Install Tekton

This topic tells you how to install Tekton Pipelines from the Tanzu Application Platform package repository.

Note

Follow the steps in this topic if you do not want to use a profile to install Tekton Pipelines. For more information about profiles, see Components and installation profiles.

Prepare

Before installing Tekton Pipelines, complete all prerequisites to install Tanzu Application Platform.

Install Tekton Pipelines

To install Tekton Pipelines:

  1. See the Tekton Pipelines package versions available to install by running:

    tanzu package available list -n tap-install tekton.tanzu.vmware.com

    For example:

    $ tanzu package available list -n tap-install tekton.tanzu.vmware.com
\ Retrieving package versions for tekton.tanzu.vmware.com...
 NAME                     VERSION  RELEASED-AT
 tekton.tanzu.vmware.com  0.30.0   2021-11-18 17:05:37Z

  2. Install Tekton Pipelines by running:

    tanzu package install tekton-pipelines -n tap-install -p tekton.tanzu.vmware.com -v VERSION

    Where VERSION is the version number that you want. For example, 0.30.0.

    For example:

    $ tanzu package install tekton-pipelines -n tap-install -p tekton.tanzu.vmware.com -v 0.30.0
- Installing package 'tekton.tanzu.vmware.com'
\ Getting package metadata for 'tekton.tanzu.vmware.com'
/ Creating service account 'tekton-pipelines-tap-install-sa'
/ Creating cluster admin role 'tekton-pipelines-tap-install-cluster-role'
/ Creating cluster role binding 'tekton-pipelines-tap-install-cluster-rolebinding'
/ Creating package resource
- Waiting for 'PackageInstall' reconciliation for 'tekton-pipelines'
- 'PackageInstall' resource install status: Reconciling

Added installed package 'tekton-pipelines'

  3. Verify that you installed the package by running:

    tanzu package installed get tekton-pipelines -n tap-install

    For example:

    $ tanzu package installed get tekton-pipelines -n tap-install
\ Retrieving installation details for tekton...
NAME:                    tekton-pipelines
PACKAGE-NAME:            tekton.tanzu.vmware.com
PACKAGE-VERSION:         0.30.0
STATUS:                  Reconcile succeeded
CONDITIONS:              [{ReconcileSucceeded True  }]
USEFUL-ERROR-MESSAGE:

    Verify that STATUS is Reconcile succeeded.

Configure a namespace to use Tekton Pipelines

This section describes configuring a namespace to run Tekton Pipelines. If you rely on a Supply Chain to create Tekton PipelinesRuns in your cluster, skip this step because namespace configuration is covered in Set up developer namespaces to use your installed packages. Otherwise, perform the steps in this section for each namespace where you create Tekton Pipelines.

Service accounts that run Tekton workloads need access to the image pull secrets for the Tanzu package. This includes the default service account in a namespace, which is created automatically but is not associated with any image pull secrets. Without these credentials, PipelineRuns fail with a timeout and the pods report that they cannot pull images.

Important

If you are using a registry with a custom certificate authority (CA) certificate then you must provide this certificate to Tekton directly by including the CA in the service account used by the supply chain.

The Tanzu Application Platform distribution of Tekton does not support the Tanzu Application Platform field shared.ca_cert_data. For more information about setting the CA in the service account, see Use Git authentication with Supply Chain Choreographer.

To configure a namespace to use Tekton Pipelines:

  1. Create an image pull secret in the current namespace and fill it from the tap-registry secret. For more information, see Relocate images to a registry.

  2. Create an empty secret, and annotate it as a target of the secretgen controller, by running:

    kubectl create secret generic pull-secret --from-literal=.dockerconfigjson={} \
--type=kubernetes.io/dockerconfigjson
kubectl annotate secret pull-secret secretgen.carvel.dev/image-pull-secret=""

  3. Add the secret to the service account by running:

    kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "pull-secret"}]}'

  4. Verify that a service account is correctly configured by running:

    kubectl describe serviceaccount default

    For example:

    $ kubectl describe sa default
Name:                default
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  pull-secret
Mountable secrets:   default-token-xh6p4
Tokens:              default-token-xh6p4
Events:              <none>
Note

The service account has access to the pull-secret image pull secret.

For more details about Tekton Pipelines, see the Tekton documentation and the GitHub repository.

For information about getting started with Tekton, see the Tekton tutorial in GitHub and the getting started guide in the Tekton documentation.

Note

Windows workloads are deactivated and cause an error if any Tasks try to use Windows scripts.

check-circle-line exclamation-circle-line close-line
Scroll to top icon