Tekton on PowerVS
What is Tekton?
Tekton is a Kubernetes-native continuous integration (CI) and continuous delivery (CD) engine. For every serious project, a good CICD solution is required. And if you are building CI/CD for cloud-native applications running on Kubernetes/Openshift, then it just makes sense to also run cloud-native CI/CD along with it using appropriate tool. As a Kubernetes-native framework, Tekton makes it easier to deploy across multiple cloud providers or hybrid environments.
Components of Tekton
Tekton consists of the following components:
- Tekton Pipelines is the foundation of Tekton. It defines a set of Kubernetes Custom Resources that act as building blocks from which you can assemble CI/CD pipelines.
- Tekton Triggers allows you to instantiate pipelines based on external events. For example, you can trigger the execution of a pipeline every time a PR is merged against a GitHub repository.
- Tekton CLI provides a command-line interface called
tkn, built on top of the Kubernetes CLI, that allows you to interact with Tekton. - Tekton Dashboard is a Web-based graphical interface for Tekton Pipelines that displays information about the execution of your pipelines.
- Tekton Catalog is a repository of high-quality, community-contributed Tekton building blocks — Tasks, Pipelines, and so on — that are ready for use in your own pipelines.
- Tekton Hub is a Web-based graphical interface for accessing the Tekton Catalog.
- Tekton Operator is a Kubernetes Operator pattern that allows you to install, update, and remove Tekton projects on your Kubernetes cluster.
Building blocks of Tekton
The following Tekton resources acts as building blocks for creating CICD pipelines:
- Task — A resource that accomplishes a specific action by executing a series of ordered Steps.
- Pipeline — A resource that defines a series of ordered Tasks.
- TaskRun — instantiates a specific Task to execute on a particular set of inputs and produce a particular set of outputs.
- PipelineRun — instantiates a specific Pipeline to execute on a particular set of inputs and produce a particular set of outputs .
- PipelineResources — resource objects that are going to be used as inputs to a Task and can be output by a Task.
How Tekton Triggers work?
Tekton triggers is a mechanism to declaratively create PipelineRuns based on external events like Git push, Github PR merge etc. It consists of a controller service that runs on your Kubernetes cluster as well as the following Kubernetes Custom Resource Definitions (CRDs) that extend the functionality of Tekton Pipelines to support events:
- EventListener — listens for events at a specified port on your Kubernetes cluster. Specifies one or more Triggers.
- Trigger — specifies what happens when the
EventListenerdetects an event. ATriggerspecifies aTriggerTemplate, aTriggerBinding, and optionally, anInterceptor. - TriggerTemplate — specifies a blueprint for the resource, such as a TaskRun or PipelineRun, that you want to execute when your EventListener detects an event.
- TriggerBinding — specifies the fields in the event payload from which you want to extract data and the fields in your corresponding TriggerTemplate to populate with the extracted values.
Tekton on PowerVS
Tekton is officially supported on IBM Power(ppc64le) architecture. With increasing demand for Tekton on Power systems, many customers are interested in using the functionalities of Tekton on IBM PowerVS clusters.
The objective of this blog is to guide you in creating an end-to-end Tekton Pipeline for building and deploying a basic application on Openshift cluster on PowerVS.
Tekton Pipeline Setup on PowerVS
Pre-requisites
· A ppc64le Openshift cluster with version 4.6 or above on PowerVS
· Enable Role-Based Access Control (RBAC) in the clusters.
· Grant current user the cluster-admin role on the cluster
Installation of Tekton Components
Considering that Tekton consists of multiple components, installing can be a little complicated and can be done in various ways. Usually, you will want to install at least Pipelines and Triggers. The most obvious way would be to install it with raw Kubernetes manifests, but you can take the simpler route and install Tekton Operator from OperatorHub, which already includes all the components.
For this example, we will install Tekton Pipelines, Triggers, Dashboard and CLI. The installation steps and required configurations are as follows:
- Environment Setup on PowerVS
Login to the PowerVS Openshift Cluster and create a new project “tekton-pipelines”. This namespace is used by all the Tekton components.
ssh -i <ssh_key> root@<bastion_node_ip>oc login -u kubeadmin -p <kubepassword>oc new-project tekton-pipelines
2. Install Tekton Pipelines
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controlleroc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhookoc apply --filename https://github.com/tektoncd/pipeline/releases/download/v0.24.0/release.notags.yamloc get pods --namespace tekton-pipelines --watch
3. Install Tekton CLI
rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.19.1/tektoncd-cli-0.19.1_Linux-ppc64le.rpmtkn version
4. Install Tekton Triggers
oc adm policy add-scc-to-user anyuid -z tekton-triggers-controlleroc adm policy add-scc-to-user anyuid -z tekton-triggers-webhookoc adm policy add-scc-to-user anyuid -z tekton-triggers-core-interceptorsoc apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.0/release.yamloc apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.0/interceptors.yamloc get pods --namespace tekton-pipelines --watch
5. Install Tekton Dashboard
oc apply -f https://github.com/tektoncd/dashboard/releases/download/v0.17.0/tekton-dashboard-release.yamloc get pods --namespace tekton-pipelines --watchoc create route edge tekton-dashboard --service=tekton-dashboard --port=http --insecure-policy=Redirect -n tekton-pipelinesoc get route
Open the route link in your browser to access the Tekton dashboard.
Sample web application Pipeline Configuration
Pipeline Configuration
These steps will guide you in initial setup of the Tekton Pipeline on the PowerVS cluster:
- Clone the sample web application source code repository
git clone https://github.com/snehakpersistent/sample-web-appgit checkout simple-pipeline
2. Setup quay repository with proper account permissions
Create quay repository for your application image: tekton-sample-app. Make sure that you have Read+Write permissions to the repository.
Update the quay repository link in PipelineResources quay-resource-app.yaml as well as for quay resource in TriggerTemplate triggers/triggertemplate.yaml. The application image that we build will be pushed to this quay repository.
3. Create secret for pushing images to Quay
Update quay username, password, auth and proxy fields in config/docker_config.json.
username — Quay username
password — Quay password
auth — Base64(username:password)
httpProxy/httpsProxy — Proxy value in PowerVS cluster(if required)
Create secret using above docker_config.json:
oc create secret generic quay-secret \
--from-file=.dockerconfigjson=<path to docker_config.json on cluster> \
--type=kubernetes.io/dockerconfigjson4. Create a pipeline service account
This service account will be used in PipelineRun for running the pipeline. It uses secret created in the previous step.
oc apply -f config/sa-pipeline.yaml5. Update cluster resource token
A cluster resource in Tekton represents a Kubernetes cluster. The resource will use the provided parameters to create a kubeconfig file that can be used by steps in the pipeline Task to access the target cluster.
Update pipelineresources/ppc-cluster-resource.yaml with correct token required for cluster login. This token can be found in kubeconfig file on the cluster. Also update token value for the cluster resource in triggers/triggertemplate.yaml.
Pipeline Execution
There are two scenarios in which the pipeline will be triggered:
- Pipeline can be triggered manually
Steps for triggering pipeline manually on PowerVS cluster:
- Create all the required resources like Tasks, Pipelineresources and Pipeline.
oc project tekton-pipelinesoc apply -f task/oc apply -f pipelineresources/oc apply -f pipeline/pipeline.yaml
- Execute the Pipeline
oc apply -f pipeline/pipelineRun.yaml- Monitor the PipelineRun on Tekton dashboard. Below command can be used to see the PipelineRun logs on CLI.
tkn pipelinerun logs --last -f- Additionally, you can use below tkn commands to inspect the created resources:
tkn <resource_type> list //list resources
tkn <resource_type> describe <resource_name> //describe resourcestkn <task|pipeline> start <resource_name> //start task/pipeline
tkn <taskrun|pipelinerun> log --last -f //check logs
2. Pipeline can be executed based on Tekton triggers
Steps to set-up Tekton triggers on the existing pipeline:
- Make sure that Task and Pipeline resources are existing. If not, create them.
oc apply -f task/oc apply -f pipeline/pipeline.yaml
- Create all the resources required for Tekton triggers — Eventlistener, Eventlistener route, TriggerTemplate, TriggerBinding and RBAC resources
cd triggers/oc apply -f triggers-rbac.yamloc adm policy add-scc-to-user anyuid -z tekton-triggers-saoc apply -f triggertemplate.yamloc apply -f triggerbinding.yamloc apply -f eventlistener.yamloc apply -f eventlistener-route.yaml
- Create a Github webhook on the source code repository with the Eventlistener Route we exposed, using the steps mentioned here.
- Trigger the PipelineRun
To trigger the PipelineRun, perform a git push operation on your repository. You can also test this by pushing an empty commit.
git commit -m “empty-commit” — allow-empty && git push origin mainAccess the Tekton dashboard or Openshift Web console and a PipelineRun will be automatically created. In this case, PipelineResources are created automatically based on the TriggerTemplate.
Troubleshooting
- On ppc64le, release.yaml is broken due to distroless/base image
Error message:
[create-dir-builtimage-8fx4v] 2021/04/01 12:56:16 Error executing command: fork/exec /busybox/mkdir: exec format errorcontainer step-create-dir-builtimage-8fx4v has failed : [{“key”:”StartedAt”,”value”:”2021–04–01T12:56:16.916Z”,”type”:”InternalTektonResult”}]
Workaround:
Upgrade Tekton Pipeline to version v0.24.0. This release has proper distroless/base image for ppc64le architecture.
2. Unable to access cluster server
Error message:
Unable to connect to the server: ForbiddenWorkaround:
Comment the below line from /etc/squid/squid.conf on bastion node and restart the squid service. Commenting this line will allow all https ports:
http_access deny CONNECT !SSL_portsThanks for reading! I hope you found this tutorial helpful :)
