[Runtime] Implement runtime context detection in SDK sync method #9121
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…during the the sync secret tokens function
…imes/nuclio/functions.py _get_runtime_env inside of it since they were duplicate functions. Also added the MLRUN_RUNTIME_KIND env var with a fieldRef to the mlrun/class label. Function is now able to return k8s format instead of casting the returned value later in many different places
liranbg
requested changes
Dec 28, 2025
mlrun/runtimes/base.py
Outdated
| def _generate_runtime_env( | ||
| self, runobj: RunObject = None, auth_info: mlrun.common.schemas.AuthInfo = None | ||
| ) -> dict: | ||
| self, runobj: RunObject = None, return_k8s_format: bool = False |
Member
There was a problem hiding this comment.
ideally, you want to have helper function to convern between formats - but, regardless this is a bit problematic because _generate_runtime_env may include valueFrom in which you wont be able to flatten. thus, I think we need to calibrate why we have some consumers using one way and other another way (perhaps diff between remote runtime and local runs). for that purpose, we need to move it to launchers or so.
… create _generate_k8s_runtime_env to get the kubernetes format. Change callees functions and tests accordingly.
liranbg
reviewed
Jan 6, 2026
Member
liranbg
left a comment
liranbg
left a comment
There was a problem hiding this comment.
minor question/comment - lgtm
mlrun/runtimes/base.py
Outdated
Comment on lines
449
to
453
| if self.metadata.credentials.access_key: | ||
| runtime_env[ | ||
| mlrun.common.runtimes.constants.FunctionEnvironmentVariables.auth_session | ||
| ] = self.metadata.credentials.access_key | ||
|
|
Contributor
Author
There was a problem hiding this comment.
This comes from nuclio's _get_runtime_env function
https://github.com/mlrun/mlrun/pull/9121/changes#diff-91002e128e55ae0b16d8d62abbd2c9f54e83d5d584a287b43f0df436df7b2f88L884-L887
liranbg
reviewed
Jan 7, 2026
Comment on lines
+449
to
+456
| # Import here to avoid circular import | ||
| import mlrun.runtimes | ||
|
|
||
| # Set auth session only for nuclio runtimes that have an access key | ||
| if ( | ||
| self.kind in mlrun.runtimes.RuntimeKinds.nuclio_runtimes() | ||
| and self.metadata.credentials.access_key | ||
| ): |
liranbg
approved these changes
Jan 7, 2026
10 tasks
liranbg
pushed a commit
that referenced
this pull request
Jan 8, 2026
### 📝 Description This is a following PR of #9121 that fixes a circular import in the runtime module and removes the need for function-level import. `RuntimeKinds` was moved into a dedicated module (`mlrun/runtimes/constants.py`) so it can be imported without pulling in nuclio runtime modules. The nuclio resolver helpers (`resolve_nuclio_runtime` / `resolve_nuclio_sub_kind`) cannot live in `constants.py` because they depend on nuclio runtime classes (e.g. `RemoteRuntime`), which import `base.py` and create an import cycle. To preserve backwards compatibility, the resolvers remain available as: `RuntimeKinds.resolve_nuclio_runtime` and `RuntimeKinds.resolve_nuclio_sub_kind`, implemented in `mlrun/runtimes/__init__.py` and attached as `staticmethod`s. --- ### 🛠️ Changes Made - Moved `RuntimeKinds` to `mlrun/runtimes/constants.py` - Removed nuclio-related imports from `constants.py` to avoid import cycles - Implemented nuclio resolver helpers in `mlrun/runtimes/__init__.py` - Kept the existing `RuntimeKinds.resolve_nuclio_*` API working via `staticmethod` assignment --- ### ✅ Checklist - [ ] I updated the documentation (if applicable) - [ ] I have tested the changes in this PR - [ ] I confirmed whether my changes are covered by system tests - [ ] If yes, I ran all relevant system tests and ensured they passed before submitting this PR - [ ] I updated existing system tests and/or added new ones if needed to cover my changes - [ ] If I introduced a deprecation: - [ ] I followed the [Deprecation Guidelines](./DEPRECATION.md) - [ ] I updated the relevant Jira ticket for documentation --- ### 🧪 Testing <!-- - How it was tested (unit tests, manual, integration) --> <!-- - Any special cases covered. --> --- ### 🔗 References - Ticket link: https://iguazio.atlassian.net/browse/ML-10519 - Design docs links: - External links: --- ### 🚨 Breaking Changes? - [ ] Yes (explain below) - [ ] No <!-- If yes, describe what needs to be changed downstream: --> --- ### 🔍️ Additional Notes <!-- Anything else reviewers should know (follow-up tasks, known issues, affected areas etc.). --> <!-- ### 📸 Screenshots / Logs -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📝 Description
During
import mlrun, authentication tokens stored locally in the igz.yml file are synced to Kubernetes and persisted as secrets. This PR prevents that synchronization from occurring when the code is executed from within a runtime.To detect runtime execution, an environment variable
MLRUN_RUNTIME_KINDis injected into the pods and used as the indicator. Its value is derived from themlrun/classlabel.🛠️ Changes Made
_generate_runtime_envto include both the logic of nuclio's env generation function (_get_runtime_env) and the mlrun one used for other runtimes_generate_external_source_runtime_envsfor non-static env vars such asMLRUN_RUNTIME_KIND_generate_k8s_runtime_envfor k8s formatis_running_in_runtimehelper functionsync_secret_tokensto not run if inside a runtime✅ Checklist
🧪 Testing
kubejob,nuclioanddask_get_pod_env_vars_as_dictused in test_submit because it assumed all external sources env vars are secret kind🔗 References
🚨 Breaking Changes?
🔍️ Additional Notes