Tekton is an open-source, Kubernetes-native framework for building continuous integration and delivery (CI/CD) pipelines. It provides custom resources like Tasks and Pipelines that allow users to define CI/CD workflows. Tekton runs controllers that reconcile the desired state of these resources by creating Kubernetes pods to run steps and propagate status. The workshop covers Tekton concepts like Tasks, TaskRuns, Pipelines and PipelineRuns, and includes a hands-on lab to build a sample CI/CD pipeline with Tekton.

1. Workshop
Vic Iglesias
Cloud Solutions Architect
@vicnastea

2. Agenda
● What is Tekton?
● Just Enough Kubernetes
● Tekton
○ Custom Resources
○ Subprojects
○ Roadmap
● Hands-on Lab
○ Hello world!
○ Hackathon

3. What is Tekton?

4. ● Open API spec for
describing CI/CD pipelines
● Open-source CI/CD
platform implementation
running on Kubernetes
● In Alpha - version v0.5.x
● Openly-governed under the
Continuous Delivery
Foundation (CDF)
What is Tekton?

5. ● Currently 4 projects
● Contributions from:
○ Google
○ Red Hat
○ IBM
○ CloudBees
What is the Continuous Delivery Foundation (CDF)?

6. The Tekton Story
2018 2019
Knative
build
Tekton
Pipelines
Knative
build-pipelines Tekton ++

7. Tekton Goals
Composable Declarative
Reproducible Cloud Native

8. Just Enough Kubernetes

9. ● A portable, open-source container
orchestration platform
● Built-in primitives for deployments, rolling
upgrades, scaling, monitoring, and more
● Inspired by Google’s internal system (borg)
What is Kubernetes?

10. 10
> kubectl
Control Plane
API Server
Scheduler
App State
Control Loops
App
Node 1
App
Node 2
App
Node n
API, CLI, CI/CD
Ingress
Kubernetes Arch
Intra-cluster
networking
Users

11. Pods
The atomic Kubernetes object that
represents a single instance of an
application.
The Pod acts as a logical host for one
or n containers comprising an
application.
These containers have a shared fate,
key to any clustering system.
container container container
volume A volume B
network interface

12. Pods
Containers in a pod share a network and
mount namespace and therefore
communicate via localhost.
Containers in a pod are assigned individual
cgroups, allowing for resource requests
and limits on a per container basis.
Kubernetes schedules and orchestrates
Pods across nodes in a cluster.
container container container
volume A volume B
network interface

13. Pods
nodemaster node node
apiVersion: v1
kind: Pod
metadata:
name: my-app
spec:
containers:
- name: my-app
image: gcr.io/project/my-app
- name: nginx-ssl
image: gcr.io/project/nginx
ports:
- containerPort: 80
- containerPort: 443

14. Pods
nodemaster node node
apiVersion: v1
kind: Pod
metadata:
name: my-app
spec:
containers:
- name: my-app
image: gcr.io/project/my-app
- name: nginx-ssl
image: gcr.io/project/nginx
ports:
- containerPort: 80
- containerPort: 443

15. Pods
nodemaster node node
apiVersion: v1
kind: Pod
metadata:
name: my-app
spec:
containers:
- name: my-app
image: gcr.io/project/my-app
- name: nginx-ssl
image: gcr.io/project/nginx
ports:
- containerPort: 80
- containerPort: 443

16. Custom Resource
Definitions

17. CRDs
When?
● You want to create a
new kind of object
● You want to
package multiple
objects as one
What?
● Extension of the
Kubernetes API
● You write the spec
and build a
controller
Where?
● Docs:
https://kubernetes.io/docs/conc
epts/extend-kubernetes/api-ex
tension/custom-resources/

18. Example CRD
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: securedeployments.ctl.gcp.solutions
spec:
group: ctl.gcp.solutions
version: v1
scope: Namespaced
names:
plural: securedeployments
singular: securedeployment
kind: SecureDeployment
shortNames: ["sd", "securedeploy"] $ kubectl get sd
$ kubectl describe securedeploy

19. The Operator Pattern

20. Operators
When?
● You want to own the
lifecycle of a
package of objects
● You want to model
and control external
services
What?
● A design pattern for
custom resources
● Implements
complex controllers
for CRDs
How?
● Operator-SDK:
https://github.com/operator-fra
mework/operator-sdk
● Kubebuilder:
https://github.com/kubernetes-
sigs/kubebuilder

21. Observe, analyze, act
apiserver
watch
CRD
Objects
custom
controller
CRUD
Child
objects
CRD
Object Object Object
Children
CRUD
External

22. ● Tekton defines some Custom Resources
● Tekton runs controllers to reconcile resource status toward the desired state
● That's all Tekton is:
○ Open API (CRDs)
○ Kubernetes controllers that know how to handle them
Back to Tekton!

23. Tekton Architecture
Task Pipeline Pipeline
Resource
> tkn

24. Tekton Custom Resources

25. Tekton Custom Resource Definition
Pipeline
Task
git
Task
image
Task
Task
cluster
cluster
Pipeline
Resource
Pipeline
Resource
Step
Step
Step
Step
Step
Step
Step
Step

26. ● Stateless, reusable,
parameterized task definition
● Defines steps to run,
parameters, inputs and
outputs
Tekton CRD: Task
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: go-something
spec:
inputs:
parameters:
- name: command
steps:
- name: go-something
image: golang:stretch
command: ['go', '${inputs.parameters.command}']

27. Running a Task
● Create a TaskRun that
references the Task
● Provide required parameters
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: go-build-
spec:
taskRef:
name: go-build
inputs:
params:
- name: command
value: build

28. Tekton CRD: TaskRun
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: go-version-
spec:
taskSpec:
steps:
- name: go-version
image: golang:stretch
command: ['go', 'version']
● When created, starts doing work
● Defines steps to run in order
○ /workspace volume shared across
steps
● Defines input source(s) to fetch and
mount into /workspace

29. apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: go-version-
spec:
taskSpec:
steps:
- name: go-version
image: golang:stretch
command: ['go', 'version']
TaskRun Controller
● Watches for new TaskRuns
● Creates a Pod to run specified steps in order
● Watches Pod for status updates
apiVersion: v1
kind: Pod
metadata:
name: go-version-blah-pod-blah
spec:
containers:
…
- name: go-version
image: golang:stretch
command: ['go', 'version']
…
create
updates
updates
updates

30. apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
name: go-version-mxylp
spec:
taskSpec:
steps:
- name: go-version
image: golang:stretch
command: ['go', 'version']
…
status:
startTime: 2019-06-14T05:43:49Z
completionTime: 2019-06-14T05:53:33Z
conditions:
- type: Succeeded
status: True
podName: go-version-blah-pod-blah
steps:
- name: go-version
terminated:
exitCode: 0
startedAt: 2019-06-14T05:45:52Z
finishedAt: 2019-06-14T05:46:52Z
● Populates status based on
Pod status
TaskRun Controller

31. ● Timeout
● Resource requests and limits
○ "K8s: This needs 3.25 CPUs and 17.84 GB of RAM" -- can get more resources if available
○ "K8s: Stop it from using more than 8 CPU"
● Node and Pod affinity
○ "K8s: I can tolerate being put on a preemptible VM; I'm not that important"
○ "K8s: I require a node with 4 GPUs; I'm kind of a big deal"
○ "K8s: Try to schedule me on the same node as $otherpod, but if not nbd"
● Persistent Volume Claims
○ "K8s: attach a Persistent Disk at /cache so I can write to it"
○ "K8s: attach that same disk again at /cache so I can read from it"
○ Kubernetes schedules Pods to Nodes with necessary PDs attached
○ Incremental builds!
TaskRun Features

32. Tekton Resource: PipelineResource
● Defines an entity that can act as a Task input
or output
● Source inputs are placed into
/workspace/${resourceName}
● Can be referenced in Tasks
● Examples:
○ Git repo
○ Container image
○ Test result
○ GitHub PR
○ Kubernetes Cluster

33. Using PipelineResources
=== taskrun.yaml ===
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: go-build-
spec:
taskRef:
name: go-build
inputs:
resources:
- name: source
resourceSpec:
type: git
params:
- name: url
value: https://github.com/my/repo
=== task.yaml ===
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: go-build
spec:
inputs:
resources:
- name: source
type: git
steps:
- image: golang:stretch
workingdir: /workspace/source
command: ['go', 'build', './...']

34. Pipeline
Tekton Resources: Pipeline and PipelineRun
● Pipelines are stateless, reusable, parameterized collections of Tasks
○ PipelineRuns are running instantiations of Pipelines, obviously
● Tasks linked by input and output PipelineResources
○ Task A produces a container image, Task B takes that container image and deploys it
○ ...or with order explicitly defined (just run A then B)
Task
git
Task
image
Task
Task
deploy
deploy
cluster
cluster

35. Tekton Subprojects

36. ● Simple to use and deploy Web
UI for Tekton Pipelines
● Similar in spirit to the
Kubernetes Dashboard
● Provides reusable Tekton Web
UI components
Tekton Dashboard

37. ● Library of commonly used
tasks
● Parameterized to capture
many use cases
● Examples
○ Kaniko for daemon-less image
building
○ Buildpacks to go from source
code to Docker images without a
Dockerfile
Tekton Catalog

38. Tekton Roadmap

39. 1.0 / Beta
(Currently at alpha)
Tekton Pipelines 2019
https://github.com/tektoncd/pipeline/blob/master/roadmap-2019.md

40. Tekton Pipelines 2019
Q2 Q3 + Q4
A complete CI/CD
solution
Event triggering
Log persistence
SCM support
Moar cool stuff

41. Tekton Pipelines 2019 Q2
Requirements Design Implementation
Event triggering
Log uploading
SCM Support
{
CompleteCIsolution

42. Tekton Pipelines 2019 Q3 + Q4
Requirements Design Implementation
Sidecar Support
Conditional Execution
PipelineResource Extensibility
Task Extensibility
Images Outputs
Catalog Integration
Pause + Resume
Partial execution
Access control
Performance SLOs
Config as code
Notifications
CRD persistence
PipelineResource Factory
Test “framework”
Not started

43. 10 minute break...

44. Hands-on Lab

45. Logging in to your lab account
Use an incognito window:
1. Go to https://console.cloud.google.com
2. Log in with the username and password given to
you in the handout
3. In a new tab open up the following page for the
lab procedure:
https://github.com/viglesiasce/tekton-workshop