make wrapper server work with distroless-based images

[mengqiy]

Creating this PR sooner to unblock other folks.
I will add an distroless-base KRM function in gcr.io/kpt-fn-demo and then add an e2e test for it.
Alternatively, we can use something like gcr.io/cad-demo-sdk/set-namespace:latest, but I'm not sure if gcr.io/cad-demo-sdk will be deleted later.
We can also consider mirroring an image from gcr.io/cad-demo-sdk to gcr.io/kpt-fn-demo for testing purpose only.

[bgrant0607]

Thanks!

The code for those functions is pretty small (50-100 lines each). We could take one and add it to the demo functions as an example of a distroless function, or we could convert an existing function to distroless.

Example Dockerfile:

# Build the function
FROM golang:1.17 AS build
WORKDIR /go/ui
COPY go.mod .
COPY go.sum .
COPY ./clients/go ./clients/go
RUN CGOENABLED=0 go build -v k8s.io/klog/v2 sigs.k8s.io/kustomize/kyaml/yaml/...

COPY backend/pkg/yoy backend/pkg/yoy
COPY functions/validate-resourcequota/*.go functions/validate-resourcequota/
RUN CGOENABLED=0 go build -o /validate-resourcequota -v ./functions/validate-resourcequota

# The runtime image
FROM gcr.io/distroless/base-debian11:latest
COPY --from=build /validate-resourcequota /validate-resourcequota
ENTRYPOINT [ "/validate-resourcequota" ]

[martinmaly]

can kpt accept function config on stdin?

[droot]

No. it doesn't. kpt fn eval does accept stdin but for entire resourcelist.

[mengqiy]

Most customization in create-deployment-blueprint.sh can be converted to a kpt pipeline.

[droot]

No. it doesn't. kpt fn eval does accept stdin but for entire resourcelist.

[mengqiy]

I'm going to merge this PR and will add an e2e test in a follow-up PR.