Container deployment is now a norm in software development. Containerization refers to steps taken to encapsulate applications with their dependencies and runtimes into lightweight, isolated units called containers.
Tekton is a cloud-native, open-source tool that facilitates and automates Continuous Integration and Continuous Deployment (CI/CD) pipelines. It is a Kubernetes-native framework for building, testing, and deploying applications efficiently and consistently.
In this article, we will configure a Tekton pipeline that builds and pushes a Docker image to DockerHub.
Understanding Tekton
Tekton can run on any Kubernetes cluster, including managed Kubernetes services like Azure Kubernetes Service (AKS). It fits into the CI/CD landscape by offering:
Declarative Pipelines: This implies that pipeline configurations are written as code and can be versioned allowing for easy collaboration.
Containerization: Tekton operates with containers, which are perfect for modern applications. It can build, test, and deploy containers, making it well-suited for container-centric CI/CD workflows.
Tekton also offers the following features and benefits:
Flexibility: Tekton allows users to create customized CI/CD workflows.
Portability: Using Tekton, users can configure pipelines that build and deploy applications consistently across multiple clusters, including on-premises and cloud environments.
Setting up our Environment
To use Tekton, we need to have a local Kubernetes cluster running either minikube or Kind; or (in my case, as a Mac user), have Docker Desktop running.
To install the latest version of Tekton Pipelines, run
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
Tekton's dashboard gives us a view of how Tekton creates resources and handles task execution and completion. To install Tekton's dashboard, run
kubectl apply --filenamehttps://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
To access the dashboard, there are a couple of options such as proxy or port forwarding. We will use port forwarding
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
Install Tekton's CLI.
Configuring Tekton Pipelines
A pipeline consists of the following: Tasks, TaskRun, Pipelines, and PipelineRun.
Tekton Tasks: Contain steps that run to achieve a goal. Each task is a pod and each step in a task runs in a container. TaskRun instantiates and executes the defined Tasks.
Tekton Pipelines: Refers to a series of tasks defined in a specified order of execution as part of the CI/CD workflow. PipelineRun contains the value of variables in a Pipeline.
To achieve our goal, we will create a Pipeline that
Fetches the source code
Builds the image, and
Pushes the built image to DockerHub.
We will achieve the above steps using Kaniko, a tool used to build container images from a Dockerfile, inside a container or Kubernetes cluster.
Authenticating to DockerHub
- Log into Docker via CLI
$ docker login
- We create an encoded string of our
docker-hub-user-name-:docker-hub-password
$ echo -n '<docker-hub-username>:<docker-hub-password>' | base64
ENCODED-STRING
- Edit
~/.docker/config.jsonfile
$ sudo nano ~/.docker/config.json
{ "auths": { "https://index.docker.io/v1/": { "auth": "ENCODED-STRING" } } }
- Encode
~/.docker/config.json
$ cat ~/.docker/config.json | base64
ENCODED-JSON-FILE
Configuration Files
- After authenticating to DockerHub, we create a YAML file to store our authentication details in.
#docker-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: docker-credentials
data:
config.json: ENCODED-JSON-FILE
- The
pipeline.yamlfile, hold tasks which will carry out cloning, building and pushing the image to DockerHub. The tasks are defined as variables.
#pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: clone-build-push
spec:
description: |
This pipeline clones a git repo, builds a Docker image with Kaniko and
pushes it to a registry
params:
- name: repo-url
type: string
- name: image-reference
type: string
workspaces:
- name: shared-data
- name: docker-credentials
tasks:
- name: fetch-source
taskRef:
name: git-clone
workspaces:
- name: output
workspace: shared-data
params:
- name: url
value: $(params.repo-url)
- name: build-push
runAfter: ["fetch-source"]
taskRef:
name: kaniko
workspaces:
- name: source
workspace: shared-data
- name: dockerconfig
workspace: docker-credentials
params:
- name: IMAGE
value: $(params.image-reference)
- The
pipeline-runs.yamlfile, this file holds the values of the variables defined in thepipeline.yamlfile.
#pipeline-run.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: clone-build-push-run-
spec:
pipelineRef:
name: clone-build-push
podTemplate:
securityContext:
fsGroup: 65532
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: docker-credentials
secret:
secretName: docker-credentials
params:
- name: repo-url
value: <git-repo-url>
- name: image-reference
value: <docker-hub-username>/<docker-repo>
Automating Deployment
Run the following commands, to
Install the Tasks,
Apply the pipeline, and
Create PipelineRun,
tkn hub install task git-clone
tkn hub install task kaniko
kubectl apply -f docker-secret.yaml
kubectl apply -f pipeline.yaml
kubectl create -f pipeline-run.yaml
Tekton Tasks
Tekton Pipelines
Note:
We have to manually create the docker hub repository, to push the image to.
The Dockerfile should be in the root directory of the git repository, else we specify the location of the Dockerfile.
Tekton has an active and growing community, which means we can find support, documentation, and a variety of pre-built tasks and resources to enhance our CI/CD workflows.
I hope you will try Tekton in your development process.