fix: forward CLI overrides to in-cluster deploy for Git-based remote deploys#3820
Conversation
This commit enhances the deployment process by allowing CLI-specified overrides for image pull secrets, service accounts, and deployer types to be forwarded to the in-cluster deployment step. The changes include: - Updated `main.go` to read environment variables for `FUNC_IMAGE_PULL_SECRET`, `FUNC_SERVICE_ACCOUNT`, and `FUNC_DEPLOYER`. - Modified Tekton task templates (`task-buildpack.yaml.tmpl`, `task-s2i.yaml.tmpl`) to include new parameters for these overrides. - Adjusted template data structures in `templates_pack.go` and `templates_s2i.go` to accommodate the new parameters. These enhancements ensure that user-defined configurations are properly applied during deployment, improving flexibility and usability.
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Ankitsinghsisodya The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
knative-prow
Bot
added
size/L
|
Hi @Ankitsinghsisodya. Thanks for your PR. I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with Tip We noticed you've done this a few times! Consider joining the org to skip this step and gain Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR threads CLI deploy overrides through Tekton pipeline params into the in-cluster func-deploy step, so Git-based remote deploys can apply user-supplied deploy settings even when func.yaml is sourced from the repo.
Changes:
- Add new Pipeline/PipelineRun params for
imagePullSecret,serviceAccount, anddeployerin both S2I and buildpacks pipelines. - Forward these params into Tekton Task params and then into the deploy step via
FUNC_*environment variables. - Teach
cmd/func-utilto readFUNC_*env vars and apply them ontof.Deploybefore deploying.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/pipelines/tekton/templates_s2i.go | Adds new pipeline + pipelinerun params and forwards them into the S2I build task. |
| pkg/pipelines/tekton/templates_pack.go | Adds new pipeline + pipelinerun params and forwards them into the buildpacks build task. |
| pkg/pipelines/tekton/templates.go | Extends template data and populates it from f.Deploy.* fields. |
| pkg/pipelines/tekton/task-s2i.yaml.tmpl | Adds task params and maps them to FUNC_* env vars for the deploy step. |
| pkg/pipelines/tekton/task-buildpack.yaml.tmpl | Adds task params and maps them to FUNC_* env vars for the deploy step. |
| cmd/func-util/main.go | Applies env var overrides to f.Deploy for in-cluster/Git-based deploys. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - description: Service account name forwarded to the in-cluster deploy step | ||
| name: serviceAccount | ||
| default: '' | ||
| type: string |
| if v := os.Getenv("FUNC_IMAGE_PULL_SECRET"); v != "" { | ||
| f.Deploy.ImagePullSecret = v | ||
| } | ||
| if v := os.Getenv("FUNC_SERVICE_ACCOUNT"); v != "" { | ||
| f.Deploy.ServiceAccountName = v | ||
| } | ||
| if v := os.Getenv("FUNC_DEPLOYER"); v != "" { | ||
| f.Deploy.Deployer = v | ||
| } |
| if v := os.Getenv("FUNC_DEPLOYER"); v != "" { | ||
| f.Deploy.Deployer = v | ||
| } |
lkingland
added
ok-to-test
Fixes #3768
Problem
When
func deployuses a Git-based pipeline (f.Build.Git.URLis set), CLI flags like--image-pull-secret,--service-account, and--deployerare silently ignored. The on-clusterfunc-deploytask step readsfunc.yamldirectly from the cloned Git repo, which never contains in-memory CLI overrides — unlike the PVC-upload path fixed by #3663.Solution
Forward the three CLI overrides as discrete Tekton params on the pipeline run and apply them as environment variables on the
func-deploytask step. The in-clusterdeploybinary reads these env vars and applies them over the values loaded fromfunc.yaml.How it works
The env vars are only applied when non-empty, so existing behaviour is unchanged when no overrides are passed.
Changes
cmd/func-util/main.go— readFUNC_IMAGE_PULL_SECRET,FUNC_SERVICE_ACCOUNT,FUNC_DEPLOYERenv vars after loadingfunc.yamland apply them over the struct before deployingtask-buildpack.yaml.tmpl/task-s2i.yaml.tmpl— addIMAGE_PULL_SECRET,SERVICE_ACCOUNT,DEPLOYERparams; set correspondingFUNC_*env vars on thefunc-deploysteptemplates_pack.go/templates_s2i.go— add the three params to the Pipeline spec and thread them to the task; add them to the PipelineRun paramstemplates.go— addImagePullSecret,ServiceAccountName,DeployertotemplateData; populate fromf.Deploy.*increateAndApplyPipelineRunTemplateNotes
DeployerImageisscratch-based with no shell, so env vars are used instead of a bash script with conditional flag appending.func.yamlbefore remote deploy upload #3663, which fixed the same bug for the PVC-upload path.