Kategorien
Allgemein

Tekton pipelines

Tekton is an open-source cloud native CI/CD (Continuous Integration and Continuous Delivery/Deployment) solution.

https://tekton.dev/docs/getting-started/

Lets see what tekton can do for creating CI/CD pipelines. (I have yet to find a good comparison of tekton and, say, gitlab CI…)

First, we need a simple k8s cluster to install tekton. For this example, I am using k8s built into Docker Desktop, conveniently running on my MacPro.

After starting Docker Desktop with kubernetes enabled, I can set my context to this cluster and install tekton:

alias k=kubectl; k config set-context docker-desktop
chrisp sandorm$ k get ns
NAME              STATUS   AGE
default           Active   13d
kube-node-lease   Active   13d
kube-public       Active   13d
kube-system       Active   13d

chrisp:Chor sandorm$ k apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
namespace/tekton-pipelines created
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access created
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access created
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access created
role.rbac.authorization.k8s.io/tekton-pipelines-controller created
role.rbac.authorization.k8s.io/tekton-pipelines-webhook created
role.rbac.authorization.k8s.io/tekton-pipelines-leader-election created
role.rbac.authorization.k8s.io/tekton-pipelines-info created
serviceaccount/tekton-pipelines-controller created
serviceaccount/tekton-pipelines-webhook created
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access created
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access created
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-leaderelection created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-leaderelection created
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-info created
customresourcedefinition.apiextensions.k8s.io/clustertasks.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/customruns.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/pipelines.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/pipelineruns.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/resolutionrequests.resolution.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/pipelineresources.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/runs.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/tasks.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/taskruns.tekton.dev created
customresourcedefinition.apiextensions.k8s.io/verificationpolicies.tekton.dev created
secret/webhook-certs created
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.pipeline.tekton.dev created
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.pipeline.tekton.dev created
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.pipeline.tekton.dev created
clusterrole.rbac.authorization.k8s.io/tekton-aggregate-edit created
clusterrole.rbac.authorization.k8s.io/tekton-aggregate-view created
configmap/config-artifact-bucket created
configmap/config-artifact-pvc created
configmap/config-defaults created
configmap/feature-flags created
configmap/pipelines-info created
configmap/config-leader-election created
configmap/config-logging created
configmap/config-observability created
configmap/config-registry-cert created
configmap/config-spire created
configmap/config-trusted-resources created
...
configmap/config-leader-election created
configmap/config-logging created
configmap/config-observability created
configmap/git-resolver-config created
configmap/hubresolver-config created
deployment.apps/tekton-pipelines-remote-resolvers created
horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook created
deployment.apps/tekton-pipelines-webhook created
service/tekton-pipelines-webhook created

We need to get the building blocks straight:

  • Steps: smallest unit to execute = containers
  • Tasks: – sequence of steps = pods
  • TaskRun: executes Tasks with specific parameters

Whats a pipeline? A sequence of tasks, with a shared persistent volume

Pipelines are CRDs:

Lets prepare the command line

brew install tektoncd-cli
ln -s /usr/local/bin/tkn /usr/local/bin/kubectl-tkn
kubectl plugin list
...
/usr/local/bin/kubectl-tkn
...
kubectl tkn help
CLI for tekton pipelines

Usage:
tkn [flags]
tkn [command]


Available Commands:
  bundle*               Manage Tekton Bundles (experimental)
  chain                 Manage Chains
  clustertask           Manage ClusterTasks
  clustertriggerbinding Manage ClusterTriggerBindings
  eventlistener         Manage EventListeners
  hub                   Interact with tekton hub
  pipeline              Manage pipelines
  pipelinerun           Manage PipelineRuns
  resource              Manage pipeline resources
  task                  Manage Tasks
  taskrun               Manage TaskRuns
  triggerbinding        Manage TriggerBindings
  triggertemplate       Manage TriggerTemplates

Other Commands:
  completion            Prints shell completion scripts
  version               Prints version information

Flags:
  -h, --help   help for tkn

More to come…

First task example following … see https://tekton.dev/docs/getting-started/tasks

chrisp:Tekton sandorm$ ls
hello-run.yaml	hello.yaml
chrisp:Tekton sandorm$ cat *

kind: Task
metadata:
  name: hello
spec:
  steps:
    - name: echo
      image: alpine
      script: |
        #!/bin/sh
        echo "Hello World"  
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: hello-task-run
spec:
  taskRef:
    name: hello
apiVersion: tekton.dev/v1beta1


k apply -f .
taskrun.tekton.dev/hello-task-run configured
task.tekton.dev/hello configured

kubectl get taskrun hello-task-run
NAME             SUCCEEDED   REASON      STARTTIME   COMPLETIONTIME
hello-task-run   True        Succeeded   81s         66s

chrisp:Howtos sandorm$ kubectl logs --selector=tekton.dev/taskRun=hello-task-run
Defaulted container "step-echo" out of: step-echo, prepare (init), place-scripts (init)
Hello World

The nice thing, it all happens within kubernetes, the specification of the task and the runs.

How about a pipeline with several tasks ?

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: hello-goodbye
spec:
  params:
  - name: username
    type: string
  tasks:
    - name: hello
      taskRef:
        name: hello
    - name: goodbye
      runAfter:
        - hello
      taskRef:
        name: goodbye
      params:
      - name: username
        value: $(params.username)

Note how parameters are used. The parameter is set in the PipelineRun object

chrisp:Tekton sandorm$ cat pipeline-run.yaml 
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: hello-goodbye-run
spec:
  pipelineRef:
    name: hello-goodbye
  params:
  - name: username
    value: "Sandorm"

Run it by applying the PipelineRun object:

What about a dashboard ?

Install:

kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
kubectl proxy

Access on standard url http://localhost:8001/api/v1/namespaces/tekton-pipelines/services/tekton-dashboard:http/proxy/#/namespaces/default/pipelineruns

tekton dashboard

Next to come: an example using triggers. In the example, a POST of a user name triggers a pipeline that says hello and goodbye to the username posted, documented here: https://tekton.dev/docs/getting-started/triggers/