This short tutorial shows how to use Tekton to define and run a Service and an Environment Pipeline.
Tekton is a non-opinionated Pipeline Engine built for the Cloud (specifically for Kubernetes). You can build any kind of pipelines that you want as the engine doesn't impose any restrictions on the kind of Tasks that it can execute. This makes it perfect for building Service Pipelines where you might need to have special requirements that cannot be met by a managed service.
The Service Pipeline for this example is configured to build the Conference Application Frontend but as you can see in the Service Pipeline definition you can parameterize the pipeline run to build other services.
The Environment Pipeline definition shows a simple example on how you can use Helm to sync the contents of a repository to a namespace in a Kubernetes Cluster. While this is doable with Tekton, there are other more specialized tools like ArgoCD which do a more complete set of tasks on the continuous deployment space by applying a GitOps approach. You can find a tutorial with ArgoCD here.
Follow the next steps in order to install and setup Tekton in your Kubernetes Cluster.
- Install Tekton Pipelines
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.45.0/release.yaml
- Install Tekton Dashboard (optional)
kubectl apply -f kubectl apply -f https://github.com/tektoncd/dashboard/releases/download/v0.33.0/release.yaml
You can access the dashboard by port-forwarding using kubectl:
kubectl port-forward svc/tekton-dashboard -n tekton-pipelines 9097:9097
Then you can access pointing your browser to http://localhost:9097
- Install Tekton CLI (optional):
You can also install Tekton tkn CLI tool
The Tekton pipeline definition uses Tekton Bundles which needs to
be enabled in the config. The feature-flags config map in the tekton-pipelines namespace
should look like:
kubectl edit cm -n tekton-pipelines feature-flags
apiVersion: v1
data:
enable-api-fields: stable
disable-affinity-assistant: "false"
disable-creds-init: "false"
disable-home-env-overwrite: "true"
disable-working-directory-overwrite: "true"
enable-custom-tasks: "false"
enable-tekton-oci-bundles: "true" # <-------
require-git-ssh-secret-known-hosts: "false"
running-in-environment-with-injected-sidecars: "true"
kind: ConfigMap
(...)Check the official documentation for more information.
If the pipeline is going to push docker images to DockerHub you need the following steps:
Create Docker Hub secret:
kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=DOCKER_USERNAME --docker-password=DOCKER_PASSWORD --docker-email DOCKER_EMAIL
To create this, in my Mac OSX laptop I need to access the Keychain Access app and then look at my Docker Credentials. This are generated when doing docker login. The DOCKER_PASSWORD is this hash, instead of my textual password for Docker Hub.
Then apply all the RBAC configurations and the pipelines:
kubectl apply -f tekton/resources/
The Service Pipeline definition described in resources/service-pipeline.yaml implements the following tasks:
The objective of this Service Pipeline is to clone the source code in the main branch of the GitHub repository where the Frontend Service is stored and produce a container image that can be deployed into a Kubernetes cluster.
**Notice that the Frontend Service is a Java/Maven application with a NodeJS React Frontend, so the pipeline will take quite a while downloading dependencies. **
You can start this Service Pipeline by running the following command:
tkn pipeline start frontend-service-pipeline -s dockerconfig -w name=sources,volumeClaimTemplateFile=workspace-template.yaml -w name=dockerconfig,secret=regcred -w name=maven-settings,emptyDir=
Alternatively, you can apply the service-pipeline-run.yaml resource into your cluster to create a PipelineRun in the same way that tkn is creating one.
kubectl apply -f service-pipeline-run.yaml
The environment pipeline definition described in resources/envionment-pipeline.yaml implements the following tasks:
The objective of this Environment Pipeline is to deploy the conference application services into the Staging Environment (represented as a Kubernetes namespace) by applying the configuration located in this repository https://github.com/salaboy/fmtok8s-staging-env to the cluster.
You can start this Environment Pipeline by running the following command:
tkn pipeline start staging-environment-pipeline -w name=sources,volumeClaimTemplateFile=workspace-template.yaml -s gitops
Alternatively, you can apply the env-pipeline-run.yaml resource into your cluster to create a PipelineRun in the same way that tkn is creating one.
kubectl apply -f env-pipeline-run.yaml
The environment pipeline is using helmfile to describe the stating environment.
As mentioned before, while this is doable with Tekton, there are other more specialized tools like ArgoCD which do a more complete set of tasks on the continuous deployment space by applying a GitOps approach. You can find a tutorial with ArgoCD here.
- Why JX uses Helmfile?