Automating Tekton Image Synchronization and Deployment to Tencent Cloud Registry with GitHub Actions
This article demonstrates how to use Tekton, a cloud‑native CI/CD framework, to automatically sync its component images to a Tencent Cloud container registry, generate mapping files, and deploy Tekton on Kubernetes using GitHub Actions and custom Python scripts.
Tekton is a powerful, flexible open‑source cloud‑native CI/CD framework that provides a full‑featured, standardized solution for building pipelines. The article walks through automating the synchronization of Tekton images to the Tencent Cloud container registry and deploying Tekton on a Kubernetes cluster.
Application Images
The original images are hosted in the Alibaba Cloud registry, but the workflow moves them to ccr.ccs.tencentyun.com/tektons using a custom mapping.
GitHub Actions Pipeline
name: Get Tekton Images
env:
VERSION: v0.29.0
on:
push:
paths:
- '.github/workflows/tekton.yaml'
- 'tekton/**'
jobs:
build:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: build
run: |
curl https://storage.googleapis.com/tekton-releases/pipeline/previous/${{ env.VERSION }}/release.yaml -o release.yaml
grep -v "#" release.yaml | grep -v "^$" > release1.yaml ; sed -i 's/---/###/g' release1.yaml
python3 tekton/get_tekton_images.py ${{ secrets.DOCKER_USER }} ${{ secrets.DOCKER_PASSWD }}
- uses: actions/upload-artifact@v2
with:
name: ${{ env.VERSION }}-tekton-images
path: tekton_images.jsonDeployment File Parsing
The workflow downloads the Tekton release YAML, extracts the Deployment objects for components such as tekton-pipelines-controller , tekton-pipelines-webhook , and tekton-dashboard , and collects their image references.
Python Image‑Parsing Script
import yaml
import json
import sys
import os
class Tekton:
def __init__(self, file_name, registry_user, registry_passwd):
self.yaml_file = file_name
self.arg_imgs = ["gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:95f71a2568ced67ec370b5360f88bec3280601908cac9e62dfbb801114480437"]
self.split_str = "###"
self.deployments = ["tekton-pipelines-controller", "tekton-pipelines-webhook"]
self.kind_type = "Deployment"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
self.repos = ["controller", "kubeconfigwriter", "git-init", "entrypoint", "nop", "imagedigestexporter", "pullrequest-init", "cloud-sdk", "base", "powershell", "webhook"]
self.result = []
self.registry_user = registry_user
self.registry_passwd = registry_passwd
# ... (methods load_yaml, load_json, get_images, save_json_file, sync_images) ...
if __name__ == '__main__':
tekton = Tekton("release1.yaml", sys.argv[1], sys.argv[2])
images = tekton.get_images()
tekton.save_json_file(images, "tekton_images.json")
tekton.sync_images()Image Mapping File
The generated JSON maps each source image ( s_image ) to its target in the Tencent registry ( t_image ), for example:
[
{
"s_image": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.29.0@sha256:72f79471f06d096cc53e51385017c9f0f7edbc87379bf415f99d4bd11cf7bc2b",
"t_image": "ccr.ccs.tencentyun.com/tektons/controller:v0.29.0"
},
...
]The mapping file can be downloaded from the GitHub Actions run page.
Downloading Images Script
import json
import os
class Tekton:
def __init__(self):
self.json_file = "tekton_images.json"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
def load_json(self, data):
return json.loads(data)
def down_images(self):
f = open(self.json_file, 'r').read()
content = self.load_json(f)
for item in content:
print("[GetImages] {}".format(item["t_image"]))
docker_pull_cmd = "docker pull {0}".format(item["t_image"])
os.system(docker_pull_cmd + "&&" + docker_tag_cmd)
print("[GetImagesDone] {}".format(item))
if __name__ == '__main__':
Tekton().down_images()Deploying Tekton
After updating the image references in release.yaml (or tekton-dashboard-release.yaml ), apply the manifests with kubectl apply -f release.yaml . Verify the pods are running:
# kubectl -n tekton-pipelines get pod
NAME READY STATUS RESTARTS AGE
tekton-dashboard-5c4b89d9-2z8g7 1/1 Running 0 21m
tekton-pipelines-controller-... 1/1 Running 0 13h
tekton-pipelines-webhook-... 1/1 Running 0 13hAn Ingress can expose the Tekton dashboard:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tekton-service
namespace: tekton-pipelines
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 256m
spec:
rules:
- host: tekton.idevops.site
http:
paths:
- path: /
backend:
serviceName: tekton-dashboard
servicePort: 9097Finally, a sample Tekton pipeline task is provided to run Maven builds on a Git repository:
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: tektoncd-task
spec:
resources:
inputs:
- name: repo
type: git
steps:
- name: run-test
image: maven:3-jdk-8
workingDir: /workspace/repo
command: ["mvn"]
args: ["clean", "package"]
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: tektoncd-resource
spec:
type: git
params:
- name: url
value: http://192.168.1.200/devops/devops-maven-service.git
- name: revision
value: master
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: cdpipeline
spec:
taskRef:
name: tektoncd-task
resources:
inputs:
- name: repo
resourceRef:
name: tektoncd-resourceBy following these steps, users can fully automate the acquisition, retagging, and deployment of Tekton components to a private Tencent Cloud registry and run CI/CD pipelines on Kubernetes.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.