feat: add a TaskRun to build a function runtime image

[lance]

DO NOT MERGE

Update 22-08-2019

The build is defined as a tekton Task with the following steps.

• Step 1 - copy-source
  • Mount a Volume for the ConfigMap containing the user's index.js and package.json at /fn-source
  • Mount a Volume that is an emptyDir at /home/node/usr
  • Copy /fn-source/index.js and /fn-source/package.json to /home/node/usr
• Step 2 - generate
  • Mount the copied source Volume at /home/node/usr
  • Mount an emptyDir Volume at /home/node/build
  • Run an s2i build to generate a Dockerfile at /home/node/build
• *Step 3 - build
  • Mount /home/node/usr, /home/node/build and another emptyDir Volume at /var/lib/containers
  • Use buildah to generate a container image using the Dockerfile generated in the previous step
• Step 4 - push
  • Mount /var/lib/containers and use buildah to push the image to the internal repository.

The operator, meanwhile, creates a knative Service which uses the resulting image pushed to the internal repository in the final build step.

All of this mostly works. However there seems to be a problem with the s2i build step wherein dependencies added to the /home/node/usr directory during the assemble phase do not appear in the resulting runtime image. At this point, I am a bit stumped. I have shared this with @bbrowning on Slack, and he is also unsure about what might be happening with the image. I have confirmed that the image being run for the Service is the same sha as the one being generated in the build.

This is now working as expected. @openshift-cloud-functions/contributors please have a look.

Original text

This is a work in progress. Currently, when deploying a function the TaskRun is created as expected, but does not succeed, generating this error:

status:
  conditions:
    - lastTransitionTime: '2019-08-20T22:03:39Z'
      message: >-
        Missing or invalid Task js-faas/js-function-build-runtime: pods
        "testfunc-build-pod-459eed" is forbidden: unable to validate against any
        security context constraint:
        [spec.containers[0].securityContext.privileged: Invalid value: true:
        Privileged containers are not allowed
        spec.containers[2].securityContext.privileged: Invalid value: true:
        Privileged containers are not allowed
        spec.containers[4].securityContext.privileged: Invalid value: true:
        Privileged containers are not allowed]
      reason: CouldntGetTask
      status: 'False'
      type: Succeeded

Fixes: #10

[zroubalik]

LGTM. We might want to install (create) the Task automatically by the operator?

[lance]

@zroubalik thanks for the review. I opened an issue to create the Task when the operator is installed.