[Core] Move server-only env vars under SKYPILOT_SERVER_ prefix

[cg505]

Summary

• request_body_env_vars() (in sky/server/requests/payloads.py) forwards every SKYPILOT_* env var that does not start with SKYPILOT_SERVER_* into request bodies. Several env vars set on the API server pod via the Helm downward API or extraEnvs accidentally used the plain SKYPILOT_ prefix — they were getting scraped into requests, persisted (under postgres-backed deployments), and later re-applied via os.environ.update() when a daemon dequeued its request, poisoning the server's environ with values from previous deployment generations.
• This PR renames the affected env vars to use the SKYPILOT_SERVER_ prefix in the Helm chart and at every read site. constants.getenv_server_with_legacy(new, legacy) keeps the old bare names working for one deprecation window and logs a debug hint if a legacy name is still in use.
• Adds enableServiceLinks: false to the api-server pod spec, plus a defensive deny-list filter in request_body_env_vars() for K8s service-link injection patterns under SKYPILOT_AGENT_*.

Variables renamed

APISERVER_UUID, POD_CPU_CORE_LIMIT, POD_MEMORY_BYTES_LIMIT, POD_MEMORY_GB_LIMIT, RELEASE_NAME, INGRESS_HOST, INGRESS_BASIC_AUTH_ENABLED, INITIAL_BASIC_AUTH, DISABLE_BASIC_AUTH_MIDDLEWARE, AUTH_OAUTH2_PROXY_ENABLED, AUTH_OAUTH2_PROXY_BASE_URL, AUTH_USER_HEADER, GRACE_PERIOD_SECONDS, ROLLING_UPDATE_ENABLED, API_SERVER_STORAGE_ENABLED, IN_CLUSTER_NAMESPACE, ALL_KUBERNETES_CONTEXTS_INCLUDES_IN_CLUSTER — each gets a new SKYPILOT_SERVER_* name plus a legacy bare-name fallback at the read site.

SKY_API_SERVER_METRICS_ENABLED uses a SKY_ prefix and is already excluded by the filter, so it's left alone (just documented).

SKYPILOT_DB_CONNECTION_URI is already explicitly popped in request_body_env_vars(), so it's left alone too.

Backwards compatibility

The Helm chart emits BOTH the new SKYPILOT_SERVER_* name and the legacy bare SKYPILOT_* name for each renamed var. Combined with the reader's legacy fallback, this covers all four chart/image skew combinations during a rolling upgrade:

• New server + new chart: reader prefers SKYPILOT_SERVER_*; legacy emit is ignored.
• New server + old chart: reader falls back to the legacy name; logs a debug hint.
• Old server + new chart: old reader still finds the legacy name (this is the case @cg505 flagged — dual-emit makes this safe).
• Old server + old chart: unchanged.
• Rolling upgrade with stale daemon rows that still have OLD names in request_body.env_vars: after os.environ.update() applies the OLD names to the server, readers still find them via fallback. The SERVER no longer sets the OLD names itself, so the leak source dries up. Stale rows decay as their requests finish.

API request schema is unchanged — no API_VERSION bump.

Test plan

• Unit tests added: tests/unit_tests/test_sky/server/requests/test_payloads.py covers the prefix filter and the SKYPILOT_AGENT_* deny-list (including the case where legitimate SKYPILOT_AGENT_ID-style vars are not filtered).
• Unit tests added: tests/unit_tests/test_sky/skylet/test_constants_legacy_env_var.py covers the legacy fallback helper (new-only, legacy-only, both, neither, bool variant).
• Existing tests updated: test_common_utils.py (new + legacy env var names), test_kubernetes.py::TestKubernetesAllIncludesInCluster (cleanup for both env var names).
• Helm chart goldens updated: charts/skypilot/tests/deployment_test.yaml, oauth2_test.yaml.
• helm unittest charts/skypilot → 134/134 passing.
• helm template skypilot-test charts/skypilot confirms enableServiceLinks: false is rendered and env vars use the new prefix.
• Smoke: spun up a reproduction script that mirrors the original leak — before the fix 18 server-only vars leaked through request_body_env_vars(); after, 0.

Test commands

# Unit tests for changed modules
pytest tests/unit_tests/test_sky/server/requests/test_payloads.py \
       tests/unit_tests/test_sky/skylet/test_constants_legacy_env_var.py

# Helm chart goldens
helm unittest charts/skypilot

🤖 Generated with Claude Code

Known unrelated CI failure

Python Tests - Unit Tests fails on test_api_login_user_hash_needs_auth and
test_api_login_user_hash_needs_auth_both with TypeError: '>=' not supported between instances of 'Mock' and 'int'. The failure traces to
sky/client/sdk.py:2927 (remote_api_version >= 30), which was added in #8590
without mocking versions.get_remote_api_version() in those tests. This PR
doesn't touch either file; the failure reproduces on master.

[gemini-code-assist]

Code Review

This pull request implements a naming convention to distinguish between client-relevant (SKYPILOT_) and server-only (SKYPILOT_SERVER_) environment variables, preventing internal server configurations from leaking into client requests. It introduces a getenv_server_with_legacy helper to maintain backward compatibility during the transition. Additionally, the PR disables Kubernetes service-link environment variable injection and adds filtering logic to exclude these variables from request bodies. The review feedback identifies a redundant string fallback in the server health check logic that should be simplified for clarity.

[gemini-code-assist]

The or 'false' here is redundant. Since getenv_server_with_legacy is called with default='false', it is guaranteed to return a string and will never be None. You can simplify this expression for better clarity.

Suggested change

	ingress_basic_auth_enabled=(constants.getenv_server_with_legacy(
	constants.SKYPILOT_SERVER_INGRESS_BASIC_AUTH_ENABLED_ENV_VAR,
	constants.LEGACY_SKYPILOT_INGRESS_BASIC_AUTH_ENABLED_ENV_VAR,
	default='false') or 'false').lower() == 'true',
	ingress_basic_auth_enabled=(constants.getenv_server_with_legacy(
	constants.SKYPILOT_SERVER_INGRESS_BASIC_AUTH_ENABLED_ENV_VAR,
	constants.LEGACY_SKYPILOT_INGRESS_BASIC_AUTH_ENABLED_ENV_VAR,
	default='false').lower() == 'true'),

[cg505]

Closing — wrong ticket; will reopen on the correct one. -Claude

[cg505]

Reopening — wrong session earlier; this is in fact the right ticket. -Claude

[cg505]

We need to be careful with the upgrade process here to make sure we never use a chart that has this commit with an API server that does not yet have this commit. cc @aylei @zpoint

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 5 additional findings.

[cg505]

We need to be careful with the upgrade process here to make sure we never use a chart that has this commit with an API server that does not yet have this commit. cc @aylei @zpoint

Good catch — addressed in 2d729d1. The Helm chart now emits BOTH names for each renamed var:

- name: SKYPILOT_SERVER_APISERVER_UUID
  valueFrom: { fieldRef: { fieldPath: metadata.uid } }
- name: SKYPILOT_APISERVER_UUID  # DEPRECATED — remove in a future release.
  valueFrom: { fieldRef: { fieldPath: metadata.uid } }

Skew matrix:

chart	image	works?
new	new	✅ reader prefers SERVER_*, legacy emit ignored
new	old	✅ old reader still finds the legacy name (your case)
old	new	✅ reader falls back to the legacy name (debug-log hint)
old	old	✅ unchanged

We can drop the legacy emit (and the reader fallback) after one or two release cycles. -Claude