func icon indicating copy to clipboard operation
func copied to clipboard
verified publisher icon knative

Volume Mounts for Local Runs

Open lkingland opened this issue 5 months ago • 2 comments

Currently, runtime volumes defined in func.yaml are ignored when running functions locally with func run.

We should update pkg/docker/runner.go -> newHostConfig() to configure volumes in addition to the ports it currently defines.

  1. ConfigMap → Local .func/run/configmaps/<name> directory
  2. Secret → Local .func/run/secrets/<name> directory
  3. EmptyDir → Docker tmpfs or anonymous volume
  4. PersistentVolumeClaim → Named Docker volume or local directory

Additionally, we could consider adding a new volume type specifically for local development:

volumes:
  - hostPath: /local/path
    path: /container/path

Implementation Notes:

There should be warnings when defined resources are note available locally, but not fail.

Should disallow mapping of directories outside of .func for security (example risk: user downloads a malicious function, runs it locally, accessing sensitive areas of the FS and exfiltrating via the funciton source implementation)

Current Workarounds

  1. Use the "host" builder (loses container isolation)
  2. Run func build then manually docker run -v local:container image
  3. Deploy to a test cluster for volume testing

lkingland avatar Jul 22 '25 02:07 lkingland

This issue is stale because it has been open for 90 days with no activity. It will automatically close after 30 more days of inactivity. Reopen the issue with /reopen. Mark the issue as fresh by adding the comment /remove-lifecycle stale.

github-actions[bot] avatar Oct 21 '25 01:10 github-actions[bot]

/assign

intojhanurag avatar Oct 23 '25 19:10 intojhanurag

/unassign

intojhanurag avatar Nov 29 '25 10:11 intojhanurag