-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allowing for custom config path #85
base: master
Are you sure you want to change the base?
Conversation
8c29681
to
b07a284
Compare
Signed-off-by: Nick Niehoff <[email protected]> Signed-off-by: nniehoff <[email protected]>
b07a284
to
057240f
Compare
Hit exactly the same limitation |
Thanks for the PR @nniehoff ! If I understand correctly, not mounting the secret when it's disabled would be enough, wouldn't it? That way you can mount your templated config at the hard coded location. TBH I'm not so keen on changing the hard coded location, because it can easily lead to various issues with the builtin templating when not used correctly. Am I right, or changing the config path is still required for some reason that I missed? |
You are correct technically we don't need to change the hard coded config path |
Signed-off-by: Nick Niehoff <[email protected]> Signed-off-by: nniehoff <[email protected]>
496f1c5
to
a009252
Compare
Signed-off-by: Nick Niehoff <[email protected]> Signed-off-by: nniehoff <[email protected]>
@sagikazarmark I have removed the configFile change as requested. |
Signed-off-by: Nick Niehoff <[email protected]>
@sagikazarmark I have rebased this PR on the 0.9.0 version. What else is needed for this PR? |
@sagikazarmark I have rebased this PR on the 0.13.0 version |
Overview
Added the
configFile
value to allow for specifying a custom path to the config file. Also added templates helpers to only mount the secret if one is being created.What this PR does / why we need it
I am using hashicorp vault to inject a templated config file based on secrets stored in vault. The Vault injector allows me to inject the config file at any location, however the config file location is hard coded to
/etc/dex/config.yaml
. I then thought fine I would inject the templated config at the same location however the vault injector adds a volume/volumeMount for this config file. This then conflicts with the secret already mounted at /etc/dex. The customconfigFile
location would solve this problem pointing to/vault/secrets/somefile.yaml
however then we are either creating an empty secret or attempting to mount a custom secret by a different name so I added the logic if.Values.configSecret.create
is false and.Values.configSecret.name
is not defined don't try to mount a secret.Special notes for your reviewer
Checklist
Chart.yaml
(see the contributing guide for details)Chart.yaml
(see the contributing guide for details)make docs