Add spec.build.env to workload (#389)

* Add spec.build.env to workload * examples: bump kpack, use spec.build.env here we add to the example the use of workload.spec.build.env to showcase how one can go about tweaking the environment variables passed solely to the build stage of our supplychain. we can verify that kpack indeed does so by looking at the logs from the `prepare` container: Container/prepare Build reason(s): CONFIG CONFIG: + env: + - name: CGO_ENABLED + value: "0" resources: {} - source: {} + source: + blob: + url: http://source-controller.gito... Loading secret for "10.188.0.3:5000" from secr... Downloading source-controller.gitops-toolkit.s... Successfully downloaded source-controller.gito... which indeed gets propagated to the pod: - name: PLATFORM_ENV_VARS value: '[{"name":"CGO_ENABLED","value":"0"}]' * docs: update reference to include spec.build.env Co-authored-by: Ciro S. Costa <[email protected]>
vmware-tanzu · Nov 24, 2021 · 8a685fc · 8a685fc
1 parent 9360e25
commit 8a685fc
Show file tree

Hide file tree

Showing 13 changed files with 187 additions and 17 deletions.
diff --git a/config/crd/bases/carto.run_workloads.yaml b/config/crd/bases/carto.run_workloads.yaml
@@ -48,6 +48,118 @@ spec:
  type: object
  spec:
  properties:
+ build:
+ properties:
+ env:
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a
+ C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in
+ the container and any service environment variables. If
+ a variable cannot be resolved, the reference in the input
+ string will be unchanged. Double $$ are reduced to a single
+ $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports metadata.name,
+ metadata.namespace, `metadata.labels[''<KEY>'']`,
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container: only
+ resources limits and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu, requests.memory
+ and requests.ephemeral-storage) are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the
+ exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key
+ must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
  env:
  items:
  description: EnvVar represents an environment variable present in

diff --git a/examples/source-to-knative-service/00-cluster/kpack.yaml b/examples/source-to-knative-service/00-cluster/kpack.yaml
@@ -14,7 +14,7 @@
 
 #@ load("@ytt:data", "data")
 ---
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: ClusterStore
 metadata:
  name: go-store
@@ -23,7 +23,7 @@ spec:
  - image: gcr.io/paketo-buildpacks/go
 
 ---
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: ClusterStack
 metadata:
  name: stack
@@ -34,7 +34,7 @@ spec:
  runImage:
  image: "paketobuildpacks/run:base-cnb"
 ---
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: ClusterBuilder
 metadata:
  name: go-builder

diff --git a/examples/source-to-knative-service/README.md b/examples/source-to-knative-service/README.md
@@ -84,7 +84,7 @@ kapp deploy --yes -a tekton \
  images using buildpacks
 
 ```bash
-KPACK_VERSION=0.4.2
+KPACK_VERSION=0.4.3
 
 kapp deploy --yes -a kpack \
  -f https://github.com/pivotal/kpack/releases/download/v$KPACK_VERSION/release-$KPACK_VERSION.yaml
@@ -328,7 +328,7 @@ images built based on a branch with the following [kpack/Image] definition:
 
 
 ```yaml
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: Image
 metadata:
  name: hello-world
@@ -350,7 +350,7 @@ reference to the image that has been built and pushed to a registry.
 
 
 ```yaml
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: Image
 metadata:
  name: hello-world
@@ -379,7 +379,7 @@ instance, by specifying which revision to use:
 
 
 ```yaml
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: Image
 metadata:
  name: hello-world
@@ -399,7 +399,7 @@ i.e., it'd be great if we could somehow express:
 
 
 ```yaml
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: Image
 metadata:
  name: hello-world
@@ -416,7 +416,7 @@ any developer wanting to have their code built, could _"just"_ get it done
 without having to know the details of `kpack`, something like
 
 ```yaml
-apiVersion: kpack.io/v1alpha1
+apiVersion: kpack.io/v1alpha2
 kind: Image
 metadata:
  name: $(name_of_the_project)
@@ -509,7 +509,7 @@ status: outputting source
  | |
 --- | |
 kind: Image | | outputting image
-apiVersion: kpack.io/v1alpha1 | | information to
+apiVersion: kpack.io/v1alpha2 | | information to
 spec: | | others
  source: | |
  git: | |
@@ -587,7 +587,7 @@ spec:
  # the reference to the image that it built
  # and pushed to a container image registry
  template:
- apiVersion: kpack.io/v1alpha1
+ apiVersion: kpack.io/v1alpha2
  kind: Image
  metadata:
  name: $(workload.name)$
@@ -718,7 +718,7 @@ status: outputting source
  | |
 --- | |
 kind: Image | | outputting image
-apiVersion: kpack.io/v1alpha1 | | information to
+apiVersion: kpack.io/v1alpha2 | | information to
 spec: | | others
  source: | |
  git: | |

diff --git a/examples/source-to-knative-service/app-operator/supply-chain-templates.yaml b/examples/source-to-knative-service/app-operator/supply-chain-templates.yaml
@@ -100,22 +100,28 @@ kind: ClusterImageTemplate
 metadata:
  name: image
 spec:
+ params:
+ - name: image_prefix
+ default: projectcartographer/demo-
+
  imagePath: .status.latestImage
 
  template:
- apiVersion: kpack.io/v1alpha1
+ apiVersion: kpack.io/v1alpha2
  kind: Image
  metadata:
  name: $(workload.metadata.name)$
  spec:
- tag: #@ data.values.image_prefix + "$(workload.metadata.name)$"
- serviceAccount: service-account
+ tag: $(params.image_prefix)$$(workload.metadata.name)$
+ serviceAccountName: service-account
  builder:
  kind: ClusterBuilder
  name: go-builder
  source:
  blob:
  url: $(sources.source.url)$
+ build:
+ env: $(workload.spec.build.env)$
 
 ---
 #

diff --git a/examples/source-to-knative-service/app-operator/supply-chain.yaml b/examples/source-to-knative-service/app-operator/supply-chain.yaml
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+#@ load("@ytt:data", "data")
+---
 apiVersion: carto.run/v1alpha1
 kind: ClusterSupplyChain
 metadata:
@@ -44,6 +46,9 @@ spec:
  templateRef:
  kind: ClusterImageTemplate
  name: image
+ params:
+ - name: image_prefix
+ value: #@ data.values.image_prefix
  sources:
  - resource: source-tester
  name: source

diff --git a/examples/source-to-knative-service/developer/workload.yaml b/examples/source-to-knative-service/developer/workload.yaml
@@ -24,3 +24,7 @@ spec:
  url: https://github.com/kontinue/hello-world
  ref:
  branch: main
+ build:
+ env:
+ - name: CGO_ENABLED
+ value: "0"
diff --git a/hack/setup.sh b/hack/setup.sh
@@ -33,7 +33,7 @@ readonly KUBERNETES_CONTAINER_NAME=cartographer-control-plane
 readonly CERT_MANAGER_VERSION=1.5.3
 readonly KAPP_CONTROLLER_VERSION=0.30.0
 readonly KNATIVE_SERVING_VERSION=0.26.0
-readonly KPACK_VERSION=0.4.2
+readonly KPACK_VERSION=0.4.3
 readonly SECRETGEN_CONTROLLER_VERSION=0.6.0
 readonly SOURCE_CONTROLLER_VERSION=0.17.0
 readonly TEKTON_VERSION=0.30.0

diff --git a/pkg/apis/v1alpha1/workload.go b/pkg/apis/v1alpha1/workload.go
@@ -65,9 +65,14 @@ type WorkloadSpec struct {
  Image *string `json:"image,omitempty"`
  ServiceClaims []WorkloadServiceClaim `json:"serviceClaims,omitempty"`
  Env []corev1.EnvVar `json:"env,omitempty"`
+ Build WorkloadBuild `json:"build,omitempty"`
  Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
 }
 
+type WorkloadBuild struct {
+ Env []corev1.EnvVar `json:"env,omitempty"`
+}
+
 type WorkloadStatus struct {
  ObservedGeneration int64 `json:"observedGeneration,omitempty"`
  Conditions []metav1.Condition `json:"conditions,omitempty"`

diff --git a/pkg/apis/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/site/content/docs/reference.md b/site/content/docs/reference.md
@@ -70,6 +70,14 @@ spec:
  #
  image: harbor-repo.vmware.com/tanzu_desktop/golang-sample-source@sha256:e508a587
 
+ build:
+ # environment variables to propagate to a resource responsible
+ # for performing a build in the supplychain.
+ #
+ env:
+ - name: CGO_ENABLED
+ value: "0"
+
 
  # serviceClaims to be bound through service-bindings
  #
@@ -355,7 +363,7 @@ spec:
  # same data available for interpolation as any other `*Template`. (required)
  #
  template:
- apiVersion: kpack.io/v1alpha1
+ apiVersion: kpack.io/v1alpha2
  kind: Image
  metadata:
  name: $(workload.metadata.name)$-image

diff --git a/tests/kuttl/supplychain/templates-refer-to-workload/00-templates.yaml b/tests/kuttl/supplychain/templates-refer-to-workload/00-templates.yaml
@@ -30,6 +30,7 @@ spec:
  workload_git_ref_branch: $(workload.spec.source.git.ref.branch)$
  workload_services_first_kind: $(workload.spec.serviceClaims[0].ref.kind)$
  workload_env: $(workload.spec.env[?(@.name=="SPRING_PROFILES_ACTIVE")].value)$
+ workload_build_env: $(workload.spec.build.env[?(@.name=="SOME_BUILD_ENV")].value)$
  workload_resources_requests_cpu: $(workload.spec.resources.requests.cpu)$
 
 ---

diff --git a/tests/kuttl/supplychain/templates-refer-to-workload/02-assert.yaml b/tests/kuttl/supplychain/templates-refer-to-workload/02-assert.yaml
@@ -31,6 +31,7 @@ data:
  workload_git_ref_branch: main
  workload_services_first_kind: RabbitMQ
  workload_env: mysql
+ workload_build_env: foo
  workload_resources_requests_cpu: 250m
 
 ---

diff --git a/tests/kuttl/supplychain/templates-refer-to-workload/02-workload.yaml b/tests/kuttl/supplychain/templates-refer-to-workload/02-workload.yaml
@@ -47,6 +47,11 @@ spec:
  - name: SPRING_PROFILES_ACTIVE
  value: mysql
 
+ build:
+ env:
+ - name: SOME_BUILD_ENV
+ value: foo
+
  resources:
  requests:
  memory: "1Gi"