Add container template configuration to Task

docs/tasks.md

@@ -22,6 +22,7 @@ entire Kubernetes cluster.
   - [Outputs](#outputs)
   - [Controlling where resources are mounted](#controlling-where-resources-are-mounted)
   - [Volumes](#volumes)
+  - [Container Template](#container-template)
   - [Templating](#templating)
 - [Examples](#examples)
 
@@ -72,7 +73,9 @@ following fields:
   - [`outputs`](#outputs) - Specifies [`PipelineResources`](resources.md) needed
     by your `Task`
   - [`volumes`](#volumes) - Specifies one or more volumes that you want to make
-    available to your build.
+    available to your `Task`'s steps.
+  - [`containerTemplate`](#container-template) - Specifies a `Container` 
+    definition to use as the basis for all steps within your `Task`.
 
 [kubernetes-overview]:
   https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields
@@ -322,6 +325,36 @@ For example, use volumes to accomplish one of the following common tasks:
   unsafe_. Use [kaniko](https://github.com/GoogleContainerTools/kaniko) instead.
   This is used only for the purposes of demonstration.
 
+### Container Template
+
+Specifies a [`Container`](https://kubernetes.io/docs/concepts/containers/)
+configuration that will be used as the basis for all [`steps`](#steps) in your
+`Task`. Configuration in an individual step will override or merge with the
+container template's configuration.
+
+In the example below, the `Task` specifies a `containerTemplate` with the 
+environment variable `FOO` set to `bar`. The first step will use that value for
+`FOO`, but in the second step, `FOO` is overridden and set to `baz`.
+
+```yaml
+containerTemplate:
+  env:
+    - name: "FOO"
+      value: "bar"
+steps:
+  - image: ubuntu
+    command: [echo]
+    args:
+      ["FOO is ${FOO}"]
+  - image: ubuntu
+    command: [echo]
+    args:
+      ["FOO is ${FOO}"]
+    env:
+      - name: "FOO"
+        value: "baz"
+```
+
 ### Templating
 
 `Tasks` support templating using values from all [`inputs`](#inputs) and

pkg/apis/pipeline/v1alpha1/task_types.go

@@ -49,6 +49,10 @@ type TaskSpec struct {
 	// Volumes is a collection of volumes that are available to mount into the
 	// steps of the build.
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
+
+	// ContainerTemplate can be used as the basis for all step containers within the
+	// Task, so that the steps inherit settings on the base container.
+	ContainerTemplate *corev1.Container `json:"containerTemplate,omitempty"`
 }
 
 // Check that Task may be validated and defaulted.

pkg/merge/merge.go

@@ -0,0 +1,84 @@
+/*
+ Copyright 2019 Knative Authors LLC
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+     http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package merge
+
+import (
+	"encoding/json"
+	"k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/strategicpatch"
+)
+
+// CombineStepsWithContainerTemplate takes a possibly nil container template and a list of step containers, merging each
+// of the step containers onto the container template, if it's not nil, and returning the resulting list.
+func CombineStepsWithContainerTemplate(template *v1.Container, steps []v1.Container) ([]v1.Container, error) {
+	if template == nil {
+		return steps, nil
+	}
+
+	// We need JSON bytes to generate a patch to merge the step containers onto the template container, so marshal the template.
+	templateAsJSON, err := json.Marshal(template)
+	if err != nil {
+		return nil, err
+	}
+	// We need to do a three-way merge to actually combine the template and step containers, so we need an empty container
+	// as the "original"
+	emptyAsJSON, err := json.Marshal(&v1.Container{})
+	if err != nil {
+		return nil, err
+	}
+
+	for i, s := range steps {
+		// Marshal the step to JSON
+		stepAsJSON, err := json.Marshal(s)
+		if err != nil {
+			return nil, err
+		}
+
+		// Get the patch meta for Container, which is needed for generating and applying the merge patch.
+		patchSchema, err := strategicpatch.NewPatchMetaFromStruct(template)
+
+		if err != nil {
+			return nil, err
+		}
+
+		// Create a merge patch, with the empty JSON as the original, the step JSON as the modified, and the template
+		// JSON as the current - this lets us do a deep merge of the template and step containers, with awareness of
+		// the "patchMerge" tags.
+		patch, err := strategicpatch.CreateThreeWayMergePatch(emptyAsJSON, stepAsJSON, templateAsJSON, patchSchema, true)
+		if err != nil {
+			return nil, err
+		}
+
+		// Actually apply the merge patch to the template JSON.
+		mergedAsJSON, err := strategicpatch.StrategicMergePatchUsingLookupPatchMeta(templateAsJSON, patch, patchSchema)
+		if err != nil {
+			return nil, err
+		}
+
+		// Unmarshal the merged JSON to a Container pointer, and return it.
+		merged := &v1.Container{}
+		err = json.Unmarshal(mergedAsJSON, merged)
+		if err != nil {
+			return nil, err
+		}
+
+		// If the container's args is nil, reset it to empty instead
+		if merged.Args == nil && s.Args != nil {
+			merged.Args = []string{}
+		}
+
+		steps[i] = *merged
+	}
+	return steps, nil
+}

pkg/merge/merge_test.go

@@ -0,0 +1,118 @@
+/*
+ Copyright 2019 Knative Authors LLC
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+     http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package merge
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+)
+
+func TestCombineStepsWithContainerTemplate(t *testing.T) {
+	resourceQuantityCmp := cmp.Comparer(func(x, y resource.Quantity) bool {
+		return x.Cmp(y) == 0
+	})
+
+	for _, tc := range []struct {
+		name     string
+		template *corev1.Container
+		steps    []corev1.Container
+		expected []corev1.Container
+	}{{
+		name:     "nil-template",
+		template: nil,
+		steps: []corev1.Container{{
+			Image: "some-image",
+		}},
+		expected: []corev1.Container{{
+			Image: "some-image",
+		}},
+	}, {
+		name: "not-overlapping",
+		template: &corev1.Container{
+			Command: []string{"/somecmd"},
+		},
+		steps: []corev1.Container{{
+			Image: "some-image",
+		}},
+		expected: []corev1.Container{{
+			Command: []string{"/somecmd"},
+			Image:   "some-image",
+		}},
+	}, {
+		name: "overwriting-one-field",
+		template: &corev1.Container{
+			Image:   "some-image",
+			Command: []string{"/somecmd"},
+		},
+		steps: []corev1.Container{{
+			Image: "some-other-image",
+		}},
+		expected: []corev1.Container{{
+			Command: []string{"/somecmd"},
+			Image:   "some-other-image",
+		}},
+	}, {
+		name: "merge-and-overwrite-slice",
+		template: &corev1.Container{
+			Env: []corev1.EnvVar{
+				{
+					Name:  "KEEP_THIS",
+					Value: "A_VALUE",
+				}, {
+					Name:  "SOME_KEY",
+					Value: "ORIGINAL_VALUE",
+				},
+			},
+		},
+		steps: []corev1.Container{{
+			Env: []corev1.EnvVar{
+				{
+					Name:  "NEW_KEY",
+					Value: "A_VALUE",
+				}, {
+					Name:  "SOME_KEY",
+					Value: "NEW_VALUE",
+				},
+			},
+		}},
+		expected: []corev1.Container{{
+			Env: []corev1.EnvVar{
+				{
+					Name:  "NEW_KEY",
+					Value: "A_VALUE",
+				}, {
+					Name:  "KEEP_THIS",
+					Value: "A_VALUE",
+				}, {
+					Name:  "SOME_KEY",
+					Value: "NEW_VALUE",
+				},
+			},
+		}},
+	}} {
+		t.Run(tc.name, func(t *testing.T) {
+			result, err := CombineStepsWithContainerTemplate(tc.template, tc.steps)
+			if err != nil {
+				t.Errorf("expected no error. Got error %v", err)
+			}
+
+			if d := cmp.Diff(tc.expected, result, resourceQuantityCmp); d != "" {
+				t.Errorf("Combined steps don't match, diff: %s", d)
+			}
+		})
+	}
+}

pkg/reconciler/v1alpha1/taskrun/resources/pod.go

@@ -39,6 +39,7 @@ import (
 	"github.com/tektoncd/pipeline/pkg/credentials"
 	"github.com/tektoncd/pipeline/pkg/credentials/dockercreds"
 	"github.com/tektoncd/pipeline/pkg/credentials/gitcreds"
+	"github.com/tektoncd/pipeline/pkg/merge"
 	"github.com/tektoncd/pipeline/pkg/names"
 	"github.com/tektoncd/pipeline/pkg/reconciler/v1alpha1/taskrun/entrypoint"
 )
@@ -174,13 +175,13 @@ func MakePod(taskRun *v1alpha1.TaskRun, taskSpec v1alpha1.TaskSpec, kubeclient k
 	if err != nil {
 		return nil, err
 	}
-
 	initContainers := []corev1.Container{*cred}
 	podContainers := []corev1.Container{}
 
 	maxIndicesByResource := findMaxResourceRequest(taskSpec.Steps, corev1.ResourceCPU, corev1.ResourceMemory, corev1.ResourceEphemeralStorage)
 
-	for i, step := range taskSpec.Steps {
+	for i := range taskSpec.Steps {
+		step := &taskSpec.Steps[i]
 		step.Env = append(implicitEnvVars, step.Env...)
 		// TODO(mattmoor): Check that volumeMounts match volumes.
 
@@ -206,10 +207,10 @@ func MakePod(taskRun *v1alpha1.TaskRun, taskSpec v1alpha1.TaskSpec, kubeclient k
 		}
 		// use the step name to add the entrypoint biary as an init container
 		if step.Name == names.SimpleNameGenerator.RestrictLength(fmt.Sprintf("%v%v", containerPrefix, entrypoint.InitContainerName)) {
-			initContainers = append(initContainers, step)
+			initContainers = append(initContainers, *step)
 		} else {
-			zeroNonMaxResourceRequests(&step, i, maxIndicesByResource)
-			podContainers = append(podContainers, step)
+			zeroNonMaxResourceRequests(step, i, maxIndicesByResource)
+			podContainers = append(podContainers, *step)
 		}
 	}
 	// Add our implicit volumes and any volumes needed for secrets to the explicitly
@@ -231,6 +232,15 @@ func MakePod(taskRun *v1alpha1.TaskRun, taskSpec v1alpha1.TaskSpec, kubeclient k
 	entrypoint.RedirectStep(cache, len(podContainers), nopContainer, kubeclient, taskRun, logger)
 	podContainers = append(podContainers, *nopContainer)
 
+	mergedInitContainers, err := merge.CombineStepsWithContainerTemplate(taskSpec.ContainerTemplate, initContainers)
+	if err != nil {
+		return nil, err
+	}
+	mergedPodContainers, err := merge.CombineStepsWithContainerTemplate(taskSpec.ContainerTemplate, podContainers)
+	if err != nil {
+		return nil, err
+	}
+
 	return &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			// We execute the build's pod in the same namespace as where the build was
@@ -249,10 +259,9 @@ func MakePod(taskRun *v1alpha1.TaskRun, taskSpec v1alpha1.TaskSpec, kubeclient k
 			Labels:      makeLabels(taskRun),
 		},
 		Spec: corev1.PodSpec{
-			// If the build fails, don't restart it.
 			RestartPolicy:      corev1.RestartPolicyNever,
-			InitContainers:     initContainers,
-			Containers:         podContainers,
+			InitContainers:     mergedInitContainers,
+			Containers:         mergedPodContainers,
 			ServiceAccountName: taskRun.Spec.ServiceAccount,
 			Volumes:            volumes,
 			NodeSelector:       taskRun.Spec.NodeSelector,