k8s
k8s copied to clipboard
ory
[Kratos] - allow for custom yaml configmap name
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe your problem
Currently, you can only config Kratos through either inline yaml in values.yaml, or specify every option through the env variables. Since the config contains info I don't want in VCS, I'm trying to avoid the former, but the latter becomes tedious when you want to specify a lot of custom values.
Describe your ideal solution
It would be much nicer if just like with the secret, you could provide a custom configmap name that will be used as configuration, so you can in yaml define the whole config, and avoid it going into VCS.
Workarounds or alternatives
Envs
Version
latest
Additional Context
No response
Just found out that as a work around I can add an extra -c file.yaml and volume mount
Hi there! If you are concerned about leaking sensitive data within the values/VCS, I would recommend overwriting those values with envs that are read from secrets. this should be more secure then providing a custom cm 😉
Yes but you don't want to write out 20 ENVs. I managed to solve it like this, but the stateful set is missing the extraArgs option
deployment:
extraVolumes:
- name: config-volume
configMap:
name: kratos-config-extra
extraVolumeMounts:
- name: config-volume
mountPath: /etc/kratos/
extraArgs:
- -c
- /etc/kratos/config.yaml
statefulset:
extraVolumes:
- name: config-volume
configMap:
name: kratos-config-extra
extraVolumeMounts:
- name: config-volume
mountPath: /etc/kratos/
extraArgs:
- -c
- /etc/kratos/config.yaml