Support pass environment to build pod container

[zhoufenqin]

We need to pass some enviroment into build pod initcontainer

For example, it will VerifyWriteAccess in build-init initcontainer or validating registry read access in analyzer initcontainer, similar validate operations exist in export/compeletion containers

we use azure container registry, and use managed identity to pull/push image, if there are multiple managed identity exist in azure kubenetes, we need to pass environment like "AZURE_CLIENT_ID" to specify one of them, other wise, it will fail to get token and validate failed.

But I can only configure cnbimage, kpack-controller will trigger buildpod, I can't pass environments to build-init initcontainer

Can you support this kind of features?

[chenbh]

1. Are you mainly interested in using these env vars in the build pod (i.e. only with the Image and Build CR), or do you see a need for this to work with the images pushed by the controller (i.e. Buildpack, Builder, ClusterStack)? The latter is a lot more complicated to implement because the controller parallelizes reconciliation of Builders and env vars are shared all goroutines.

2. How granular do you need it to be? Should it be one client ID per Image/Build CR, or one client ID per registry host (i.e. my-corp.azurecr.io)?

[zhoufenqin]

Hi @chenbh

1. I'm interested in using the env var in build pod, and the client_id will be used in multiple container, like prepare/build/expoert/completion containers and so on, when operate with container registry, it need a client_id
2. per image/build CR need a client_id, not per registry host