Install Tekton
EPAM KubeRocketCI uses Tekton resources, such as Tasks, Pipelines, Triggers, Interceptors, and Chains for running the CI/CD pipelines.
Here are the main steps to follow for installing the Tekton resources using the Tekton release files.
Prerequisites​
- Kubectl version 1.26+ is installed. Please refer to the Kubernetes official website for details.
- For Openshift/OKD, the latest version of the
oc
utility is required. Please refer to the OKD page on GitHub for details.
Installation on Kubernetes Cluster​
To install Tekton resources, follow the steps below:
Please refer to the Install Tekton Pipelines and Install and set up Tekton Triggers sections for details.
-
Install Tekton pipelines v0.53.4 using the release file:
noteTekton Pipeline resources are used for managing and running KubeRocketCI Tekton Pipelines and Tasks. Please refer to the KubeRocketCI Tekton Pipelines and KubeRocketCI Tekton Tasks pages for details.
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.53.4/release.yaml
-
Install Tekton Triggers v0.25.3 using the release file:
noteTekton Trigger resources are used for managing and running KubeRocketCI Tekton EventListeners, Triggers, TriggerBindings and TriggerTemplates. Please refer to the KubeRocketCI Tekton Triggers page for details.
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.3/release.yaml
-
Install Tekton Interceptors v0.25.3 using the release file:
noteThe Platform uses GitLab, GitHub and Cel ClusterInterceptors for processing requests from webhooks.
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.3/interceptors.yaml
-
Install Tekton Chains v0.19.0 using the release file:
kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.19.0/release.yaml
Installation on OKD cluster​
To install Tekton resources, follow the steps below:
Please refer to the Install Tekton Operator documentation for details.
Tekton Operator also deploys Pipelines as Code CI that requires OpenShift v4.11 (based on Kubernetes v1.24) or higher. This feature is optional and its deployments can be scaled to zero replicas.
Install Tekton Operator v0.67.0 using the release file:
kubectl apply -f https://github.com/tektoncd/operator/releases/download/v0.67.0/openshift-release.yaml
After the installation, the Tekton Operator will install the following components: Pipeline, Trigger, and Addons.
If there is the following error in the openshift-operators
namespace for openshift-pipelines-operator
and tekton-operator-webhook
deployments:
Error: container has runAsNonRoot and image will run as root
Patch the deployments with the following commands:
kubectl -n openshift-operators patch deployment openshift-pipelines-operator -p '{"spec": {"template": {"spec": {"securityContext": {"runAsUser": 1000}}}}}'
kubectl -n openshift-operators patch deployment tekton-operator-webhook -p '{"spec": {"template": {"spec": {"securityContext": {"runAsUser": 1000}}}}}'
Grant access for Tekton Service Accounts in the openshift-pipelines
namespace to the Privileged SCC:
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-operators-proxy-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-pipelines-controller
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-pipelines-resolvers
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-pipelines-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-triggers-controller
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-triggers-core-interceptors
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:tekton-triggers-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:pipelines-as-code-controller
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:pipelines-as-code-watcher
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:pipelines-as-code-webhook
oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-pipelines:default