Tekton is an open-source CI/CD system running on k8s.

The CNB project has created two reference “tasks” for performing buildpacks builds, both of which use the lifecycle directly (i.e. they do not use pack).

They are:

  1. buildpacks task → This task, which we recommend using, calls the creator binary of the lifecycle to construct, and optionally publish, a runnable image.
  2. buildpacks-phases task → This task calls the individual lifecycle binaries, to run each phase in a separate container.

Set Up

NOTE: Prior to installing Tekton, we recommend reviewing the basic Tekton concepts in the documentation.


Before we get started, make sure you’ve got the following installed:

Install kubectl

1. Install Tekton and Tekton Dashboard

To start, set up Tekton, using the Tekton documentation.

We also recommend using the Tekton dashboard. To install it, follow the steps in the dashboard docs, and start the dashboard server.

2. Install the Buildpacks Task

Install the latest version of the buildpacks task (currently 0.3), by running:

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildpacks/0.3/buildpacks.yaml

3. Install git-clone Task

For our pipeline, we will use the git-clone task to clone a repository. Install the latest version (currently 0.4), by running:

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.4/git-clone.yaml

4. Define and Apply Tekton Pipeline Resources

In order to set up our pipeline, we will need to define a few things:

  • Pipeline → A Pipeline defines a series of Tasks that accomplish a specific build or delivery goal. The Pipeline can be triggered by an event or invoked from a PipelineRun.
  • PipelineResource → A PipelineResource defines locations for inputs ingested and outputs produced by the steps in Tasks.
  • PersistentVolumeClaim → A PersistentVolumeClaim (a general Kubernetes concept, generally shortened to PVC) is a request for storage by a user.

4.1 PVCs

Create a file resources.yml that defines a PersistentVolumeClaim:

apiVersion: v1
kind: PersistentVolumeClaim
  name: buildpacks-source-pvc
    - ReadWriteOnce
      storage: 500Mi

4.2 Authorization

NOTE: You don’t need to use authorization if you are pushing to a local registry. However, if you are pushing to a remote registry (e.g. DockerHub, GCR), you need to add authorization

Create a Secret containing username and password that the build should use to authenticate to the container registry.

kubectl create secret docker-registry docker-user-pass \
    --docker-username=<USERNAME> \
    --docker-password=<PASSWORD> \
    --docker-server=<LINK TO REGISTRY, e.g. https://index.docker.io/v1/ > \
    --namespace default

Create a file sa.yml that defines a ServiceAccount that uses the newly created secret:

apiVersion: v1
kind: ServiceAccount
  name: buildpacks-service-account
  - name: docker-user-pass

4.3 Pipeline

Create a file pipeline.yml that defines the Pipeline, and relevant resources:

apiVersion: tekton.dev/v1beta1
kind: Pipeline
  name: buildpacks-test-pipeline
    - name: image
      type: string
      description: image URL to push
    - name: source-workspace # Directory where application source is located. (REQUIRED)
    - name: cache-workspace # Directory where cache is stored (OPTIONAL)
    - name: fetch-repository # This task fetches a repository from github, using the `git-clone` task you installed
        name: git-clone
        - name: output
          workspace: source-workspace
        - name: url
          value: https://github.com/buildpacks/samples
        - name: subdirectory
          value: ""
        - name: deleteExisting
          value: "true"
    - name: buildpacks # This task uses the `buildpacks` task to build the application
        name: buildpacks
        - fetch-repository
        - name: source
          workspace: source-workspace
        - name: cache
          workspace: cache-workspace
        - name: APP_IMAGE
          value: "$(params.image)"
        - name: SOURCE_SUBPATH
          value: "apps/java-maven" # This is the path within the samples repo you want to build (OPTIONAL, default: "")
        - name: BUILDER_IMAGE
          value: paketobuildpacks/builder:base # This is the builder we want the task to use (REQUIRED)
    - name: display-results
        - buildpacks
          - name: print
            image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6
            script: |
              #!/usr/bin/env bash
              set -e
              echo "Digest of created app image: $(params.DIGEST)"              
          - name: DIGEST
        - name: DIGEST
          value: $(tasks.buildpacks.results.APP_IMAGE_DIGEST)

4.4 Apply Configuration

Apply these configurations, using kubectl:

kubectl apply -f resources.yml -f sa.yml -f pipeline.yml

5. Create & Apply PipelineRun

Create a file run.yml, which defines the PipelineRun:

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
  name: buildpacks-test-pipeline-run
  serviceAccountName: buildpacks-service-account # Only needed if you set up authorization
    name: buildpacks-test-pipeline
    - name: source-workspace
      subPath: source
        claimName: buildpacks-source-pvc
    - name: cache-workspace
      subPath: cache
        claimName: buildpacks-source-pvc
    - name: image
      value: <REGISTRY/IMAGE NAME, eg gcr.io/test/image > # This defines the name of output image

Make sure to replace <REGISTRY/IMAGE NAME> with your image path.

Apply it with:

kubectl apply -f run.yml

6. See it Build

Look at the PipelineRun logs by running

kubectl describe pipelinerun buildpacks-test-pipeline-run

or by using the Tekton Dashboard.

Once the application is successfully built, you can pull it and run it by running:

docker pull some-output-image

7. Cleanup (Optional)

To clean up, run:

kubectl delete taskrun --all
kubectl delete pvc --all
kubectl delete pv --all


The Buildpacks tasks can be accessed at:

Some general resources for Tekton are: