feat(image-builder): Add mechanism to pass api server env vars to kan…

…iko build jobs (#398) * Add mechanism to pass api server env vars to kaniko build jobs * Fix lint comments * Fix inline comments
caraml-dev · Jan 2, 2025 · 47ba388 · 47ba388
1 parent be214e9
commit 47ba388
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/api/turing/config/config.go b/api/turing/config/config.go
@@ -208,6 +208,8 @@ type KanikoConfig struct {
 	ImageVersion string `validate:"required"`
 	// AdditionalArgs allows platform-level additional arguments to be configured for Kaniko jobs
 	AdditionalArgs []string
+	// APIServerEnvVars allows extra API-server environment variables to be passed to Kaniko jobs
+	APIServerEnvVars []string
 	// Kaniko kubernetes service account
 	ServiceAccount string
 	// ResourceRequestsLimits is the resources required by Kaniko executor.
@@ -439,8 +441,11 @@ type MlflowConfig struct {
 	// Note that the Kaniko image builder needs to be configured correctly to have the necessary credentials to download
 	// the artifacts from the blob storage tool depending on the artifact service type selected (gcs/s3). For gcs, the
 	// credentials can be provided via a k8s service account or a secret but for s3, the credentials can be provided via
-	// additional arguments in the config KanikoConfig.AdditionalArgs e.g.
+	// 1) additional arguments in the config KanikoConfig.AdditionalArgs e.g.
 	// --build-arg=[AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_DEFAULT_REGION/AWS_ENDPOINT_URL]=xxx
+	// OR
+	// 2) additional arguments in the config KanikoConfig.APIServerEnvVars, which will pass the specified environment
+	// variables PRESENT within the Turing API server's container to the image builder as build arguments
 	ArtifactServiceType string `validate:"required,oneof=nop gcs s3"`
 }
 

diff --git a/api/turing/imagebuilder/imagebuilder.go b/api/turing/imagebuilder/imagebuilder.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"os"
 	"sort"
 	"strings"
 	"time"
@@ -320,6 +321,11 @@ func (ib *imageBuilder) createKanikoJob(
 	volumes, volumeMounts = ib.configureVolumesAndVolumeMountsToAddCredentials(volumes, volumeMounts)
 	envVars = ib.configureEnvVarsToAddCredentials(envVars)
 
+	// Add all other env vars that are propagated from the API server as build args
+	for _, envVar := range ib.imageBuildingConfig.KanikoConfig.APIServerEnvVars {
+		kanikoArgs = append(kanikoArgs, fmt.Sprintf("--build-arg=%s=%s", envVar, os.Getenv(envVar)))
+	}
+
 	job := cluster.Job{
 		Name:                    kanikoJobName,
 		Namespace:               ib.imageBuildingConfig.BuildNamespace,