Describe the bug
When using the matrix-stack-26.3.2 chart, matrixAuthenticationService.additional.* values are accepted by Helm (visible in helm get values), but they are not rendered into the ess-matrix-authentication-service ConfigMap. As a result, it is not possible to extend the Matrix Authentication Service configuration via additional files, even though this mechanism works for Synapse.
Environment
- Chart:
matrix-stack-26.3.2
- App:
matrix-authentication-service 1.14.0
- Deployed via:
helm upgrade using the OCI chart from ghcr.io/element-hq/ess-helm/matrix-stack
- Namespace:
ess
To Reproduce
Steps to reproduce the behavior:
-
Install or upgrade the chart:
helm upgrade --namespace ess ess \
oci://ghcr.io/element-hq/ess-helm/matrix-stack \
-f auth.yaml \
--wait --debug --timeout 5m
where auth.yaml contains the matrixAuthenticationService.additional.user-config.yaml.config block as shown above.
-
Verify that values are present:
helm get values ess -n ess
Check that matrixAuthenticationService.additional.user-config.yaml.config is listed.
-
Inspect the rendered manifest:
helm get manifest ess -n ess | sed -n '/name: ess-matrix-authentication-service/,/---/p'
-
Observe that the ConfigMap only contains mas-config-overrides.yaml and mas-config-underrides.yaml, with no key created from matrixAuthenticationService.additional.user-config.yaml.
Observed behavior
- The rendered manifest for
ess-matrix-authentication-service (via helm get manifest ess -n ess) contains only two keys in the ConfigMap data section:
mas-config-underrides.yaml: |
policy:
admin_clients: []
admin_users: []
client_registration:
allow_host_mismatch: false
allow_insecure_uris: false
mas-config-overrides.yaml: |
http:
public_base: "https://account.matrix.domain"
listeners:
...
database:
...
telemetry:
...
matrix:
...
secrets:
...
- No additional key like
user-config.yaml (or any other file derived from matrixAuthenticationService.additional.*) is present in this ConfigMap.
- For Synapse,
additional.user-config.yaml is rendered as separate keys (e.g. 05-main.yaml, log_config.yaml), so the additional mechanism clearly works there but not for MAS.
Expected behavior
- The
matrixAuthenticationService.additional.* values should be rendered into the ess-matrix-authentication-service ConfigMap as additional keys, similar to how additional is handled for Synapse.
- For the example above, there should be a
user-config.yaml (or equivalent) entry under `` so that MAS can consume this config (typically mounted into /config.d/).
Screenshots
Not applicable.
Desktop (please complete the following information):
Not applicable.
Smartphone (please complete the following information):
Not applicable.
Additional context
There is currently no documented way (in this chart version) to extend MAS configuration via additional files, which prevents configuring features like captcha, http.trusted_proxies, token TTLs, etc., in the same way as described in the ESS documentation.
Describe the bug
When using the
matrix-stack-26.3.2chart,matrixAuthenticationService.additional.*values are accepted by Helm (visible inhelm get values), but they are not rendered into theess-matrix-authentication-serviceConfigMap. As a result, it is not possible to extend the Matrix Authentication Service configuration viaadditionalfiles, even though this mechanism works for Synapse.Environment
matrix-stack-26.3.2matrix-authentication-service 1.14.0helm upgradeusing the OCI chart fromghcr.io/element-hq/ess-helm/matrix-stackessTo Reproduce
Steps to reproduce the behavior:
Install or upgrade the chart:
where
auth.yamlcontains thematrixAuthenticationService.additional.user-config.yaml.configblock as shown above.Verify that values are present:
Check that
matrixAuthenticationService.additional.user-config.yaml.configis listed.Inspect the rendered manifest:
Observe that the ConfigMap only contains
mas-config-overrides.yamlandmas-config-underrides.yaml, with no key created frommatrixAuthenticationService.additional.user-config.yaml.Observed behavior
ess-matrix-authentication-service(viahelm get manifest ess -n ess) contains only two keys in the ConfigMapdatasection:user-config.yaml(or any other file derived frommatrixAuthenticationService.additional.*) is present in this ConfigMap.additional.user-config.yamlis rendered as separate keys (e.g.05-main.yaml,log_config.yaml), so theadditionalmechanism clearly works there but not for MAS.Expected behavior
matrixAuthenticationService.additional.*values should be rendered into theess-matrix-authentication-serviceConfigMap as additional keys, similar to howadditionalis handled for Synapse.user-config.yaml(or equivalent) entry under `` so that MAS can consume this config (typically mounted into/config.d/).Screenshots
Not applicable.
Desktop (please complete the following information):
Not applicable.
Smartphone (please complete the following information):
Not applicable.
Additional context
There is currently no documented way (in this chart version) to extend MAS configuration via
additionalfiles, which prevents configuring features likecaptcha,http.trusted_proxies, token TTLs, etc., in the same way as described in the ESS documentation.