ory/oathkeeper/blob/master/docs/config.yaml |
| oathkeeper.helmTemplatedConfigEnabled | bool | `false` | Runs the `tpl` function on the config object. Warrning! This may break configuration settings that use go templates, like https://github.com/ory/k8s/issues/707 |
| oathkeeper.managedAccessRules | bool | `true` | If you enable maester, the following value should be set to "false" to avoid overwriting the rules generated by the CDRs. Additionally, the value "accessRules" shouldn't be used as it will have no effect once "managedAccessRules" is disabled. |
| oathkeeper.mutatorIdTokenJWKs | string | `""` | If set, uses the given JSON Web Key Set as the signing key for the ID Token Mutator. Requires secret.enabled to be set `true`. |
| pdb.enabled | bool | `false` | |
Expand Down
Binary file modified helm/charts/oathkeeper/charts/oathkeeper-maester-0.49.0.tgz
Binary file not shown.
4 changes: 4 additions & 0 deletions helm/charts/oathkeeper/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,11 @@ Generate the configmap data, redacting secrets
*/}}
{{- define "oathkeeper.configmap" -}}
{{- $config := .Values.oathkeeper.config -}}
{{- if .Values.oathkeeper.helmTemplatedConfigEnabled -}}
{{- tpl (toYaml $config) . -}}
{{- else -}}
{{- toYaml $config -}}
{{- end -}}
{{- end -}}

{{/*
Expand Down
3 changes: 3 additions & 0 deletions helm/charts/oathkeeper/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,9 @@ ingress:

## -- Configure ORY Oathkeeper itself
oathkeeper:
# -- Runs the `tpl` function on the config object.
# Warrning! This may break configuration settings that use go templates, like https://github.com/ory/k8s/issues/707
helmTemplatedConfigEnabled: false
# -- The ORY Oathkeeper configuration. For a full list of available settings, check:
# https://github.com/ory/oathkeeper/blob/master/docs/config.yaml
config:
Expand Down

0 comments on commit c3edf73

Please sign in to comment.