How to overwrite `URLS_SELF_ISSUER` when using the Helm chart as dependency?

Question

How to overwrite `URLS_SELF_ISSUER` when using the Helm chart as dependency?

Closed this issue 10 months ago · 4 comments

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
This issue affects my Ory Network project.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Describe your problem

We are using the Hydra Helm chart as a dependency and we would like to overwrite the URL_SELF_ISSUER (see here and here) via a configMapKeyRef so that the value can be obtained by composing some of our main values and without having to duplicate the information by manually setting the .Values.hydra.config.urls.self.issuer.

If we make use of the extraEnv like below the result is that the URLS_SELF_ISSUER will be set twice and k8s will throw an error.

    extraEnv:
      - name: URLS_SELF_ISSUER
        valueFrom:
          configMapKeyRef:
            name: api-gateway-config
            key: APIGW_ISS

Describe your ideal solution

Not sure there is one.

Workarounds or alternatives

The only workaround I could think of follows, but I would like to see if there are better ways.

Here is the workaround that could be used: edit the deployment so as to set the extraEnv before to set the other env variables. Basically change from this:

          env:
            {{- $issuer := include "hydra.config.urls.issuer" . -}}
            {{- if $issuer }}
            - name: URLS_SELF_ISSUER
              value: {{ $issuer | quote }}
            {{- end }}
            [...]
            {{- if .Values.deployment.extraContainers }}
              {{- tpl .Values.deployment.extraContainers . | nindent 8 }}
            {{- end }}

to this:

          env:
            {{- if .Values.deployment.extraContainers }}
                {{- tpl .Values.deployment.extraContainers . | nindent 8 }}
            {{- end }}
            {{- $issuer := include "hydra.config.urls.issuer" . -}}
            {{- if $issuer }}
            - name: URLS_SELF_ISSUER
              value: {{ $issuer | quote }}
            {{- end }}
            [...]

This way, users using the Hydra helm chart as dependency can set the extraEnv in the value like this:

hydra:
  enabled: true
  hydra:
    automigration:
      enabled: true
      type: initContainer
    config:
      urls:
        self:
          issuer: $CUSTOM_URLS_SELF_ISSUER
  deployment:
    extraEnv:
      - name: CUSTOM_URLS_SELF_ISSUER
        valueFrom:
          configMapKeyRef:
            name: api-gateway-config
            key: APIGW_ISS

Version

0.26.5

Additional Context

No response

Answer 1 · 2023-01-27T08:17:03.000Z

+1 i have the same issue. My workaround is to override the hydra.config.urls.issuer template in a helper file in the parent chart. I have something like this in the parent chart:

{{- define "hydra.config.urls.issuer" -}}
https://{{ .Values.global.domain }}
{{- end -}}

Answer 2 · 2023-01-27T12:36:37.000Z

Hi there, this is a chart issue, and not hydra issue itself, we the application can handle value overwrite. But in k8s if we have redefined the same env, that is an problem.
I think that this is the most problematic part

            {{- $issuer := include "hydra.config.urls.issuer" . -}}
            {{- if $issuer }}
            - name: URLS_SELF_ISSUER
              value: {{ $issuer | quote }}
            {{- end }}

Maybe a better idea would be to add an issuer override which can be set by the user, and if not, then we generate it like now. That would allow an easy override for your cases :)

Answer 3 · 2023-02-13T10:23:33.000Z

@Demonsthere Please assign to me. Will fix coming weekend.

Answer 4 · 2024-02-14T00:08:04.000Z

Hello contributors!

I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue

open a PR referencing and resolving the issue;
leave a comment on it and discuss ideas on how you could contribute towards resolving it;
leave a comment and describe in detail why this issue is critical for your use case;
open a new issue with updated details and a plan for resolving the issue.

Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.

Unfortunately, burnout has become a topic of concern amongst open-source projects.

It can lead to severe personal and health issues as well as opening catastrophic attack vectors.

The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.

If this issue was marked as stale erroneously you can exempt it by adding the backlog label, assigning someone, or setting a milestone for it.

Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!

Thank you 🙏✌️