Skip to main content
Version: 3.9

Install Tekton

EPAM KubeRocketCI uses Tekton resources, such as Tasks, Pipelines, Triggers, Interceptors, and Chains for running the CI/CD pipelines.

Here are the main steps to follow for installing the Tekton resources using the Tekton release files.

Prerequisites​

  • Kubectl version 1.26+ is installed. Please refer to the Kubernetes official website for details.
  • For Openshift/OKD, the latest version of the oc utility is required. Please refer to the OKD page on GitHub for details.

Installation on Kubernetes Cluster​

To install Tekton resources, follow the steps below:

info

Please refer to the Install Tekton Pipelines and Install and set up Tekton Triggers sections for details.

  1. Install Tekton pipelines v0.53.4 using the release file:

    note

    Tekton Pipeline resources are used for managing and running KubeRocketCI Tekton Pipelines and Tasks. Please refer to the KubeRocketCI Tekton Pipelines and KubeRocketCI Tekton Tasks pages for details.

    kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.4/release.yaml
  2. Install Tekton Triggers v0.25.3 using the release file:

    note

    Tekton Trigger resources are used for managing and running KubeRocketCI Tekton EventListeners, Triggers, TriggerBindings and TriggerTemplates. Please refer to the KubeRocketCI Tekton Triggers page for details.

    kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.3/release.yaml
  3. Install Tekton Interceptors v0.25.3 using the release file:

    note

    The Platform uses GitLab, GitHub and Cel ClusterInterceptors for processing requests from webhooks.

    kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.3/interceptors.yaml
  4. Install Tekton Chains v0.19.0 using the release file:

    kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.19.0/release.yaml

Installation on OKD cluster​

To install Tekton resources, follow the steps below:

info

Please refer to the Install Tekton Operator documentation for details.

note

Tekton Operator also deploys Pipelines as Code CI that requires OpenShift v4.11 (based on Kubernetes v1.24) or higher. This feature is optional and its deployments can be scaled to zero replicas.

Install Tekton Operator v0.67.0 using the release file:

kubectl apply -f https://github.com/tektoncd/operator/releases/download/v0.67.0/openshift-release.yaml

After the installation, the Tekton Operator will install the following components: Pipeline, Trigger, and Addons.

note

If there is the following error in the openshift-operators namespace for openshift-pipelines-operator and tekton-operator-webhook deployments:

Error: container has runAsNonRoot and image will run as root

Patch the deployments with the following commands:

kubectl -n openshift-operators patch deployment openshift-pipelines-operator -p '{"spec": {"template": {"spec": {"securityContext": {"runAsUser": 1000}}}}}'
kubectl -n openshift-operators patch deployment tekton-operator-webhook -p '{"spec": {"template": {"spec": {"securityContext": {"runAsUser": 1000}}}}}'

Grant access for Tekton Service Accounts in the openshift-pipelines namespace to the Privileged SCC:

oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-operators-proxy-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-pipelines-controller
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-pipelines-resolvers
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-pipelines-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-triggers-controller
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-triggers-core-interceptors
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-triggers-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:pipelines-as-code-controller
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:pipelines-as-code-watcher
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:pipelines-as-code-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:default