apply changes from my own review

deployment/helmchart/templates/configmaps.yaml

@@ -16,11 +16,11 @@ data:
   HYDRA_CLIENT_ID: {{ .Values.backend.oidc.clientId }}
   HYDRA_AUTHORIZATION_BASE_URL: {{ .Values.backend.oidc.authorizationBaseUrl }}
   TOKEN_URL: {{ .Values.backend.oidc.tokenUrl }}
-  HYDRA_URL: {{ .Values.backend.oidc.baseUrl }}
   KRATOS_PUBLIC_URL: {{ .Values.backend.kratos.publicUrl }}
   KRATOS_ADMIN_URL: {{ .Values.backend.kratos.adminUrl }}
+  HYDRA_PUBLIC_URL: {{ .Values.backend.oidc.baseUrl }}
   HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }}
-  PUBLIC_URL: {{ .Values.backend.publicUrl }}
+  LOGIN_PANEL_URL: {{ .Values.backend.loginPanelUrl }}
   DATABASE_URL: {{ .Values.backend.databaseUrl }}
   # {{- if .Values.backend.smtp.enabled }}
   # DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}

deployment/helmchart/templates/deployment.yaml

@@ -138,7 +138,7 @@ spec:
                   name: {{ include "backend.secretName" . }}
                   key: oidc-client-secret
             - name: KRATOS_URL
-              value: {{ .Values.backend.kratosUrl }}
+              value: {{ .Values.backend.kratos.adminUrl }}
             {{- if (include "backend.smtp.password.enabled" .) }}
             - name: DASHBOARD_SMTP_PASSWORD
               valueFrom:

deployment/helmchart/templates/ingress.yaml

@@ -61,22 +61,4 @@ spec:
                 port:
                   number: 80
     {{- end }}
-    {{- range .Values.ingress.extraHosts }}
-    # In the event of "extraHosts", kratos is not proxied. Due the redirects,
-    # and single domain support of kratos/hydra. it is not feasable to support
-    # multiple hostnames. Same is true for the /web/ login frontend
-    - host: {{ .name }}
-      http:
-        paths:
-          - path: {{ default "/" .path }}(.*)
-            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
-            pathType: {{ default "ImplementationSpecific" .pathType }}
-            {{- end }}
-            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "dashboard.serviceName" $) "servicePort" "dashboard-http" "context" $) | nindent 14 }}
-          - path: {{ default "/" .path }}(api/v1.*)
-            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
-            pathType: {{ default "ImplementationSpecific" .pathType }}
-            {{- end }}
-            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "backend.serviceName" .) "servicePort" "backend-http" "context" $)  | nindent 14 }}
-    {{- end }}
 {{- end }}

deployment/helmchart/values.yaml

@@ -270,7 +270,7 @@ backend:
     adminUrl: http://single-sign-on-hydra-admin:4445
 
   # Public URL of login panel
-  publicUrl: https://dashboard.stackspin.example.org/web/
+  loginPanelUrl: https://dashboard.stackspin.example.org/web/
   databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin
 
   ## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
@@ -676,12 +676,6 @@ ingress:
   ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
   ##
   tls: false
-  ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
-  ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
-  ## extraHosts:
-  ## - name: dashboard.local
-  ##   path: /
-  extraHosts: []
   ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
   ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
   ## extraTls: