Tekton supports source code to be built from GitLab. This short tutorial demonstrates a NodeJS application to be built from GitLab and the image to be pushed in Docker hub.
- Basic understanding of Git, Kubernetes, Tekton and it's components.
- A Kubernetes cluster: Any Kubernetes cluster will do. To get a free cluster on IBM Cloud, follow this link.
- Installation of Tekton CLI on your machine.
- Installation of latest Tekton Pipelines release.
- A public GitLab repo to pull the source code from (without the need to authenticate) and a Docker Hub (or any other image registry) to push the image to.
Create the following file and save as docker-secret.yaml. Take a note of the kind as Secret.
apiVersion: v1
kind: Secret
metadata:
name: basic-user-pass-docker
annotations:
tekton.dev/docker-0: https://index.docker.io # Described below
type: kubernetes.io/basic-auth
stringData:
username: <your_docker_username>
password: <your_docker_password>
Run kubectl apply -f docker-secret.yaml
to create the necessary secret. Similar secret for GitLab is not required as we're using a public repository.
Create the following file and save as serviceaccount.yaml. Take a note of the kind as ServiceAccount and you're referring previously created secret under the metadata.
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-sa
secrets:
- name: basic-user-pass-docker
Run kubectl apply -f serviceaccount.yaml
to create the necessary service account.
The followings are PipelineResource files for git and docker. Copy the first block of code and save as git-resource.yaml and the seconds block of code as docker-resource.yaml.
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-source
spec:
type: git
params:
- name: revision
value: master
- name: url
value: https://gitlab.com/dewan_ahmed/simple-nodejs-app
Feel free to use your own public GitLab repository provided that it has a Dockerfile. For private repository, you'll need to create a GitLab secret file similar to the docker secret we created. If using a Personal Access Token for password field, you can use any value for username field as this will be ignored.
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: docker-target
spec:
type: image
params:
- name: url
value: index.docker.io/<your-docker-username>/<your-docker-reponame>
Once you create these files, run kubectl apply -f git-resource.yaml
and kubectl apply -f docker-resource.yaml
to create the necessary PipelineResource.
This step creates the Tekton CRD - Task. Kaniko is used as the build tool. Create a new file with following contents and save as Task.yaml.
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: build-docker-image-from-git-source
spec:
inputs:
resources:
- name: git-source
type: git
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/docker-source/Dockerfile
- name: pathToContext
type: string
description:
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: /workspace/docker-source
outputs:
resources:
- name: builtImage
type: image
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor:v0.15.0
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- --dockerfile=$(inputs.params.pathToDockerFile)
- --destination=$(outputs.resources.builtImage.url)
- --context=$(inputs.params.pathToContext)
If you're using a different git source, observe default: /workspace/docker-source which might change. Run kubectl apply -f Task.yaml
to create the Task. The Task is not running yet as a TaskRun needs to "run" on the Task.
Create a new file with the following content and save as TaskRun.yaml:
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: build-docker-image-from-git-source-task-run
spec:
serviceAccountName: tekton-sa
taskRef:
name: build-docker-image-from-git-source
inputs:
resources:
- name: git-source
resourceRef:
name: git-source
params:
- name: pathToDockerFile
value: Dockerfile
- name: pathToContext
value: /workspace/git-source
outputs:
resources:
- name: builtImage
resourceRef:
name: docker-target
Notice how the TaskRun brings all the pieces together. Under spec, it refers to the serviceaccount we created earlier, the taskRef with name of the Task and git-source and docker-target under inputs and outputs.
Run kubectl apply -f TaskRun.yaml
to create the TaskRun.
Run tkn taskrun describe build-docker-image-from-git-source-task-run
to see the status of the TaskRun. You can also run tkn taskrun logs build-docker-image-from-git-source-task-run
to watch the detailed logs. If the steps were successful, you should be able to see an image pushed to your docker hub repo shortly.