Prevent K8S env vars from leaking into sidecar

extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesProcessor.java

@@ -90,6 +90,7 @@
 import io.dekorate.kubernetes.decorator.AddRoleBindingResourceDecorator;
 import io.dekorate.kubernetes.decorator.AddSecretVolumeDecorator;
 import io.dekorate.kubernetes.decorator.AddServiceAccountResourceDecorator;
+import io.dekorate.kubernetes.decorator.ApplicationContainerDecorator;
 import io.dekorate.kubernetes.decorator.ApplyArgsDecorator;
 import io.dekorate.kubernetes.decorator.ApplyCommandDecorator;
 import io.dekorate.kubernetes.decorator.ApplyImagePullPolicyDecorator;
@@ -723,13 +724,13 @@ private void applyBuildItems(Session session,
         });
 
         kubernetesEnvs.forEach(e -> {
-            session.resources().decorate(e.getTarget(), new AddEnvVarDecorator(new EnvBuilder()
-                    .withName(EnvConverter.convertName(e.getName()))
-                    .withValue(e.getValue())
-                    .withSecret(e.getSecret())
-                    .withConfigmap(e.getConfigMap())
-                    .withField(e.getField())
-                    .build()));
+            String containerName = kubernetesName;
+            if (e.getTarget().equals(OPENSHIFT)) {
+                containerName = openshiftName;
+            } else if (e.getTarget().equals(KNATIVE)) {
+                containerName = knativeName;
+            }
+            session.resources().decorate(e.getTarget(), createAddEnvDecorator(e, containerName));
         });
 
         //Handle Command and arguments
@@ -785,6 +786,16 @@ private void applyBuildItems(Session session,
                 kubernetesHealthReadinessPath, session);
     }
 
+    private AddEnvVarDecorator createAddEnvDecorator(KubernetesEnvBuildItem e, String containerName) {
+        return new AddEnvVarDecorator(ApplicationContainerDecorator.ANY, containerName, new EnvBuilder()
+                .withName(EnvConverter.convertName(e.getName()))
+                .withValue(e.getValue())
+                .withSecret(e.getSecret())
+                .withConfigmap(e.getConfigMap())
+                .withField(e.getField())
+                .build());
+    }
+
     private void handleServices(Session session, KubernetesConfig kubernetesConfig, OpenshiftConfig openshiftConfig,
             KnativeConfig knativeConfig, String kubernetesName, String openshiftName, String knativeName) {
         session.resources().decorate(KUBERNETES,

integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/OpenshiftWithLegacySidecarAndS2iTest.java

@@ -83,6 +83,7 @@ private void assertSidecar(PodSpec podSpec) {
                     assertThat(c.getPorts()).singleElement().satisfies(p -> {
                         assertThat(p.getContainerPort()).isEqualTo(3000);
                     });
+                    assertThat(c.getEnv()).extracting("name").doesNotContain("JAVA_APP_JAR", "JAVA_LIB_DIR");
                 });
     }
 }

integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/OpenshiftWithSidecarAndS2iTest.java

@@ -83,6 +83,7 @@ private void assertSidecar(PodSpec podSpec) {
                     assertThat(c.getPorts()).singleElement().satisfies(p -> {
                         assertThat(p.getContainerPort()).isEqualTo(3000);
                     });
+                    assertThat(c.getEnv()).extracting("name").doesNotContain("JAVA_APP_JAR", "JAVA_LIB_DIR");
                 });
     }
 }