Pass default-image-prefix to function runners

[mozesl-nokia]

The default-image-prefix server argument was not passed along to the KRM function runner previously. This PR is a fix for that.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: mozesl-nokia (3b5e1dd, 66fd1cd)

[nephio-prow]

Hi @mozesl-nokia. Thanks for your PR.

I'm waiting for a nephio-project member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[liamfallon]

/ok-to-test

[kispaljr]

/approve

[liamfallon]

It seems very complex to achieve even simple things in Porch.

/approve

[nephio-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kispaljr, liamfallon, mozesl-nokia

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [kispaljr,liamfallon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[liamfallon]

@mozesl-nokia you will need to sign the CLA before we can merge this PR.

[kispaljr]

Just a quick note: we are aware of this constant in the podevaluator:

porch/func/internal/podevaluator.go

Line 65 in 6d34cf8

defaultRegistry = "gcr.io/kpt-fn/"

I recommended not to touch that in this PR, but handle it in a future, unrelated PR. The rationale behind that is the following:

in my understanding that constant is used to determine if special auth parameters and/or a special TLS ca.crt should be used for a registry or not. That means this constant shouldn't be set to the default registry passed as a command line argument, because it can be a private repository. Instead we should allow specifying which custom ca.crt should be used for which registry, but that is out-of-scope of this bugfix. @Catalin-Stratulat-Ericsson could you verify that?

[Catalin-Stratulat-Ericsson]

Just a quick note: we are aware of this constant in the podevaluator:

porch/func/internal/podevaluator.go

Line 65 in 6d34cf8

defaultRegistry = "gcr.io/kpt-fn/"

I recommended not to touch that in this PR, but handle it in a future, unrelated PR. The rationale behind that is the following:

in my understanding that constant is used to determine if special auth parameters and/or a special TLS ca.crt should be used for a registry or not. That means this constant shouldn't be set to the default registry passed as a command line argument, because it can be a private repository. Instead we should allow specifying which custom ca.crt should be used for which registry, but that is out-of-scope of this bugfix. @Catalin-Stratulat-Ericsson could you verify that?

Yes @kispaljr it is as you described.

• The purpose of that variable is to denote the main registry for storing kpt fn images by the project, and this is currently in GCR.
• It assumed that this "default" registry location is expected to (have no authentication e.g. no psw or token). and have TLS covered under the "well known websites" certificates which are used by default in the grane/auth module's DefaultKeychain() function.
• Simply speaking the "default" registry images are exempt from the logic flow of if "private registries are enabled" and/or "Custom TLS for registries are enabled" the default registry images are exempt from using the default logic flow (default logic in this context being use docker config given for auth & use TLS secret given for TLS).
• It is important to note however that the "gcr.io/kpt-fn/" may not be the default location for our images for much longer and this variable would need to change regardless to accommodate This.

[kispaljr]

/lgtm