Automating Tekton Image Synchronization to Tencent Cloud Registry and Deploying Tekton
This article explains how to use Tekton, a cloud‑native CI/CD framework, to sync its component images to a Tencent Cloud container registry, generate an image‑mapping JSON, and deploy Tekton via GitHub Actions, Python scripts, and Kubernetes resources.
Tekton is a powerful, flexible open‑source cloud‑native CI/CD framework.
The article demonstrates how to synchronize Tekton images to Tencent Cloud Container Registry, generate an image‑mapping JSON file, and deploy Tekton using a GitHub Actions workflow and Python scripts.
Application image – the target registry is ccr.ccs.tencentyun.com/tektons .
GitHub Actions pipeline – a workflow named “Get Tekton Images” pulls the Tekton release YAML, extracts image information, and uploads tekton_images.json as an artifact.
name: Get Tekton Images
env:
VERSION: v0.29.0
on:
push:
paths:
- '.github/workflows/tekton.yaml'
- 'tekton/**'
jobs:
build:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: build
run: |
curl https://storage.googleapis.com/tekton-releases/pipeline/previous/${{ env.VERSION }}/release.yaml -o release.yaml
grep -v "#" release.yaml | grep -v "^$" > release1.yaml ; sed -i 's/---/###/g' release1.yaml
python3 tekton/get_tekton_images.py ${{ secrets.DOCKER_USER }} ${{ secrets.DOCKER_PASSWD }}
- uses: actions/upload-artifact@v2
with:
name: ${{ env.VERSION }}-tekton-images
path: tekton_images.jsonPython parsing script – parses the release YAML, extracts Deployment images, builds a source‑to‑target image list, and writes it to tekton_images.json .
import yaml, json, sys, os
class Tekton:
def __init__(self, file_name, registry_user, registry_passwd):
self.yaml_file = file_name
self.arg_imgs = ["gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:95f71a2568ced67ec370b5360f88bec3280601908cac9e62dfbb801114480437"]
self.split_str = "###"
self.deployments = ["tekton-pipelines-controller", "tekton-pipelines-webhook"]
self.kind_type = "Deployment"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
self.repos = ["controller", "kubeconfigwriter", "git-init", "entrypoint", "nop", "imagedigestexporter", "pullrequest-init", "cloud-sdk", "base", "powershell", "webhook"]
self.result = []
self.registry_user = registry_user
self.registry_passwd = registry_passwd
def load_yaml(self, data):
return yaml.load(data)
def load_json(self, data):
return json.loads(data)
def get_images(self):
f = open(self.yaml_file, 'r').read()
for i in f.split(self.split_str)[:-1]:
try:
content = self.load_yaml(i.replace(self.split_str, ""))
if content["kind"] == self.kind_type:
deploy_name = content["metadata"]["name"]
if deploy_name in self.deployments:
img = content["spec"]["template"]["spec"]["containers"][0]["image"]
self.arg_imgs.append(img)
if deploy_name == "tekton-pipelines-controller":
arg_img = content["spec"]["template"]["spec"]["containers"][0]["args"]
for a in arg_img:
if not a.startswith("-"):
self.arg_imgs.append(a)
except Exception as e:
print(e)
return self.arg_imgs
def save_json_file(self, data, file_name):
for i in self.arg_imgs:
self.result.append({
"s_image": i,
"t_image": self.target_registry + i.split("/")[-1].split("@")[0]
})
newdata = json.dumps(self.result, indent=4)
a = open(file_name, 'w')
a.write(newdata)
a.close()
def sync_images(self):
f = open("tekton_images.json", 'r').read()
content = self.load_json(f)
docker_login_cmd = "docker login -u {0} -p {1} {2}".format(self.registry_user, self.registry_passwd, self.target_registry.split("/")[0])
os.system(docker_login_cmd)
for item in content:
print("[GetImages] {}".format(item))
docker_pull_cmd = "docker pull {0}".format(item["s_image"])
docker_tag_cmd = "docker tag {0} {1}".format(item["s_image"], item["t_image"])
docker_push_cmd = "docker push {0}".format(item["t_image"])
os.system(docker_pull_cmd + "&&" + docker_tag_cmd + "&&" + docker_push_cmd)
print("[GetImagesDone] {}".format(item))
if __name__ == '__main__':
tekton = Tekton("release1.yaml", sys.argv[1], sys.argv[2])
images = tekton.get_images()
tekton.save_json_file(images, "tekton_images.json")
tekton.sync_images()Image‑mapping file – a JSON array maps the original GCR image ( s_image ) to the Tencent registry image ( t_image ).
[
{"s_image": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.29.0@sha256:72f79471f06d096cc53e51385017c9f0f7edbc87379bf415f99d4bd11cf7bc2b", "t_image": "ccr.ccs.tencentyun.com/tektons/controller:v0.29.0"},
{"s_image": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.29.0@sha256:6d058f2203b9ab66f538cb586c7dc3b7cc31ae958a4135dd99e51799f24b06c9", "t_image": "ccr.ccs.tencentyun.com/tektons/kubeconfigwriter:v0.29.0"},
...
]Download script – reads the mapping file and pulls each target image with Docker.
import json, os
class Tekton:
def __init__(self):
self.json_file = "tekton_images.json"
self.target_registry = "ccr.ccs.tencentyun.com/tektons/"
def load_json(self, data):
return json.loads(data)
def down_images(self):
f = open(self.json_file, 'r').read()
content = self.load_json(f)
for item in content:
print("[GetImages] {}".format(item["t_image"]))
docker_pull_cmd = "docker pull {0}".format(item["t_image"])
os.system(docker_pull_cmd)
print("[GetImagesDone] {}".format(item))
if __name__ == '__main__':
Tekton().down_images()Deployment steps – manually update release.yaml or tekton-dashboard-release.yaml with the new image tags and apply with kubectl apply -f release.yaml . Example pod status output is shown.
[root@master ~]# kubectl -n tekton-pipelines get pod
NAME READY STATUS RESTARTS AGE
tekton-dashboard-5c4b89d9-2z8g7 1/1 Running 0 21m
tekton-pipelines-controller-b96f647bb-gff69 1/1 Running 0 13h
tekton-pipelines-webhook-76bc9c97b9-cd2m4 1/1 Running 0 13hIngress configuration – an Ingress resource exposes the Tekton dashboard at tekton.idevops.site .
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tekton-service
namespace: tekton-pipelines
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 256m
spec:
rules:
- host: tekton.idevops.site
http:
paths:
- path: /
backend:
serviceName: tekton-dashboard
servicePort: 9097The UI can be accessed via the provided URL, and a sample Tekton Task and Pipeline are defined for building a Maven project.
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: tektoncd-task
spec:
resources:
inputs:
- name: repo
type: git
steps:
- name: run-test
image: maven:3-jdk-8
workingDir: /workspace/repo
command: ["mvn"]
args: ["clean", "package"]
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: tektoncd-resource
spec:
type: git
params:
- name: url
value: http://192.168.1.200/devops/devops-maven-service.git
- name: revision
value: master
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: cdpipeline
spec:
taskRef:
name: tektoncd-task
resources:
inputs:
- name: repo
resourceRef:
name: tektoncd-resourceDevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.