Introduction to Tekton

Workshop
Vic Iglesias
Cloud Solutions Architect
@vicnastea

Agenda
● What is Tekton?
● Just Enough Kubernetes
● Tekton
○ Custom Resources
○ Subprojects
○ Roadmap
● Hands-on Lab
○ Hello world!
○ Hackathon

● Open API spec for
describing CI/CD pipelines
● Open-source CI/CD
platform implementation
running on Kubernetes
● In Alpha - version v0.5.x
● Openly-governed under the
Continuous Delivery
Foundation (CDF)
What is Tekton?

● Currently 4 projects
● Contributions from:
○ Google
○ Red Hat
○ IBM
○ CloudBees
What is the Continuous Delivery Foundation (CDF)?

The Tekton Story
2018 2019
Knative
build
Tekton
Pipelines
Knative
build-pipelines Tekton ++

Tekton Goals
Composable Declarative
Reproducible Cloud Native

● A portable, open-source container
orchestration platform
● Built-in primitives for deployments, rolling
upgrades, scaling, monitoring, and more
● Inspired by Google’s internal system (borg)
What is Kubernetes?

10
> kubectl
Control Plane
API Server
Scheduler
App State
Control Loops
App
Node 1
App
Node 2
App
Node n
API, CLI, CI/CD
Ingress
Kubernetes Arch
Intra-cluster
networking
Users

Pods
The atomic Kubernetes object that
represents a single instance of an
application.
The Pod acts as a logical host for one
or n containers comprising an
application.
These containers have a shared fate,
key to any clustering system.
container container container
volume A volume B
network interface

Pods
Containers in a pod share a network and
mount namespace and therefore
communicate via localhost.
Containers in a pod are assigned individual
cgroups, allowing for resource requests
and limits on a per container basis.
Kubernetes schedules and orchestrates
Pods across nodes in a cluster.
container container container
volume A volume B
network interface

Pods
nodemaster node node
apiVersion: v1
kind: Pod
metadata:
name: my-app
spec:
containers:
- name: my-app
image: gcr.io/project/my-app
- name: nginx-ssl
image: gcr.io/project/nginx
ports:
- containerPort: 80
- containerPort: 443

CRDs
When?
● You want to create a
new kind of object
● You want to
package multiple
objects as one
What?
● Extension of the
Kubernetes API
● You write the spec
and build a
controller
Where?
● Docs:
https://kubernetes.io/docs/conc
epts/extend-kubernetes/api-ex
tension/custom-resources/

Example CRD
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: securedeployments.ctl.gcp.solutions
spec:
group: ctl.gcp.solutions
version: v1
scope: Namespaced
names:
plural: securedeployments
singular: securedeployment
kind: SecureDeployment
shortNames: ["sd", "securedeploy"] $ kubectl get sd
$ kubectl describe securedeploy

Operators
When?
● You want to own the
lifecycle of a
package of objects
● You want to model
and control external
services
What?
● A design pattern for
custom resources
● Implements
complex controllers
for CRDs
How?
● Operator-SDK:
https://github.com/operator-fra
mework/operator-sdk
● Kubebuilder:
https://github.com/kubernetes-
sigs/kubebuilder

Observe, analyze, act
apiserver
watch
CRD
Objects
custom
controller
CRUD
Child
objects
CRD
Object Object Object
Children
CRUD
External

● Tekton defines some Custom Resources
● Tekton runs controllers to reconcile resource status toward the desired state
● That's all Tekton is:
○ Open API (CRDs)
○ Kubernetes controllers that know how to handle them
Back to Tekton!

Tekton Architecture
Task Pipeline Pipeline
Resource
> tkn

Tekton Custom Resource Definition
Pipeline
Task
git
Task
image
Task
Task
cluster
cluster
Pipeline
Resource
Pipeline
Resource
Step
Step
Step
Step
Step
Step
Step
Step

● Stateless, reusable,
parameterized task definition
● Defines steps to run,
parameters, inputs and
outputs
Tekton CRD: Task
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: go-something
spec:
inputs:
parameters:
- name: command
steps:
- name: go-something
image: golang:stretch
command: ['go', '${inputs.parameters.command}']

Running a Task
● Create a TaskRun that
references the Task
● Provide required parameters
kind: TaskRun
metadata:
generateName: go-build-
spec:
taskRef:
name: go-build
inputs:
params:
- name: command
value: build

Tekton CRD: TaskRun
kind: TaskRun
metadata:
generateName: go-version-
spec:
taskSpec:
steps:
- name: go-version
command: ['go', 'version']
● When created, starts doing work
● Defines steps to run in order
○ /workspace volume shared across
steps
● Defines input source(s) to fetch and
mount into /workspace

kind: TaskRun
metadata:
generateName: go-version-
spec:
taskSpec:
steps:
- name: go-version
TaskRun Controller
● Watches for new TaskRuns
● Creates a Pod to run specified steps in order
● Watches Pod for status updates
apiVersion: v1
kind: Pod
metadata:
name: go-version-blah-pod-blah
spec:
containers:
…
- name: go-version
…
create
updates
updates
updates

kind: TaskRun
metadata:
name: go-version-mxylp
spec:
taskSpec:
steps:
- name: go-version
…
status:
startTime: 2019-06-14T05:43:49Z
completionTime: 2019-06-14T05:53:33Z
conditions:
- type: Succeeded
status: True
podName: go-version-blah-pod-blah
steps:
- name: go-version
terminated:
exitCode: 0
startedAt: 2019-06-14T05:45:52Z
finishedAt: 2019-06-14T05:46:52Z
● Populates status based on
Pod status
TaskRun Controller

● Timeout
● Resource requests and limits
○ "K8s: This needs 3.25 CPUs and 17.84 GB of RAM" -- can get more resources if available
○ "K8s: Stop it from using more than 8 CPU"
● Node and Pod affinity
○ "K8s: I can tolerate being put on a preemptible VM; I'm not that important"
○ "K8s: I require a node with 4 GPUs; I'm kind of a big deal"
○ "K8s: Try to schedule me on the same node as $otherpod, but if not nbd"
● Persistent Volume Claims
○ "K8s: attach a Persistent Disk at /cache so I can write to it"
○ "K8s: attach that same disk again at /cache so I can read from it"
○ Kubernetes schedules Pods to Nodes with necessary PDs attached
○ Incremental builds!
TaskRun Features

Tekton Resource: PipelineResource
● Defines an entity that can act as a Task input
or output
● Source inputs are placed into
/workspace/${resourceName}
● Can be referenced in Tasks
● Examples:
○ Git repo
○ Container image
○ Test result
○ GitHub PR
○ Kubernetes Cluster

Using PipelineResources
=== taskrun.yaml ===
kind: TaskRun
metadata:
generateName: go-build-
spec:
taskRef:
name: go-build
inputs:
resources:
- name: source
resourceSpec:
type: git
params:
- name: url
value: https://github.com/my/repo
=== task.yaml ===
kind: Task
metadata:
name: go-build
spec:
inputs:
resources:
- name: source
type: git
steps:
- image: golang:stretch
workingdir: /workspace/source
command: ['go', 'build', './...']

Pipeline
Tekton Resources: Pipeline and PipelineRun
● Pipelines are stateless, reusable, parameterized collections of Tasks
○ PipelineRuns are running instantiations of Pipelines, obviously
● Tasks linked by input and output PipelineResources
○ Task A produces a container image, Task B takes that container image and deploys it
○ ...or with order explicitly defined (just run A then B)
Task
git
Task
image
Task
Task
deploy
deploy
cluster
cluster

● Simple to use and deploy Web
UI for Tekton Pipelines
● Similar in spirit to the
Kubernetes Dashboard
● Provides reusable Tekton Web
UI components
Tekton Dashboard

● Library of commonly used
tasks
● Parameterized to capture
many use cases
● Examples
○ Kaniko for daemon-less image
building
○ Buildpacks to go from source
code to Docker images without a
Dockerfile
Tekton Catalog

1.0 / Beta
(Currently at alpha)
Tekton Pipelines 2019
https://github.com/tektoncd/pipeline/blob/master/roadmap-2019.md

Tekton Pipelines 2019
Q2 Q3 + Q4
A complete CI/CD
solution
Event triggering
Log persistence
SCM support
Moar cool stuff

Tekton Pipelines 2019 Q2
Requirements Design Implementation
Event triggering
Log uploading
SCM Support
{
CompleteCIsolution

Tekton Pipelines 2019 Q3 + Q4
Requirements Design Implementation
Sidecar Support
Conditional Execution
PipelineResource Extensibility
Task Extensibility
Images Outputs
Catalog Integration
Pause + Resume
Partial execution
Access control
Performance SLOs
Config as code
Notifications
CRD persistence
PipelineResource Factory
Test “framework”
Not started

Logging in to your lab account
Use an incognito window:
1. Go to https://console.cloud.google.com
2. Log in with the username and password given to
you in the handout
3. In a new tab open up the following page for the
lab procedure:
https://github.com/viglesiasce/tekton-workshop

Introduction to Tekton

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Introduction to Tekton

Similar to Introduction to Tekton (20)

Recently uploaded

Recently uploaded (20)

Introduction to Tekton