switch from nested config in values, to an env key that passes env directly

batpad · batpad · commit 339132a8ab19 · 2025-04-14T12:28:25.000+05:30
diff --git a/helm/README.md b/helm/README.md
@@ -24,8 +24,8 @@ Basic installation with minimal configuration:
 
 ```bash
 helm install stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/charts/stac-auth-proxy \
-  --set config.upstreamUrl=https://your-stac-api.com/stac \
-  --set config.oidc.discoveryUrl=https://your-auth-server/.well-known/openid-configuration \
+  --set env.UPSTREAM_URL=https://your-stac-api.com/stac \
+  --set env.OIDC_DISCOVERY_URL=https://your-auth-server/.well-known/openid-configuration \
   --set ingress.host=stac-proxy.your-domain.com
 ```
 
@@ -34,13 +34,12 @@ helm install stac-auth-proxy oci://ghcr.io/developmentseed/stac-auth-proxy/chart
 Create a `values.yaml` file:
 
 ```yaml
-config:
-  upstreamUrl: "https://your-stac-api.com/stac"
-  oidc:
-    discoveryUrl: "https://your-auth-server/.well-known/openid-configuration"
-    discoveryInternalUrl: "http://auth-server-internal/.well-known/openid-configuration"
-  defaultPublic: false
-  healthzPrefix: "/healthz"
+env:
+  UPSTREAM_URL: "https://your-stac-api.com/stac"
+  OIDC_DISCOVERY_URL: "https://your-auth-server/.well-known/openid-configuration"
+  OIDC_DISCOVERY_INTERNAL_URL: "http://auth-server-internal/.well-known/openid-configuration"
+  DEFAULT_PUBLIC: "false"
+  HEALTHZ_PREFIX: "/healthz"
 
 ingress:
   enabled: true
@@ -82,17 +81,14 @@ serviceAccount:
 
 | Parameter | Description |
 |-----------|-------------|
-| `config.upstreamUrl` | URL of the STAC API to proxy |
-| `config.oidc.discoveryUrl` | OpenID Connect discovery document URL |
+| `env.UPSTREAM_URL` | URL of the STAC API to proxy |
+| `env.OIDC_DISCOVERY_URL` | OpenID Connect discovery document URL |
 
 ### Optional Values
 
 | Parameter | Description | Default |
 |-----------|-------------|---------|
-| `config.waitForUpstream` | Wait for upstream API to become available | `true` |
-| `config.healthzPrefix` | Path prefix for health check endpoints | `/healthz` |
-| `config.defaultPublic` | Default access policy for endpoints | `false` |
-| `config.oidc.discoveryInternalUrl` | Internal network OIDC discovery URL | `""` |
+| `env` | Environment variables passed to the container. See [STAC Auth Proxy documentation](https://github.com/developmentseed/stac-auth-proxy#configuration) for details | `{}` |
 | `ingress.enabled` | Enable ingress | `true` |
 | `ingress.className` | Ingress class name | `nginx` |
 | `ingress.host` | Hostname for the ingress | `""` |
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -30,54 +30,11 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           env:
-            - name: UPSTREAM_URL
-              value: {{ required "A valid upstream URL is required" .Values.config.upstreamUrl | quote }}
-            - name: OIDC_DISCOVERY_URL
-              value: {{ required "An OIDC discovery URL is required" .Values.config.oidc.discoveryUrl | quote }}
-            
-            # Optional OIDC internal URL
-            {{- if .Values.config.oidc.discoveryInternalUrl }}
-            - name: OIDC_DISCOVERY_INTERNAL_URL
-              value: {{ .Values.config.oidc.discoveryInternalUrl | quote }}
-            {{- end }}
-            
-            # Core configuration
-            - name: WAIT_FOR_UPSTREAM
-              value: {{ .Values.config.waitForUpstream | quote }}
-            - name: HEALTHZ_PREFIX
-              value: {{ .Values.config.healthzPrefix | quote }}
-            
-            # Access control configuration
-            - name: DEFAULT_PUBLIC
-              value: {{ .Values.config.defaultPublic | quote }}
-            {{- if .Values.config.privateEndpoints }}
-            - name: PRIVATE_ENDPOINTS
-              value: {{ .Values.config.privateEndpoints | toJson | quote }}
-            {{- end }}
-            {{- if .Values.config.publicEndpoints }}
-            - name: PUBLIC_ENDPOINTS
-              value: {{ .Values.config.publicEndpoints | toJson | quote }}
-            {{- end }}
-            
-            # OpenAPI configuration
-            {{- if .Values.config.openapiSpecEndpoint }}
-            - name: OPENAPI_SPEC_ENDPOINT
-              value: {{ .Values.config.openapiSpecEndpoint | quote }}
-            {{- end }}
-            
-            # Filtering configuration
-            {{- if .Values.config.itemsFilter.class }}
-            - name: ITEMS_FILTER_CLS
-              value: {{ .Values.config.itemsFilter.class | quote }}
-            - name: ITEMS_FILTER_ARGS
-              value: {{ .Values.config.itemsFilter.args | toJson | quote }}
-            - name: ITEMS_FILTER_KWARGS
-              value: {{ .Values.config.itemsFilter.kwargs | toJson | quote }}
-            {{- end }}
-            
-            {{- with .Values.config.extraEnv }}
-            {{- toYaml . | nindent 12 }}
+            {{- range $key, $value := .Values.env }}
+            - name: {{ $key }}
+              value: {{ $value | toJson | quote }}
             {{- end }}
+
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
diff --git a/helm/values.schema.yaml b/helm/values.schema.yaml
@@ -148,88 +148,55 @@ properties:
     additionalProperties: true
     description: "Pod affinity rules"
 
-  config:
+  env:
     type: object
-    required: ["upstreamUrl", "oidc"]
+    required: ["UPSTREAM_URL", "OIDC_DISCOVERY_URL"]
     properties:
-      upstreamUrl:
+      UPSTREAM_URL:
         type: string
         format: uri
         description: "STAC API URL"
-      waitForUpstream:
+      OIDC_DISCOVERY_URL:
+        type: string
+        format: uri
+        description: "OpenID Connect discovery document URL"
+      OIDC_DISCOVERY_INTERNAL_URL:
+        type: string
+        format: uri
+        description: "Internal network OpenID Connect discovery document URL"
+      WAIT_FOR_UPSTREAM:
         type: boolean
         description: "Wait for upstream API to become available"
         default: true
-      healthzPrefix:
+      HEALTHZ_PREFIX:
         type: string
         description: "Path prefix for health check endpoints"
         default: "/healthz"
-      
-      oidc:
-        type: object
-        required: ["discoveryUrl"]
-        properties:
-          discoveryUrl:
-            type: string
-            format: uri
-            description: "OpenID Connect discovery document URL"
-          discoveryInternalUrl:
-            type: string
-            format: uri
-            description: "Internal network OpenID Connect discovery document URL"
-      
-      defaultPublic:
+      DEFAULT_PUBLIC:
         type: boolean
         description: "Default access policy for endpoints"
         default: false
-      
-      privateEndpoints:
-        type: object
-        additionalProperties:
-          type: array
-          items:
-            type: string
-        description: "Endpoints requiring authentication"
-      
-      publicEndpoints:
-        type: object
-        additionalProperties:
-          type: array
-          items:
-            type: string
-        description: "Public endpoints when defaultPublic is false"
-      
-      openapiSpecEndpoint:
+      PRIVATE_ENDPOINTS:
+        type: string
+        description: "JSON string of endpoints requiring authentication"
+      PUBLIC_ENDPOINTS:
+        type: string
+        description: "JSON string of public endpoints when DEFAULT_PUBLIC is false"
+      OPENAPI_SPEC_ENDPOINT:
         type: ["string", "null"]
         description: "Path of OpenAPI specification"
-      
-      itemsFilter:
-        type: object
-        properties:
-          class:
-            type: ["string", "null"]
-            description: "CQL2 expression generator class"
-          args:
-            type: array
-            description: "Positional arguments for filter class"
-            items:
-              type: string
-          kwargs:
-            type: object
-            description: "Keyword arguments for filter class"
-            additionalProperties: true
-      
-      extraEnv:
-        type: array
-        description: "Additional environment variables"
-        items:
-          type: object
-          required: ["name", "value"]
-          properties:
-            name:
-              type: string
-            value:
-              type: string
+      ITEMS_FILTER_CLS:
+        type: ["string", "null"]
+        description: "CQL2 expression generator class"
+      ITEMS_FILTER_ARGS:
+        type: string
+        description: "JSON string of positional arguments for filter class"
+        default: "[]"
+      ITEMS_FILTER_KWARGS:
+        type: string
+        description: "JSON string of keyword arguments for filter class"
+        default: "{}"
+
 
   serviceAccount:
     type: object
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -46,45 +46,37 @@ nodeSelector: {}
 tolerations: []
 affinity: {}
 
-# Application configuration
-config:
-  # Core Configuration
-  upstreamUrl: ""  # Required: STAC API URL
-  waitForUpstream: true  # Optional: wait for upstream API
-  healthzPrefix: "/healthz"  # Optional: health check prefix
-  
-  # Authentication Configuration
-  oidc:
-    discoveryUrl: ""  # Required: OpenID Connect discovery URL
-    discoveryInternalUrl: ""  # Optional: internal network OIDC URL
-  
-  # Access Control
-  defaultPublic: false  # Optional: default access policy
-  privateEndpoints: # Optional: endpoints requiring auth
-    "^/collections$": ["POST"]
-    "^/collections/([^/]+)$": ["PUT", "PATCH", "DELETE"]
-    "^/collections/([^/]+)/items$": ["POST"]
-    "^/collections/([^/]+)/items/([^/]+)$": ["PUT", "PATCH", "DELETE"]
-    "^/collections/([^/]+)/bulk_items$": ["POST"]
-  publicEndpoints: # Optional: public endpoints
-    "^/api.html$": ["GET"]
-    "^/api$": ["GET"]
-    "^/docs/oauth2-redirect": ["GET"]
-    "^/healthz": ["GET"]
-  
-  # OpenAPI Configuration
-  openapiSpecEndpoint: null  # Optional: OpenAPI spec path
-  
-  # Filtering Configuration
-  itemsFilter:
-    class: null  # Optional: CQL2 expression generator class
-    args: []     # Optional: positional arguments
-    kwargs: {}   # Optional: keyword arguments
+# Environment variables for the application
+env:
+  # Required configuration
+  UPSTREAM_URL: ""  # STAC API URL
+  OIDC_DISCOVERY_URL: ""  # OpenID Connect discovery URL
+
+  # Optional configuration
+  WAIT_FOR_UPSTREAM: true
+  HEALTHZ_PREFIX: "/healthz"
+  OIDC_DISCOVERY_INTERNAL_URL: ""
+  DEFAULT_PUBLIC: false
+  PRIVATE_ENDPOINTS: |
+    {
+      "^/collections$": ["POST"],
+      "^/collections/([^/]+)$": ["PUT", "PATCH", "DELETE"],
+      "^/collections/([^/]+)/items$": ["POST"],
+      "^/collections/([^/]+)/items/([^/]+)$": ["PUT", "PATCH", "DELETE"],
+      "^/collections/([^/]+)/bulk_items$": ["POST"]
+    }
+  PUBLIC_ENDPOINTS: |
+    {
+      "^/api.html$": ["GET"],
+      "^/api$": ["GET"],
+      "^/docs/oauth2-redirect": ["GET"],
+      "^/healthz": ["GET"]
+    }
+  OPENAPI_SPEC_ENDPOINT: null
+  ITEMS_FILTER_CLS: null
+  ITEMS_FILTER_ARGS: "[]"
+  ITEMS_FILTER_KWARGS: "{}"
 
-  # Additional environment variables
-  extraEnv: []
-  # - name: CUSTOM_VAR
-  #   value: "custom-value" 
 
 serviceAccount:
   # Specifies whether a service account should be created
