k8s

Tektoncd Operator is a Kubernetes extension for installing, upgrading and managing TektonCD Pipelines, Dashboard, Triggers, etc. on a Kubernetes cluster. We just need to write the yaml for each component to manage Tekton components directly.

CRD Description
TektonConfig Configure the Tekton components to be installed and managed.
TektonPipeline Configure the installation to manage Tekton Pipeline components.
TektonTrigger Configure the installation to manage the Tekton Trigger component.
TektonDashboard Configure the installation to manage Tekton Dashboard components.
TektonResult Configure the installation to manage Tekton Result components.
TektonAddon Configure the installation management plugin, which currently only supports Openshift.

Installation

There are several ways to install Tektoncd Operator.

Installation from Operator Hub

You can go directly to the Operator Hub page at https://operatorhub.io/operator/tektoncd-operatorto install it and its lifecycle will be managed by the Operator Lifecycle Manager (OLM).

Operator Hub

Installation using the resource manifest file

You can get the resource manifest file directly from the Github Release page at https://github.com/tektoncd/operator/releases. Using this method of installation, you need to manage the Operator lifecycle yourself.

Just use the following command to install directly.

1

$ kubectl apply -f https://storage.googleapis.com/tekton-releases/operator/latest/release.yaml

By default Tektoncd Operator creates objects that use the gcr image, such as the Tekton Pipelines controller image, you can specify the corresponding image via the environment variable IMAGE_PIPELINES_TEKTON_PIPELINES_CONTROLLER, which is shown below to override the default configuration of the gcr image.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

- name: IMAGE_PIPELINES_PROXY
  value: cnych/tekton-operator-proxy-webhook:v0.60.0
- name: IMAGE_JOB_PRUNER_TKN
  value: cnych/tekton-operator-pruner-tkn:v0.60.0
- name: IMAGE_PIPELINES_TEKTON_PIPELINES_CONTROLLER
  value: cnych/tekton-controller:v0.37.2
- name: IMAGE_PIPELINES_WEBHOOK
  value: cnych/tekton-webhook:v0.37.2
- name: IMAGE_PIPELINES_ARG__ENTRYPOINT_IMAGE
  value: cnych/tekton-entrypoint:v0.37.2
- name: IMAGE_PIPELINES_ARG__GIT_IMAGE
  value: cnych/tekton-git-init:v0.37.2
- name: IMAGE_PIPELINES_ARG__IMAGEDIGEST_EXPORTER_IMAGE
  value: cnych/tekton-imagedigestexporter:v0.37.2
- name: IMAGE_PIPELINES_ARG__KUBECONFIG_WRITER_IMAGE
  value: cnych/tekton-kubeconfigwriter:v0.37.2
- name: IMAGE_PIPELINES_ARG__NOP_IMAGE
  value: cnych/tekton-nop:v0.37.2
- name: IMAGE_TRIGGERS_TEKTON_TRIGGERS_CONTROLLER
  value: cnych/tekton-triggers-controller:v0.20.1
- name: IMAGE_TRIGGERS_WEBHOOK
  value: cnych/tekton-triggers-webhook:v0.20.1
- name: IMAGE_TRIGGERS_TEKTON_TRIGGERS_CORE_INTERCEPTORS
  value: cnych/tekton-triggers-interceptors:v0.20.1
- name: IMAGE_TRIGGERS_ARG__EL_IMAGE
  value: cnych/tekton-triggers-eventlistenersink:v0.20.1

The above approach creates a namespace named tekton-operator containing an Operator and a Pod of Webhook.

1
2
3
4

$ kubectl get pods -n tekton-operator
NAME                                       READY   STATUS    RESTARTS   AGE
tekton-operator-9d747548b-67t7m            2/2     Running   0          9m42s
tekton-operator-webhook-6cc769b85d-fssq9   1/1     Running   0          9m42s

Once the Operator is installed, you can install the required Tekton components, such as Tekton Pipeline, Tekton Triggers.

Each Tekton component has a custom resource for installing and managing the component.

1
2
3
4
5
6
7
8
9

$ kubectl get crd |grep tekton |grep operator
tektonchains.operator.tekton.dev                    2022-07-25T00:51:07Z
tektonconfigs.operator.tekton.dev                   2022-07-25T00:51:07Z
tektondashboards.operator.tekton.dev                2022-07-25T00:51:07Z
tektonhubs.operator.tekton.dev                      2022-07-25T00:51:07Z
tektoninstallersets.operator.tekton.dev             2022-07-25T00:51:07Z
tektonpipelines.operator.tekton.dev                 2022-07-25T00:51:07Z
tektonresults.operator.tekton.dev                   2022-07-25T00:51:07Z
tektontriggers.operator.tekton.dev                  2022-07-25T00:51:07Z

Where TektonConfig is the top level CRD for creating other components, so we just need to create TektonConfig objects with the required configuration, which will help us install the other components accordingly.

TektonConfig will create TektonPipeline, TektonTriggers and other component CR objects based on the configuration file passed to it, with a profile field that can be used to identify all the components to be installed.

components

Tektoncd Operator has 3 built-in profiles: lite, all, basic.

  • all: this profile will install all components
  • basic: this profile will install only TektonPipeline and TektonTrigger components
  • lite: this profile will install only the TektonPipeline component

For example, if we want to install pipelines, triggers and dashboard, we can use the profile all to install them, as shown in the resource list below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# tekton-operator-profile-all.yaml
apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  profile: all
  targetNamespace: tekton-pipelines
  pruner:
    resources:
      - pipelinerun
      - taskrun
    keep: 100
    schedule: "0 8 * * *"

where targetNamespace is used to specify the namespace where Tekton components are installed, the default is tekton-pipelines and pruner provides automatic cleanup for Tekton resources.

  • resources: specifies the resources that can be cleaned automatically.
  • keep: the maximum number of resources to keep when cleaning up.
  • schedule: how often to clean up resources.

Just install the above resource object directly.

1
2
3
4

$ kubectl apply -f tekton-operator-profile-all.yaml
$ kubectl get tektonconfig
NAME     VERSION   READY   REASON
config   v0.60.0   True

The TektonConfig object we configured above with a profile of all will automatically create tektonpipelines, tektontriggers, and tektondashboard component objects for us.

1
2
3
4
5
6
7
8
9

$ kubectl get tektonpipelines
NAME       VERSION   READY   REASON
pipeline   v0.37.0   True
$ kubectl get tektontriggers
NAME      VERSION   READY   REASON
trigger   v0.20.1   True
$ kubectl get tektondashboard
NAME        VERSION   READY   REASON
dashboard   v0.27.0   True

These cr objects above will automatically create the corresponding components when they are created, as shown below.

1
2
3
4
5
6
7
8
9

$ kubectl get pods -n tekton-pipelines
NAME                                                 READY   STATUS             RESTARTS   AGE
tekton-dashboard-84dc6f966b-g8flx                    0/1     ImagePullBackOff   0          3m48s
tekton-operator-proxy-webhook-7587596c79-ld8vm       1/1     Running            0          30m
tekton-pipelines-controller-78bc48896b-sd9fk         1/1     Running            0          30m
tekton-pipelines-webhook-5f48c855b4-js54q            1/1     Running            0          30m
tekton-triggers-controller-668b94cb5b-ggbk7          1/1     Running            0          27m
tekton-triggers-core-interceptors-66b7ddd78c-pq7gb   1/1     Running            0          27m
tekton-triggers-webhook-c8fd7755d-rknch              1/1     Running            0          27m

Since the image of the dashboard component does not have a corresponding overriding environment variable, we need to modify it manually.

1
2
3
4
5

$ kubectl edit deploy tekton-dashboard -n tekton-pipelines

......
    image: cnych/tekton-dashboard:v0.28.0
......

By default, Dashboard services are exposed through ClusterIP. We can manually create an Ingress object or modify the service to NodePort to expose it.

1
2
3
4
5
6
7
8
9

$ kubectl get svc -n tekton-pipelines
NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                              AGE
tekton-dashboard                    ClusterIP   10.102.221.101   <none>        9097/TCP                             28m
tekton-operator-proxy-webhook       ClusterIP   10.96.175.155    <none>        443/TCP                              33m
tekton-pipelines-controller         ClusterIP   10.99.0.85       <none>        9090/TCP,8008/TCP,8080/TCP           33m
tekton-pipelines-webhook            ClusterIP   10.106.195.14    <none>        9090/TCP,8008/TCP,443/TCP,8080/TCP   33m
tekton-triggers-controller          ClusterIP   10.99.84.154     <none>        9000/TCP                             30m
tekton-triggers-core-interceptors   ClusterIP   10.97.83.136     <none>        8443/TCP                             30m
tekton-triggers-webhook             ClusterIP   10.108.88.140    <none>        443/TCP                              30m

Tektoncd Dashboard

Testing

Once Tekon’s components are installed, let’s run a simple Pipeline.

First create a Task as shown below, which will execute the echo "Hello, world!" command in the bash container.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

# hello-task.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: hello
spec:
  steps:
    - name: hello
      image: bash:latest
      command:
        - echo
      args:
        - "Hello, world!"

Create another goodbye task in the same way, simply by changing the echo above to goodbye.

Then you can define a Pipeline flow, as shown below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

# hello-goodbye-pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: hello-goodbye-pipeline
spec:
  tasks:
    - name: hello
      taskRef:
        name: hello
    - name: goodbye
      runAfter:
        - hello
      taskRef:
        name: goodbye

The corresponding Task object is referenced by taskRef.

Just create the above resource object directly.

1
2
3
4
5
6
7
8


$ kubectl get pipeline
NAME                     AGE
hello-goodbye-pipeline   24s
$ kubectl get task
NAME      AGE
goodbye   101s
hello     107s

To execute the pipeline, we also need to create a PipelineRun object before it will actually execute.

1
2
3
4
5
6
7
8

# hello-goodbye-pipeline-run.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: hello-goodbye-pipeline-
spec:
  pipelineRef:
    name: hello-goodbye-pipeline

Just create the above resource, and note that the generateName attribute we used here needs to be created using the kubectl create command. After normal creation, the two tasks will soon be executed as described in the Pipeline above.

Tektoncd Dashboard

To uninstall Tekton we just need to delete the defined TektonConfig object.

If we don’t want to use the several profiles built into TektonCD Operator, we can also manually configure the CR instances of the different components ourselves. In addition, TektonCD Operator does not provide many configurable methods at this stage, and the only way to globally override the Operator is through environment variables.