Allow cast api key to be specified via API_KEY and CAST_API_KEY env v…

…ariables To get kvisor in line with the rest of the cast setup, it is now also supported to pass in the API key via the API_KEY env variable.
castai · Apr 25, 2024 · 1015248 · 1015248
1 parent 5396d96
commit 1015248
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 11 deletions.
diff --git a/charts/kvisor/templates/secret.yaml b/charts/kvisor/templates/secret.yaml
@@ -7,5 +7,5 @@ metadata:
   labels:
     {{- include "kvisor.labels" . | nindent 4}}
 data:
-  CASTAI_API_KEY: {{ required "castai.apiKey must be provided" .Values.castai.apiKey | b64enc | quote }}
+  API_KEY: {{ required "castai.apiKey must be provided" .Values.castai.apiKey | b64enc | quote }}
 {{- end }}
diff --git a/charts/kvisor/values.yaml b/charts/kvisor/values.yaml
@@ -8,7 +8,7 @@ castai:
 
   # Name of secret with Token to be used for authorizing agent access to the API
   # apiKey and apiKeySecretRef are mutually exclusive
-  # The referenced secret must provide the token in .data["CASTAI_API_KEY"]
+  # The referenced secret must provide the token in .data["API_KEY"]
   apiKeySecretRef: ""
 
   # CASTAI grpc public api address.

diff --git a/cmd/agent/daemon/daemon.go b/cmd/agent/daemon/daemon.go
@@ -52,6 +52,20 @@ var (
 	kubeconfigPath = pflag.String("kubeconfig", "", "Kubeconfig file")
 )
 
+func lookupConfigVariable(name string) (string, error) {
+	key, found := os.LookupEnv("CASTAI_" + name)
+	if found {
+		return key, nil
+	}
+
+	key, found = os.LookupEnv(name)
+	if found {
+		return key, nil
+	}
+
+	return "", fmt.Errorf("environment variable missing: please provide either `CAST_%s` or `%s`", name, name)
+}
+
 func NewCommand(version string) *cobra.Command {
 	command := &cobra.Command{
 		Use: "daemon",
@@ -75,10 +89,27 @@ func NewCommand(version string) *cobra.Command {
 				os.Exit(1)
 			}
 
+			castaiGRPCAddress, found := os.LookupEnv("CASTAI_API_GRPC_ADDR")
+			if !found {
+				slog.Error("missing required environment variable: CASTAI_API_GRPC_ADDR")
+				os.Exit(1)
+			}
+			castaiClusterID, found := os.LookupEnv("CASTAI_CLUSTER_ID")
+			if !found {
+				slog.Error("missing required environment variable: CASTAI_CLUSTER_ID")
+				os.Exit(1)
+			}
+
+			apiKey, err := lookupConfigVariable("API_KEY")
+			if err != nil {
+				slog.Error(err.Error())
+				os.Exit(1)
+			}
+
 			castaiClientCfg := castai.Config{
-				APIKey:      os.Getenv("CASTAI_API_KEY"),
-				APIGrpcAddr: os.Getenv("CASTAI_API_GRPC_ADDR"),
-				ClusterID:   os.Getenv("CASTAI_CLUSTER_ID"),
+				APIKey:      apiKey,
+				APIGrpcAddr: castaiGRPCAddress,
+				ClusterID:   castaiClusterID,
 				Insecure:    *castaiServerInsecure,
 			}
 

diff --git a/cmd/agent/imagescan/config/config.go b/cmd/agent/imagescan/config/config.go
@@ -1,7 +1,9 @@
 package config
 
 import (
+	"errors"
 	"io/fs"
+	"os"
 	"time"
 
 	"github.com/kelseyhightower/envconfig"
@@ -31,9 +33,10 @@ const (
 )
 
 type Config struct {
-	CastaiClusterID    string `envconfig:"CASTAI_CLUSTER_ID" required:"true"`
-	CastaiAPIGrpcAddr  string `envconfig:"CASTAI_API_GRPC_ADDR" required:"true"`
-	CastaiAPIKey       string `envconfig:"CASTAI_API_KEY" required:"true"`
+	CastaiClusterID   string `envconfig:"CASTAI_CLUSTER_ID" required:"true"`
+	CastaiAPIGrpcAddr string `envconfig:"CASTAI_API_GRPC_ADDR" required:"true"`
+	// The api key is required, but we support two differnt ways of setting it.
+	CastaiAPIKey       string `envconfig:"CASTAI_API_KEY"`
 	CastaiGRPCInsecure bool   `envconfig:"CASTAI_GRPC_INSECURE"`
 
 	BlobsCacheURL     string        `envconfig:"COLLECTOR_BLOBS_CACHE_URL"`
@@ -58,6 +61,16 @@ func FromEnv() (Config, error) {
 	if err := envconfig.Process("", &cfg); err != nil {
 		return Config{}, err
 	}
+
+	if cfg.CastaiAPIKey == "" {
+		// fall back to non `CASTAI` prefix env variable
+		if apiKey, found := os.LookupEnv("API_KEY"); found {
+			cfg.CastaiAPIKey = apiKey
+		} else {
+			return Config{}, errors.New("required environment variable not set: CASTAI_API_KEY or API_KEY are missing")
+		}
+	}
+
 	return cfg, nil
 }
 

diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -79,17 +79,45 @@ var (
 	jobsCleanupJobAge   = pflag.Duration("jobs-cleanup-job-age", 10*time.Minute, "Jobs cleanup job age")
 )
 
+func lookupConfigVariable(name string) (string, error) {
+	key, found := os.LookupEnv("CASTAI_" + name)
+	if found {
+		return key, nil
+	}
+
+	key, found = os.LookupEnv(name)
+	if found {
+		return key, nil
+	}
+
+	return "", fmt.Errorf("environment variable missing: please provide either `CAST_%s` or `%s`", name, name)
+}
+
 func main() {
 	pflag.Parse()
 
 	ctx, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
 	defer cancel()
 
-	castaiGRPCAddress := os.Getenv("CASTAI_API_GRPC_ADDR")
-	castaiClusterID := os.Getenv("CASTAI_CLUSTER_ID")
+	castaiGRPCAddress, found := os.LookupEnv("CASTAI_API_GRPC_ADDR")
+	if !found {
+		slog.Error("missing required environment variable: CASTAI_API_GRPC_ADDR")
+		os.Exit(1)
+	}
+	castaiClusterID, found := os.LookupEnv("CASTAI_CLUSTER_ID")
+	if !found {
+		slog.Error("missing required environment variable: CASTAI_CLUSTER_ID")
+		os.Exit(1)
+	}
+
+	apiKey, err := lookupConfigVariable("API_KEY")
+	if err != nil {
+		slog.Error(err.Error())
+		os.Exit(1)
+	}
 
 	castaiClientCfg := castai.Config{
-		APIKey:      os.Getenv("CASTAI_API_KEY"),
+		APIKey:      apiKey,
 		APIGrpcAddr: castaiGRPCAddress,
 		ClusterID:   castaiClusterID,
 		Insecure:    *castaiServerInsecure,