Feature/environment var creds (#116)

- Change templates to interpolate environment variables in docker compose - Change templates to invoke secrets for environment variable credentials in K8s configuration - Update LLMs to pull in credentials from environment variables if not specified
2026-04-26 00:46:22 +02:00 · 2024-10-15 00:34:52 +01:00 · 2024-10-15 00:34:52 +01:00 · 86288339cf
commit 86288339cf
parent 43756d872b
20 changed files with 327 additions and 271 deletions
--- a/templates/engine/k8s.jsonnet
+++ b/templates/engine/k8s.jsonnet
@ -10,12 +10,20 @@
        reservations: {},
        ports: [],
        volumes: [],
+        environment: [],

        with_image:: function(x) self + { image: x },

        with_command:: function(x) self + { command: x },

-        with_environment:: function(x) self + { environment: x },
+        with_environment:: function(x) self + {
+            environment: super.environment + [
+                {
+                    name: v.key, value: v.value
+                }
+                for v in std.objectKeysValues(x)
+            ],
+        },

        with_limits:: function(c, m) self + { limits: { cpu: c, memory: m } },

@ -37,6 +45,24 @@
                ]
            },

+        with_env_var_secrets::
+            function(vars)
+                std.foldl(
+                    function(obj, x) obj + {
+                        environment: super.environment + [{
+                            name: x,
+                            valueFrom: {
+                                secretKeyRef: {
+                                    name: vars.name,
+                                    key: vars.keyMap[x],
+                                }
+                            }
+                        }]
+                    },
+                    vars.variables,
+                    self
+                ),
+
        add:: function() [

                {
@ -97,16 +123,11 @@
                                    (if std.objectHas(container, "command") then
                                    { command: container.command }
                                    else {}) + 
-                                    (if std.objectHas(container, "environment") then
-                                    { env: [ {
-                                        name: e.key, value: e.value
-                                        }
-                                        for e in 
-                                        std.objectKeysValues(
-                                            container.environment
-                                            )
-                                            ]
-                                            }
+
+                                    (if ! std.isEmpty(container.environment) then
+                                    {
+                                        env: container.environment,
+                                    }
                                    else {}) + 

                (if std.length(container.volumes) > 0 then
@ -283,6 +304,34 @@

    },

+    envSecrets:: function(name)
+    {
+
+        local volume = self,
+
+        name: name,
+
+        variables: [],
+        keyMap: {},
+
+        with_size:: function(size) self + { size: size },
+
+        add:: function() [
+        ],
+
+        volRef:: function() {
+            name: volume.name,
+            secret: { secretName: volume.name },
+        },
+
+        with_env_var::
+            function(name, key) self + {
+                variables: super.variables + [name],
+                keyMap: super.keyMap + { [name]: key },
+            },
+
+    },
+
    containers:: function(name, containers)
    {