This repo is about to test Tekton pipelines using a real example of the Petclinic repo. It is based on my current repository that builds Spring Petclinic application using Kaniko in a Jenkins pipeline executed in Kubernetes.
So, this example of Tekton pipelines build the Spring Petclinic as follows:
- Creates a Tekton task to build the application using Maven
- Creates a Tekton taskt to build the container using Kaniko
- Creates a Tekton task to deploy the container in the Kubernetes namespace (we are using the Tekton one as default)
- Define and creates the Tekton
pipelineto orchestrate previous defined tasks - Creates the
pipelineresourcesobject to be used as inputs and outputs of the tasks - Run the pipeline through the
pipelinerunobject than instantiate the pipeline to be run
One of the main Tekton advantages, among others, is the ability of decoupling stages of a pipeline (Tekton tasks), so it is possible to run isolated and parametrized. Then, a pipeline is a way to orchestrate different tasks depending on the use case.
So, in this repo we will find the following files/directories where required Tekton definitions and Kubernetes objects are defined:
petclinic-pipeline.yaml: This is the YAML file with Tekton tasks and Pipeline definitionpetclinic-resources.yaml: Tekton resources defined in one YAML filepetclinic-run.yaml: Pipelinerun to instantiate the pipeline defined in the rest of the filesdeploy-serviceaccount.yaml: YAML file to create RBAC permissions to deploytaskruns: Directory to find someTaskRunsto deploy isolated TektonTasks
In order to execute the Tekton pipelines in this repo it is required to create some specific resources and take some considerations:
- Create or own a Kubernetes cluster (you can use the $300 GCP Free Tier to test with your own GKE cluster)
- Install Tekton pipelines in your created Kubernetes cluster
- Create the
Kubernetes secretto publish the docker container in your ownDocker Registry - Change the
PipelineResourceto specify the container image url you want to use and have access to - Deploy a
ServiceAccount, aRoleand aRoleBindingto give permissions to deploy the Spring Petclinic application in the namespace (this repo configuration is using by default the same where Tekton pipelines is deployed, but I recommend to change it) - If you use a different container registry than GCR, change the
test-deploy-secret.yamlfile to use your
To create the required kubernetes secret you can do it by executing the following kubectl command (replace your parameters):
$ kubectl create secret docker-registry kaniko-secret-cfg \
--docker.username=<your_docker_registry_user> \
--docker.password=<your_password> \
--docker.email=<your_valid_email> \
--docker.server=<your_docker_registry>
If you use your own Google Container Registry you should create a key for your Google service account, download the JSON file and load it into the secret. It can be done by (assuming that your key json file is in ./kaniko-secret.json):
$ kubectl create secret docker-registry kaniko-secret-cfg \
--docker.username=_json_key \
--docker.password= $(cat ./kaniko-secret.json)\
--docker.email=<your_valid_email> \
--docker.server=gct.io/<your_gcp_project>The pipeline to show in this repo is executing three tasks, being the last one (deploy-kubectl) a deployment of the built application in the Kubernetes cluster. To deploy using kubectl in the default namespace you need to create the specific serviceAccount with the required permissions. To do that you can use the file deploy-serviceaccount.yaml included is this repo. Just execute:
$ kubectl apply -f deploy-serviceaccount.yaml -n tekton-pipelinesYou need to change the PipelineResource where the image to be pushed is specified in the petclinic-resources.yaml file:
$ export MY_DOCKER_IMG=<your_registry>/<your_image>:latest
$ cat petclinic-resources.yaml | \
sed "s%gcr.io\/ci-cd-playground\/petclinic-kaniko\:latest%$MY_DOCKER_IMG%g" | \
tee petclinic-resources.yamlOnce everything is configured, following commands will deploy the pipeline and resources:
$ kubectl apply -f petclinic-pipeline.yaml,petclinic-resources.yamlYou should get an output like:
task.tekton.dev/build-maven created
task.tekton.dev/build-kaniko created
task.tekton.dev/deploy-kubectl created
pipeline.tekton.dev/petclinic-pipeline created
pipelineresource.tekton.dev/petclinic-git created
pipelineresource.tekton.dev/petclinic-image created
pipelineresource.tekton.dev/petclinic-deploy created
Then you can see the Tekton objects by running:
$ kubectl get tasks,pipelines,pipelineresourcesSo, you should see the follwowing Kubernetes CRDs objects:
NAME AGE
task.tekton.dev/build-kaniko 1m
task.tekton.dev/build-maven 1m
task.tekton.dev/deploy-kubectl 1m
NAME AGE
pipeline.tekton.dev/petclinic-pipeline 1m
NAME AGE
pipelineresource.tekton.dev/petclinic-deploy 1m
pipelineresource.tekton.dev/petclinic-git 1m
pipelineresource.tekton.dev/petclinic-image 1m
Once all Tasks, PipelineResources and Pipeline is deployed into the Kubernetes cluster, the only thing to do to run de Tekton pipeline is to deploye the PipelineRun object definition:
$ kubectl apply -f petclinic-run.yamlYou should see the successful output of the object created:
pipelinerun.tekton.dev/petclinic-pipelinerun created
Now, your pipeline should be running. You can see how pods and containers are being executed:
$ kubectl get podsNAME READY STATUS RESTARTS AGE
petclinic-pipelinerun-petclinic-maven-7d8ld-pod-9ab76d 0/6 Init:0/3 0 7s
tekton-pipelines-controller-5b5dd5c45-cr8ms 1/1 Running 0 3d
tekton-pipelines-webhook-84f498d964-l56kv 1/1 Running 0 3d