Automating Tekton Image Synchronization and Deployment to Tencent Cloud Registry with GitHub Actions
This article demonstrates how to use Tekton, a cloud‑native CI/CD framework, to automatically sync its component images to a Tencent Cloud container registry, generate mapping files, and deploy Tekton on Kubernetes using GitHub Actions and custom Python scripts.
Tekton is a powerful, flexible open‑source cloud‑native CI/CD framework that provides a full‑featured, standardized solution for building pipelines. The article walks through automating the synchronization of Tekton images to the Tencent Cloud container registry and deploying Tekton on a Kubernetes cluster.
Application Images
The original images are hosted in the Alibaba Cloud registry, but the workflow moves them to ccr.ccs.tencentyun.com/tektons using a custom mapping.
GitHub Actions Pipeline
name: Get Tekton Images
env:
VERSION: v0.29.0
on:
push:
paths:
- '.github/workflows/tekton.yaml'
- 'tekton/**'
jobs:
build:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: build
run: |
curl https://storage.googleapis.com/tekton-releases/pipeline/previous/${{ env.VERSION }}/release.yaml -o release.yaml
grep -v "#" release.yaml | grep -v "^$" > release1.yaml ; sed -i 's/---/###/g' release1.yaml
python3 tekton/get_tekton_images.py ${{ secrets.DOCKER_USER }} ${{ secrets.DOCKER_PASSWD }}
- uses: actions/upload-artifact@v2
with:
name: ${{ env.VERSION }}-tekton-images
path: tekton_images.jsonDeployment File Parsing
The workflow downloads the Tekton release YAML, extracts the Deployment objects for components such as tekton-pipelines-controller, tekton-pipelines-webhook, and tekton-dashboard, and collects their image references.
Python Image‑Parsing Script
import yaml
import json
import sys
import os
class Tekton:
def __init__(self, file_name, registry_user, registry_passwd):
self.yaml_file = file_name
self.arg_imgs = ["gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:95f71a2568ced67ec370b5360f88bec3280601908cac9e62dfbb801114480437"]
self.split_str = "###"
self.deployments = ["tekton-pipelines-controller", "tekton-pipelines-webhook"]
self.kind_type = "Deployment"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
self.repos = ["controller", "kubeconfigwriter", "git-init", "entrypoint", "nop", "imagedigestexporter", "pullrequest-init", "cloud-sdk", "base", "powershell", "webhook"]
self.result = []
self.registry_user = registry_user
self.registry_passwd = registry_passwd
# ... (methods load_yaml, load_json, get_images, save_json_file, sync_images) ...
if __name__ == '__main__':
tekton = Tekton("release1.yaml", sys.argv[1], sys.argv[2])
images = tekton.get_images()
tekton.save_json_file(images, "tekton_images.json")
tekton.sync_images()Image Mapping File
The generated JSON maps each source image ( s_image) to its target in the Tencent registry ( t_image), for example:
[
{
"s_image": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.29.0@sha256:72f79471f06d096cc53e51385017c9f0f7edbc87379bf415f99d4bd11cf7bc2b",
"t_image": "ccr.ccs.tencentyun.com/tektons/controller:v0.29.0"
},
...
]The mapping file can be downloaded from the GitHub Actions run page.
Downloading Images Script
import json
import os
class Tekton:
def __init__(self):
self.json_file = "tekton_images.json"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
def load_json(self, data):
return json.loads(data)
def down_images(self):
f = open(self.json_file, 'r').read()
content = self.load_json(f)
for item in content:
print("[GetImages] {}".format(item["t_image"]))
docker_pull_cmd = "docker pull {0}".format(item["t_image"])
os.system(docker_pull_cmd + "&&" + docker_tag_cmd)
print("[GetImagesDone] {}".format(item))
if __name__ == '__main__':
Tekton().down_images()Deploying Tekton
After updating the image references in release.yaml (or tekton-dashboard-release.yaml), apply the manifests with kubectl apply -f release.yaml. Verify the pods are running:
# kubectl -n tekton-pipelines get pod
NAME READY STATUS RESTARTS AGE
tekton-dashboard-5c4b89d9-2z8g7 1/1 Running 0 21m
tekton-pipelines-controller-... 1/1 Running 0 13h
tekton-pipelines-webhook-... 1/1 Running 0 13hAn Ingress can expose the Tekton dashboard:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tekton-service
namespace: tekton-pipelines
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 256m
spec:
rules:
- host: tekton.idevops.site
http:
paths:
- path: /
backend:
serviceName: tekton-dashboard
servicePort: 9097Finally, a sample Tekton pipeline task is provided to run Maven builds on a Git repository:
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: tektoncd-task
spec:
resources:
inputs:
- name: repo
type: git
steps:
- name: run-test
image: maven:3-jdk-8
workingDir: /workspace/repo
command: ["mvn"]
args: ["clean", "package"]
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: tektoncd-resource
spec:
type: git
params:
- name: url
value: http://192.168.1.200/devops/devops-maven-service.git
- name: revision
value: master
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: cdpipeline
spec:
taskRef:
name: tektoncd-task
resources:
inputs:
- name: repo
resourceRef:
name: tektoncd-resourceBy following these steps, users can fully automate the acquisition, retagging, and deployment of Tekton components to a private Tencent Cloud registry and run CI/CD pipelines on Kubernetes.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.