Tekton is an open-source CI/CD system platform implementation running on k8s. There are two Tekton
maintained by the CNB project, both of which use the lifecycle directly (i.e. they do not use
task→ This task, which we recommend using, calls the
creatorbinary of the lifecycle to construct, and optionally publish, a runnable image.
task→ This task calls the individual lifecycle binaries, to run each phase in a separate container.
NOTE: Prior to installing
Tekton, we recommend reviewing the basic Tekton concepts in the documentation.
Before we get started, make sure you’ve got the following installed:Install kubectl
To start, set up
Tekton, using the Tekton documentation.
We also recommend using the
Tekton dashboard. To install it, follow the steps in the dashboard docs, and
start the dashboard server.
Install the latest version of the buildpacks task (currently
0.3), by running:
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildpacks/0.3/buildpacks.yaml
pipeline, we will use the
git-clone task to clone a repository. Install the latest version (currently
0.4), by running:
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.4/git-clone.yaml
In order to set up our pipeline, we will need to define a few things:
Pipelinedefines a series of
Tasksthat accomplish a specific build or delivery goal. The
Pipelinecan be triggered by an event or invoked from a
PipelineResourcedefines locations for inputs ingested and outputs produced by the steps in
PersistentVolumeClaim(a general Kubernetes concept, generally shortened to PVC) is a request for storage by a user.
Create a file
resources.yml that defines a
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: buildpacks-source-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 500Mi
NOTE: You don’t need to use authorization if you are pushing to a local registry. However, if you are pushing to a remote registry (e.g.
GCR), you need to add authorization
Secret containing username and password that the build should use to authenticate to the container registry.
kubectl create secret docker-registry docker-user-pass \ --docker-username=<USERNAME> \ --docker-password=<PASSWORD> \ --docker-server=<LINK TO REGISTRY, e.g. https://index.docker.io/v1/ > \ --namespace default
Create a file
sa.yml that defines a
ServiceAccount that uses the newly created secret:
apiVersion: v1 kind: ServiceAccount metadata: name: buildpacks-service-account secrets: - name: docker-user-pass
Create a file
pipeline.yml that defines the
Pipeline, and relevant resources:
apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: buildpacks-test-pipeline spec: params: - name: image type: string description: image URL to push workspaces: - name: source-workspace # Directory where application source is located. (REQUIRED) - name: cache-workspace # Directory where cache is stored (OPTIONAL) tasks: - name: fetch-repository # This task fetches a repository from github, using the `git-clone` task you installed taskRef: name: git-clone workspaces: - name: output workspace: source-workspace params: - name: url value: https://github.com/buildpacks/samples - name: subdirectory value: "" - name: deleteExisting value: "true" - name: buildpacks # This task uses the `buildpacks` task to build the application taskRef: name: buildpacks runAfter: - fetch-repository workspaces: - name: source workspace: source-workspace - name: cache workspace: cache-workspace params: - name: APP_IMAGE value: "$(params.image)" - name: SOURCE_SUBPATH value: "apps/java-maven" # This is the path within the samples repo you want to build (OPTIONAL, default: "") - name: BUILDER_IMAGE value: paketobuildpacks/builder:base # This is the builder we want the task to use (REQUIRED) - name: display-results runAfter: - buildpacks taskSpec: steps: - name: print image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6 script: | #!/usr/bin/env bash set -e echo "Digest of created app image: $(params.DIGEST)" params: - name: DIGEST params: - name: DIGEST value: $(tasks.buildpacks.results.APP_IMAGE_DIGEST)
Apply these configurations, using
kubectl apply -f resources.yml -f sa.yml -f pipeline.yml
Create a file
run.yml, which defines the
apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: name: buildpacks-test-pipeline-run spec: serviceAccountName: buildpacks-service-account # Only needed if you set up authorization pipelineRef: name: buildpacks-test-pipeline workspaces: - name: source-workspace subPath: source persistentVolumeClaim: claimName: buildpacks-source-pvc - name: cache-workspace subPath: cache persistentVolumeClaim: claimName: buildpacks-source-pvc params: - name: image value: <REGISTRY/IMAGE NAME, eg gcr.io/test/image > # This defines the name of output image
Make sure to replace
<REGISTRY/IMAGE NAME>with your image path.
Apply it with:
kubectl apply -f run.yml
Look at the
PipelineRun logs by running
kubectl describe pipelinerun buildpacks-test-pipeline-run
or by using the Tekton Dashboard.
Once the application is successfully built, you can pull it and run it by running:
docker pull some-output-image
To clean up, run:
kubectl delete taskrun --all kubectl delete pvc --all kubectl delete pv --all
The Buildpacks tasks can be accessed at:
Some general resources for Tekton are: