Automating Tekton Image Synchronization to Tencent Cloud Registry and Deploying Tekton
This article explains how to use Tekton, a cloud‑native CI/CD framework, to sync its component images to a Tencent Cloud container registry, generate an image‑mapping JSON, and deploy Tekton via GitHub Actions, Python scripts, and Kubernetes resources.
Tekton is a powerful, flexible open‑source cloud‑native CI/CD framework.
The article demonstrates how to synchronize Tekton images to Tencent Cloud Container Registry, generate an image‑mapping JSON file, and deploy Tekton using a GitHub Actions workflow and Python scripts.
Application image – the target registry is ccr.ccs.tencentyun.com/tektons.
GitHub Actions pipeline – a workflow named “Get Tekton Images” pulls the Tekton release YAML, extracts image information, and uploads tekton_images.json as an artifact.
name: Get Tekton Images
env:
VERSION: v0.29.0
on:
push:
paths:
- '.github/workflows/tekton.yaml'
- 'tekton/**'
jobs:
build:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: build
run: |
curl https://storage.googleapis.com/tekton-releases/pipeline/previous/${{ env.VERSION }}/release.yaml -o release.yaml
grep -v "#" release.yaml | grep -v "^$" > release1.yaml ; sed -i 's/---/###/g' release1.yaml
python3 tekton/get_tekton_images.py ${{ secrets.DOCKER_USER }} ${{ secrets.DOCKER_PASSWD }}
- uses: actions/upload-artifact@v2
with:
name: ${{ env.VERSION }}-tekton-images
path: tekton_images.jsonPython parsing script – parses the release YAML, extracts Deployment images, builds a source‑to‑target image list, and writes it to tekton_images.json.
import yaml, json, sys, os
class Tekton:
def __init__(self, file_name, registry_user, registry_passwd):
self.yaml_file = file_name
self.arg_imgs = ["gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:95f71a2568ced67ec370b5360f88bec3280601908cac9e62dfbb801114480437"]
self.split_str = "###"
self.deployments = ["tekton-pipelines-controller", "tekton-pipelines-webhook"]
self.kind_type = "Deployment"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
self.repos = ["controller", "kubeconfigwriter", "git-init", "entrypoint", "nop", "imagedigestexporter", "pullrequest-init", "cloud-sdk", "base", "powershell", "webhook"]
self.result = []
self.registry_user = registry_user
self.registry_passwd = registry_passwd
def load_yaml(self, data):
return yaml.load(data)
def load_json(self, data):
return json.loads(data)
def get_images(self):
f = open(self.yaml_file, 'r').read()
for i in f.split(self.split_str)[:-1]:
try:
content = self.load_yaml(i.replace(self.split_str, ""))
if content["kind"] == self.kind_type:
deploy_name = content["metadata"]["name"]
if deploy_name in self.deployments:
img = content["spec"]["template"]["spec"]["containers"][0]["image"]
self.arg_imgs.append(img)
if deploy_name == "tekton-pipelines-controller":
arg_img = content["spec"]["template"]["spec"]["containers"][0]["args"]
for a in arg_img:
if not a.startswith("-"):
self.arg_imgs.append(a)
except Exception as e:
print(e)
return self.arg_imgs
def save_json_file(self, data, file_name):
for i in self.arg_imgs:
self.result.append({
"s_image": i,
"t_image": self.target_registry + i.split("/")[-1].split("@")[0]
})
newdata = json.dumps(self.result, indent=4)
a = open(file_name, 'w')
a.write(newdata)
a.close()
def sync_images(self):
f = open("tekton_images.json", 'r').read()
content = self.load_json(f)
docker_login_cmd = "docker login -u {0} -p {1} {2}".format(self.registry_user, self.registry_passwd, self.target_registry.split("/")[0])
os.system(docker_login_cmd)
for item in content:
print("[GetImages] {}".format(item))
docker_pull_cmd = "docker pull {0}".format(item["s_image"])
docker_tag_cmd = "docker tag {0} {1}".format(item["s_image"], item["t_image"])
docker_push_cmd = "docker push {0}".format(item["t_image"])
os.system(docker_pull_cmd + "&&" + docker_tag_cmd + "&&" + docker_push_cmd)
print("[GetImagesDone] {}".format(item))
if __name__ == '__main__':
tekton = Tekton("release1.yaml", sys.argv[1], sys.argv[2])
images = tekton.get_images()
tekton.save_json_file(images, "tekton_images.json")
tekton.sync_images()Image‑mapping file – a JSON array maps the original GCR image ( s_image) to the Tencent registry image ( t_image).
[
{"s_image": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.29.0@sha256:72f79471f06d096cc53e51385017c9f0f7edbc87379bf415f99d4bd11cf7bc2b", "t_image": "ccr.ccs.tencentyun.com/tektons/controller:v0.29.0"},
{"s_image": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.29.0@sha256:6d058f2203b9ab66f538cb586c7dc3b7cc31ae958a4135dd99e51799f24b06c9", "t_image": "ccr.ccs.tencentyun.com/tektons/kubeconfigwriter:v0.29.0"},
...
]Download script – reads the mapping file and pulls each target image with Docker.
import json, os
class Tekton:
def __init__(self):
self.json_file = "tekton_images.json"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
def load_json(self, data):
return json.loads(data)
def down_images(self):
f = open(self.json_file, 'r').read()
content = self.load_json(f)
for item in content:
print("[GetImages] {}".format(item["t_image"]))
docker_pull_cmd = "docker pull {0}".format(item["t_image"])
os.system(docker_pull_cmd)
print("[GetImagesDone] {}".format(item))
if __name__ == '__main__':
Tekton().down_images()Deployment steps – manually update release.yaml or tekton-dashboard-release.yaml with the new image tags and apply with kubectl apply -f release.yaml. Example pod status output is shown.
[root@master ~]# kubectl -n tekton-pipelines get pod
NAME READY STATUS RESTARTS AGE
tekton-dashboard-5c4b89d9-2z8g7 1/1 Running 0 21m
tekton-pipelines-controller-b96f647bb-gff69 1/1 Running 0 13h
tekton-pipelines-webhook-76bc9c97b9-cd2m4 1/1 Running 0 13hIngress configuration – an Ingress resource exposes the Tekton dashboard at tekton.idevops.site.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tekton-service
namespace: tekton-pipelines
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 256m
spec:
rules:
- host: tekton.idevops.site
http:
paths:
- path: /
backend:
serviceName: tekton-dashboard
servicePort: 9097The UI can be accessed via the provided URL, and a sample Tekton Task and Pipeline are defined for building a Maven project.
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: tektoncd-task
spec:
resources:
inputs:
- name: repo
type: git
steps:
- name: run-test
image: maven:3-jdk-8
workingDir: /workspace/repo
command: ["mvn"]
args: ["clean", "package"]
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: tektoncd-resource
spec:
type: git
params:
- name: url
value: http://192.168.1.200/devops/devops-maven-service.git
- name: revision
value: master
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: cdpipeline
spec:
taskRef:
name: tektoncd-task
resources:
inputs:
- name: repo
resourceRef:
name: tektoncd-resourceSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.