Tekton: Build Simple Build Pipeline using Kubernetes Native CI/CD Tools

8grams
5 min readNov 10, 2023

--

Introduction

Tekton is an open-source project that provides Kubernetes-style resources for declaring CI/CD-style pipelines. It’s a flexible framework that can be integrated into existing Kubernetes environments, extending their functionality by incorporating robust CI/CD capabilities.

What sets Tekton apart is its highly modular and scalable design. Pipelines are defined as a collection of tasks, which are made up of steps — each running in its own container. This granular approach provides tremendous flexibility, making Tekton an attractive solution for diverse CI/CD use cases.

If you want to know more about Tekton, check this article from us below:

In this article, we’ll establish a basic build pipeline using Tekton. The pipeline will adhere to the following requirements:

  • We’ll use GitHub as our code repository. For this example, the code is hosted at https://github.com/8grams/caddy-example.
  • An image will be built from the code on each push event, which includes commits and tag pushes.
  • Pushes to the develop branch will trigger the creation of an image tagged as ‘latest’.
  • Pushing a tag will lead to the creation of an image with the corresponding tag name.
  • The container image will be pushed to Docker Hub at https://hub.docker.com/8grams/caddy-example.
  • Tekton will send notifications to Discord using Discord Webhooks, which can be substituted with Slack Webhooks if preferred.

Let’s get started!

Preparation

We will need some preparations such as:

  • Create a repository on GitHub. For this example, we’ll use https://github.com/8grams/caddy-example. Push your code commits to this repository.
  • Set up a webhook on GitHub. This webhook will trigger the Tekton pipeline. To create a webhook, navigate to your organization’s settings, then select ‘Webhooks’ Remember to fill in the ‘Webhook Secret’ for security purposes.
  • Tekton requires a public endpoint to receive the webhook. It’s highly recommended to secure this with SSL. You can refer to these articles on how to set up Nginx Ingress and protect it with a free SSL Certificate from Let’s Encrypt:

Install Tekton

Check it out our Tekton basic configuration on https://github.com/8grams/tekton-k8s-example

Download Tekton Config

~$ git clone git@github.com:8grams/tekton-k8s-example.git

Prepare some Namespaces to place Tekton’s workload:

~$ kubectl create namespace tekton
~$ kubectl create namespace tekton-pipelines
~$ kubectl create namespace tekton-pipelines-resolvers
~$ kubectl create namespace tekton-dashboard

Install some Tekton Tasks that we need to build Docker Image from GitHub: git-clone, kaniko, and send-to-webhook-discord.

~$ tkn hub install task kaniko --namespace=tekton
~$ tkn hub install task git-clone
~$ tkn hub install task send-to-webhook-discord --namespace=tekton
~$ kubectl -n tekton apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/curl/0.1/raw

To getting started with Kaniko, check this article below:

Installing Tekton Resources

Install Tekton Operators resources

~$ cd operator
~$ kubectl apply -f interceptors.yaml
~$ kubectl apply -f pipeline.yaml
~$ kubectl apply -f trigger.yaml

Install RBAC Resources

~$ cd webhook/rbac
~$ kubectl -n tekton apply -f admin-role.yaml
~$ kubectl -n tekton apply -f clusterrolebinding.yaml
~$ kubectl -n tekton apply -f webhook-role.yaml

Next, install GitHub Secrets so that Tekton can access our source code. Although we are using a public repository in this example, installing GitHub Secrets is essential for accessing private repositories.

~$ cd webhook/secrets
~$ kubectl -n tekton apply -f github-secret.yaml

Optionally, you may also install a Registry Secret if you plan to use a private Container Registry.

~$ kubectl -n tekton apply -f registry-secret.yaml

Handle Code Commit Push

To manage Commit Pushes, we first need an endpoint to act as a receiver for the webhook. To fulfill this requirement, we will install Nginx Ingress:

~$ cd webhook
~$ kubectl -n tekton apply -f ingress.yaml

And then we can install Tekton Trigger and Pipeline

~$ cd webhook/events/push
~$ kubectl -n tekton apply -f pipeline.yaml
~$ kubectl -n tekton apply -f triggers.yaml

Handle Tag Push

GitHub essentially treats a tag push similarly to a commit push. Therefore, the steps are the same: we will install Tekton Triggers and Pipelines to handle the webhooks.

~$ cd webhook/events/manual
~$ kubectl -n tekton apply -f pipeline.yaml
~$ kubectl -n tekton apply -f triggers.yaml

Install Tekton Dashboard

The Tekton Dashboard makes it easy to monitor build progress, identify failed pipelines, and much more. It provides a user-friendly interface for various purposes.

~$ cd dashboard
~$ kubectl -n tekton-dashboard apply -f deployment.yaml
~$ kubectl -n tekton-dashboard apply -f ingress.yaml

You can check this dashboard on https://tekton-dashboard.example.com . You should see an interface like below

Check Installation

If all installations success, we should see deployments installed properly on our Kubernetes Cluster

~$ kubectl -n tekton get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
el-8grams-listener-tag 1/1 1 1 10m
el-8grams-listener 1/1 1 1 10m


~$ kubectl -n tekton-pipelines get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
tekton-triggers-core-interceptors 1/1 1 1 15m
tekton-triggers-controller 1/1 1 1 15m
tekton-pipelines-webhook 1/1 1 1 15m
tekton-triggers-webhook 1/1 1 1 15m
tekton-pipelines-controller 1/1 1 1 15m


~$ kubectl -n tekton-pipelines-resolvers get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
tekton-pipelines-remote-resolvers 1/1 1 1 15m


~$ kubectl -n tekton-dashboard get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
tekton-dashboard 1/1 1 1 16m

Testing

All set! You can now push a commit to the code repository and then open the Tekton Dashboard. When you navigate to the ‘Pipelines’ menu, you’ll see a Tekton Pipeline actively building a Docker Image for you! Wait until it completes the build process, at which point it will send a notification to Discord.

Congratulations ~ you now have an open-source, reliable, and scalable build pipeline platform installed on your Kubernetes cluster.

--

--

8grams

We are a DevOps Consulting Firm with a mission to empower businesses with modern DevOps practices and technologies