Photo by NOAA on Unsplash

Simple Tekton Task Run pulling from GitHub and Deploying to an Image Registry

Tekton | Google | CI/CD | GitHub | Image Registry | Build |

Step 1. Setting up a GitHub Service Account

Step 2. Creating the Kubernetes (K8s) Secret for GitHub Token

# Setting up Basic Auth with Service Account Token
apiVersion: v1
kind: Secret
metadata:
name: github-project-secret
namespace: yoda
annotations:
tekton.dev/git-0: https://github.com
type: kubernetes.io/basic-auth
stringData:
username: <Account Username>
password: <Service-Account-Token>
kubectl apply -f <secret.yml>

Step 3. Associate the Secret to a Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
name: yoda-tekton-sa
namespace: yoda
secrets:
- name: github-project-secret
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: git-source
namespace: yoda
spec:
type: git
params:
- name: url
value: <https url for github project>
- name: revision
value: master
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-test-task
namespace: yoda
spec:
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: $(resources.inputs.docker-source.path)/Dockerfile
- name: pathToContext
type: string
description: |
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: $(resources.inputs.docker-source.path)
resources:
inputs:
- name: docker-source
type: git
steps:
- name: build-and-push
image: gcr.io/kaniko-project/executor:v0.16.0
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
- --dockerfile=$(params.pathToDockerFile)
- --destination=$(resources.outputs.builtImage.url)
- --context=$(params.pathToContext)

Step 5. Adding the Image Resource (aka Image Registry Location)

apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: yoda-image-resource
namespace: yoda
spec:
type: image
params:
- name: url
value: <image registry uri>

Step 6. Setting up an Image Registry Secret

kubectl create secret docker-registry <name of secret> -n <namespace> --docker-server=<quay server> --docker-username=<username> --docker-password=<password> --docker-email=<email address>

Step 7. Associate the Image Registry Secret to the Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
name: yoda-tekton-sa
namespace: yoda
secrets:
- name: github-project-secret
- name: <image registry secret name>

Step 8. Setting up the Task Run

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: build-test-taskrun
namespace: yoda
spec:
serviceAccountName: yoda-tekton-sa
taskRef:
name: build-test-task
params:
- name: pathToDockerFile
value: /docker/<dockerfile name>
# - name: pathToContext
# value: $(resources.inputs.docker-source.path)/new-path:
resources:
inputs:
- name: docker-source
resourceRef:
name: git-source
outputs:
- name: builtImage
resourceRef:
name: yoda-image-resource

Enterprise Solution Architect | Certified Kubernetes Administrator ⚓ | SAFe SPC | LeSS Practioner | AWS Solutions Architect | Dev*Ops/GitOps Engineer 🔥

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store