Whether templates are expanded in `extraEnv` is inconsistent

[andreasots]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When trying to provision databases for Hydra and Keto from my own chart I discovered that whether templates in extraEnv get expanded or not is inconsistent. In particular the main deployment template expands them but the automigration and janitor job templates do not. This is not the case with the Kratos chart where extraEnv gets expanded even in the automigration job template.

Reproducing the bug

1. Expand the Hydra chart with the following values file:

hydra:
  automigration:
    enabled: true

janitor:
  enabled: true

deployment:
  extraEnv:
    - name: DSN
      valueFrom:
        secretKeyRef: "{{ .Release.Name }}-db-hydra"
        key: uri

2. Notice that the expanded chart contains unexpanded templates:

$ helm template hydra ory/hydra -f values.yaml | grep -F '{{'
                    secretKeyRef: '{{ .Release.Name }}-db-hydra'
              secretKeyRef: '{{ .Release.Name }}-db-hydra'

3. Expand the Keto chart with the following values file:

keto:
  automigration:
    enabled: true

deployment:
  extraEnv:
    - name: DSN
      valueFrom:
        secretKeyRef: "{{ .Release.Name }}-db-keto"
        key: uri

4. Notice that the expanded chart contains unexpanded templates:

$ helm template keto ory/keto -f values.yaml | grep -F '{{'
              secretKeyRef: '{{ .Release.Name }}-db-keto'

Relevant log output

Relevant configuration

Version

chart version 0.53.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

extraEnv is not expanded in three places in the Hydra chart:

k8s/helm/charts/hydra/templates/janitor-cron-job.yaml

Lines 102 to 104 in 63cea7f

	{{- with $janitorExtraEnv }}
	{{- toYaml . | nindent 16 }}
	{{- end }}

k8s/helm/charts/hydra/templates/job-migration.yaml

Lines 74 to 76 in 63cea7f

	{{- with $migrationExtraEnv }}
	{{- toYaml . | nindent 10 }}
	{{- end }}

k8s/helm/charts/hydra/templates/job-migrations-custom.yaml

Lines 72 to 74 in 63cea7f

	{{- with $migrationExtraEnv }}
	{{- toYaml . | nindent 10 }}
	{{- end }}

And in a single place in the Keto chart:

k8s/helm/charts/keto/templates/job-migration.yaml

Lines 87 to 89 in 63cea7f

	{{- with $migrationExtraEnv }}
	{{- toYaml . | nindent 10 }}
	{{- end }}

Also in the example-idp and kratos-selfservice-ui-node charts extraEnv is not expanded at all:

k8s/helm/charts/example-idp/templates/deployment.yaml

Lines 37 to 39 in 63cea7f

	{{- with .Values.deployment.extraEnv }}
	{{- toYaml . | nindent 12 }}
	{{- end }}

k8s/helm/charts/kratos-selfservice-ui-node/templates/deployment.yaml

Lines 77 to 79 in 63cea7f

	{{- if .Values.deployment.extraEnv }}
	{{- toYaml .Values.deployment.extraEnv | nindent 10 }}
	{{- end }}