kpt fn run should support running containerized fns on K8s without docker

[jlewi]

Is your feature request related to a problem? Please describe.

I would like to use kpt fn run inside CI/CD pipelines that run in a cluster. kpt fn run currently relies on shelling out to docker. As a result, when running in cluster one needs to run docker in docker as illustrated by the tekton example.

My understanding is that mounting the docker socket into a container creates security concerns and is generally not best practice.

Describe the solution you'd like

I'd like kpt fn run to support launching containerized fns on a cluster (e.g. by creating a Pod) without requiring docker. Ideally the experience would be similar to skaffold build in that kpt would start the pod, upload the YAMLs to be processed (e.g. output of kpt fn source) and then download the resulting output.

Describe alternatives you've considered

My current solution is to build my own binary for running my custom kpt functions which links in my functions so I don't need to run containerized.

I've also considered running docker in docker as described in the kpt docs https://googlecontainertools.github.io/kpt/guides/consumer/function/export/tekton/

Originally filed as kubernetes-sigs/kustomize#3958

[bgrant0607]

See also #2469 and #2567

[bygui86]

hi guys, what's the status of this feature?