failed to load alpha options: unable to load config file: read /etc/oauth2_proxy/oauth2_proxy.yml: is a directory

[fabio-s-franco]

In AKS, Pod fails to start with the error mention in the tittle:

[main.go:41] ERROR: failed to load alpha options: unable to load config file: read /etc/oauth2_proxy/oauth2_proxy.yml: is a directory

It is installed via terraform, but should work the same with helm command as I use a custom values file for override:

values file:

config:
  configFile: |-
    email_domains = [ "*" ]        # Restrict to these E-Mail Domains, a wildcard "*" allows any email

extraVolumes: ${jsonencode(extra_volumes)} # CSI driver volume
extraVolumeMounts: ${jsonencode(extra_volume_mounts)} #Mounts to /mnt/secret
alphaConfig:
  enabled: true
  existingSecret: ${oauth2_secret}
  configData:
    providers:
    - id: oicd-azure
      provider: oidc
      azureConfig:
        tenant: ${tenant_id}
      oidcConfig:
        issuerURL: https://login.microsoftonline.com/${tenant_id}/v2.0
        jwksURL: https://login.microsoftonline.com/common/discovery/v2.0/keys
        userIDClaim: oid
        audienceClaims: [aud]
        emailClaim: email
        groupsClaim: groups
    upstreamConfig:
      upstreams:
        - id: static_200
          path: /
          static: true
          staticCode: 200
    injectResponseHeaders:
      - name: X-Auth-Request-Preferred-Username
        values:
          - claim: preferred_username
      - name: X-Auth-Request-Email
        values:
          - claim: email
      - name: X-Auth-Request-Id-Token
        values:
          - claim: id_token
      - name: X-Auth-Request-Groups
        values:
          - claim: groups

extraArgs:
  reverse-proxy: true
  skip-provider-button: true 
  silence-ping-logging: true
  cookie-refresh: "15m"
  cookie-expire: "24h"

redis:
  enabled: false

sessionStorage:
  type: redis
  redis:
    existingSecret: redis-settings
    standalone:
        connectionUrl:  "<redacted>"

This started to happen after I upgraded from 6.23.1 to the more recent 7.6.0 I have also ensured it is using the latest chart version (7.7.9) and verified the structure of values.yaml to match with the latest chart version.

If I omit configFile from config section, I get:

 failed to load core options: failed to load config: error unmarshalling config: 1 error(s) decoding:
* '' has invalid keys: upstreams

So, config.configFile.upstreams = [ "file:///dev/null" ] seems to be invalid. It breaks when configFile is not overriden.

I am still unable to upgrade oauth2-proxy to use latest chart and image versions. But still investigating if I can workaround the issue. I suspect this has something to do with how newer versions treat multiple provider configurations that may not be reflected in the chart, even though I am only using a single provider in alphaConfiguration.