fix: Add check before activating service accounts in Kaniko build jobs #358
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
With the changes in PR #357, there is a need to make additional changes to the Dockerfiles of the Kaniko image building templates - instead of authenticating immediately with
GOOGLE_APPLICATION_CREDENTIALS
, we now first check if that env var is defined, if so we will authenticate with the credentials stored in the file path pointed to by that env var; otherwise, thegcloud auth activate-service-account
will not be run in the Dockerfile. In the second scenario, the Google service account credentials are expected to be passed to the Kaniko image building jobs via a mounted Kubernetes service account.A similar change has been implemented in Merlin: https://github.com/caraml-dev/merlin/pull/352/files#diff-931d889c572814da3e253178b316471ac9878c45bf0497dd1792b5442eab359cR24