View Only

Tekton on PowerVS

By Sneha Kanekar posted Tue September 20, 2022 04:15 PM

Like

What is Tekton?

Tekton is a Kubernetes-native continuous integration and continuous delivery (CI/CD) engine. For every serious project, a good CICD solution is required. And if you are building CI/CD for cloud-native applications running on Kubernetes/Openshift, then it just makes sense to also run cloud-native CI/CD along with it using appropriate tool. As a Kubernetes-native framework, Tekton makes it easier to deploy across multiple cloud providers or hybrid environments.

Components of Tekton

Tekton consists of the following components:

Tekton Pipelines is the foundation of Tekton. It defines a set of Kubernetes Custom Resources that act as building blocks from which you can assemble CI/CD pipelines.
Tekton Triggers allows you to instantiate pipelines based on external events. For example, you can trigger the execution of a pipeline every time a PR is merged against a GitHub repository.
Tekton CLI provides a command-line interface called tkn, built on top of the Kubernetes CLI, that allows you to interact with Tekton.
Tekton Dashboard is a Web-based graphical interface for Tekton Pipelines that displays information about the execution of your pipelines.
Tekton Catalog is a repository of high-quality, community-contributed Tekton building blocks — Tasks, Pipelines, and so on — that are ready for use in your own pipelines.
Tekton Hub is a Web-based graphical interface for accessing the Tekton Catalog.
Tekton Operator is a Kubernetes Operator pattern that allows you to install, update, and remove Tekton projects on your Kubernetes cluster.

Building blocks of Tekton

The following Tekton resources acts as building blocks for creating CICD pipelines:

Task — A resource that accomplishes a specific action by executing a series of ordered Steps.
Pipeline — A resource that defines a series of ordered Tasks.
TaskRun — instantiates a specific Task to execute on a particular set of inputs and produce a particular set of outputs.
PipelineRun — instantiates a specific Pipeline to execute on a particular set of inputs and produce a particular set of outputs .
PipelineResources — resource objects that are going to be used as inputs to a Task and can be output by a Task.

Image credits: https://technologists.dev/

How do Tekton triggers work?

Tekton triggers is a mechanism to declaratively create PipelineRuns based on external events like Git push, Github PR merge etc. It consists of a controller service that runs on your Kubernetes cluster as well as the following Kubernetes Custom Resource Definitions (CRDs) that extend the functionality of Tekton Pipelines to support events:

EventListener — listens for events at a specified port on your Kubernetes cluster. Specifies one or more Triggers.
Trigger — specifies what happens when the EventListener detects an event. A Trigger specifies a TriggerTemplate, a TriggerBinding, and optionally, an Interceptor.
TriggerTemplate — specifies a blueprint for the resource, such as a TaskRun or PipelineRun, that you want to execute when your EventListener detects an event.
TriggerBinding — specifies the fields in the event payload from which you want to extract data and the fields in your corresponding TriggerTemplate to populate with the extracted values.

Tekton on Power Virtual Server (PowerVS)

Tekton is officially supported on IBM Power (ppc64le) architecture. With increasing demand for Tekton on Power systems, many customers are interested in using the functionalities of Tekton on IBM PowerVS clusters.

The objective of this blog is to guide you in creating an end-to-end Tekton Pipeline for building and deploying a basic application on Openshift cluster on PowerVS.

Tekton Pipeline setup on PowerVS

Pre-requisites

A ppc64le Openshift cluster with version 4.6 or above on PowerVS
Enable Role-Based Access Control (RBAC) in the clusters.
Grant current user the cluster-admin role on the cluster

Install the Tekton components

Considering that Tekton consists of multiple components, installing can be a little complicated and can be done in various ways. Usually, you will want to install at least Pipelines and Triggers. The most obvious way would be to install it with raw Kubernetes manifests, but you can take the simpler route and install Tekton Operator from OperatorHub, which already includes all the components.

For this example, we will install Tekton Pipelines, Triggers, Dashboard and CLI. The installation steps and required configurations are as follows:

Step 1. Setup environment on PowerVS

Login to the PowerVS Openshift Cluster and create a new project “tekton-pipelines”. This namespace is used by all the Tekton components.

ssh -i <ssh_key> root@<bastion_node_ip>
oc login -u kubeadmin -p <kubepassword>
oc new-project tekton-pipelines

Step 2. Install Tekton Pipelines

oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook
oc apply --filename https://github.com/tektoncd/pipeline/releases/download/v0.24.0/release.notags.yaml
oc get pods --namespace tekton-pipelines --watch

Step 3. Install Tekton CLI

rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.19.1/tektoncd-cli-0.19.1_Linux-ppc64le.rpm
tkn version

Step 4. Install Tekton Triggers

oc adm policy add-scc-to-user anyuid -z tekton-triggers-controller

oc adm policy add-scc-to-user anyuid -z tekton-triggers-webhook

oc adm policy add-scc-to-user anyuid -z tekton-triggers-core-interceptors

oc apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.0/release.yaml

oc apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.0/interceptors.yaml

oc get pods --namespace tekton-pipelines --watch

Step 5. Install Tekton Dashboard

oc apply -f https://github.com/tektoncd/dashboard/releases/download/v0.17.0/tekton-dashboard-release.yaml

oc get pods --namespace tekton-pipelines --watch

oc create route edge tekton-dashboard --service=tekton-dashboard --port=http --insecure-policy=Redirect -n tekton-pipelines

oc get route

Open the route link in your browser to access the Tekton dashboard.

Sample web application Pipeline configuration

Pipeline Configuration

These steps will guide you through the initial setup of the Tekton Pipeline on the PowerVS cluster:

Step 1. Clone the sample web application source code repository

git clone https://github.com/snehakpersistent/sample-web-app

git checkout simple-pipeline

Step 2. Setup quay repository with proper account permissions

Create a Quay repository for your application image: tekton-sample-app. Make sure that you have Read+Write permissions to the repository.
Update the quay repository link in PipelineResources quay-resource-app.yaml as well as for quay resource in TriggerTemplate triggers/triggertemplate.yaml. The application image that we build will be pushed to this quay repository.

Step 3. Create secret for pushing images to Quay

Update quay username, password, auth and proxy fields in config/docker_config.json
username — Quay username
password — Quay password
auth — Base64(username:password)
httpProxy/httpsProxy — Proxy value in PowerVS cluster (if required)

Create secret using above docker_config.json:

oc create secret generic quay-secret \
--from-file=.dockerconfigjson=<path to docker_config.json on cluster>
 \
--type=kubernetes.io/dockerconfigjson

Step 4. Create a pipeline service account

This service account will be used in PipelineRun for running the pipeline. It uses secret created in the previous step.

oc apply -f config/sa-pipeline.yaml

Step 5. Update cluster resource token

A cluster resource in Tekton represents a Kubernetes cluster. The resource will use the provided parameters to create a kubeconfig file that can be used by steps in the pipeline Task to access the target cluster.

Update pipelineresources/ppc-cluster-resource.yaml with correct token required for cluster login. This token can be found in kubeconfig file on the cluster. Also update token value for the cluster resource in triggers/triggertemplate.yaml.

Pipeline Execution

There are two scenarios in which the pipeline will be triggered:

Scenario 1. Pipeline is triggered manually

Steps for triggering the pipeline manually on your PowerVS cluster:

Create all the required resources like Tasks, Pipelineresources and Pipeline:

oc project tekton-pipelines

oc apply -f task/

oc apply -f pipelineresources/

oc apply -f pipeline/pipeline.yaml

Execute the Pipeline:

oc apply -f pipeline/pipelineRun.yaml

Monitor the PipelineRun on Tekton dashboard. The following command can be used to see the PipelineRun logs on CLI:
```
tkn pipelinerun logs --last -f
```

Inspect the resources created in the previous steps by running the tkn commands:

tkn <resource_type> list                       //list resources

tkn <resource_type> describe <resource_name>   //describe resources

tkn <task|pipeline> start <resource_name>    //start task/pipeline

tkn <taskrun|pipelinerun> log --last -f      //check logs

Scenario 2. Pipeline is triggered using Tekton triggers

Follow these steps to setup Tekton triggers on the existing pipeline:

Make sure that Task and Pipeline resources are existing. If not, create them.
```
oc apply -f task/

oc apply -f pipeline/pipeline.yaml
```

Create all the resources required for Tekton triggers — Eventlistener, Eventlistener route, TriggerTemplate, TriggerBinding and RBAC resources:

cd triggers/

oc apply -f triggers-rbac.yaml

oc adm policy add-scc-to-user anyuid -z tekton-triggers-sa

oc apply -f triggertemplate.yaml

oc apply -f triggerbinding.yaml

oc apply -f eventlistener.yaml

oc apply -f eventlistener-route.yaml

Create a Github webhook on the source code repository with the Eventlistener Route we exposed, using the steps mentioned here.
Trigger the PipelineRun by performing a git push operation on your repository. You can also test this by pushing an empty commit.
```
git commit -m “empty-commit” — allow-empty && git push origin main
```
Access the Tekton dashboard or Openshift Web console and a PipelineRun will be automatically created. In this case, PipelineResources are created automatically based on the TriggerTemplate.

Troubleshooting

On ppc64le, release.yaml is broken due to distroless/base image

Error message:

[create-dir-builtimage-8fx4v] 2021/04/01 12:56:16 Error executing command: fork/exec /busybox/mkdir: exec format error

container step-create-dir-builtimage-8fx4v has failed : [{“key”:”StartedAt”,”value”:”2021–04–01T12:56:16.916Z”,”type”:”InternalTektonResult”}]

Workaround:

Upgrade Tekton Pipeline to version v0.24.0. This release has the proper distroless/base image for ppc64le architecture.

Unable to access cluster server