Building a Tekton CI/CD Pipeline to Build and Push Docker Images with Kaniko
This tutorial demonstrates how to configure Docker Hub credentials, create a Tekton Task that builds a Docker image using Kaniko, run the task via TaskRun, and then combine the test and build tasks into a Pipeline and PipelineRun to achieve a complete CI/CD workflow on a Kubernetes cluster.
First, a Kubernetes Secret named docker-auth is created to store Docker Hub credentials, and a
ServiceAccountbuild-sais defined to reference this secret.
apiVersion: v1
kind: Secret
metadata:
name: docker-auth
annotations:
tekton.dev/docker-0: https://index.docker.io/v1/
type: kubernetes.io/basic-auth
stringData:
username: myusername
password: mypasswordapiVersion: v1
kind: ServiceAccount
metadata:
name: build-sa
secrets:
- name: docker-authThese resources are applied with kubectl apply -f secret.yaml and kubectl apply -f serviceaccount.yaml, enabling Tekton tasks to authenticate with Docker Hub.
Next, a Tekton Task named build-and-push is defined to build the Docker image using the Kaniko executor and push it to Docker Hub. The task uses the previously created secret via the DOCKER_CONFIG environment variable.
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build-and-push
spec:
resources:
inputs:
- name: repo
type: git
steps:
- name: build-and-push
image: cnych/kaniko-executor:v0.22.0
env:
- name: DOCKER_CONFIG
value: /tekton/home/.docker
command:
- /kaniko/executor
- --dockerfile=Dockerfile
- --context=/workspace/repo
- --destination=cnych/tekton-test:latestA corresponding TaskRun references the task and the build-sa ServiceAccount:
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: build-and-push
spec:
serviceAccountName: build-sa
taskRef:
name: build-and-push
resources:
inputs:
- name: repo
resourceRef:
name: cnych-tekton-exampleApplying the TaskRun with kubectl apply -f taskrun-build-push.yaml triggers the build; pod logs show successful cloning, building, and pushing of the image.
Finally, a Pipeline combines the earlier test task with the new build-and-push task, ensuring the build runs only after tests succeed. A PipelineRun using the same build-sa ServiceAccount starts the full workflow.
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: test-build-push
spec:
resources:
- name: repo
type: git
tasks:
- name: test
taskRef:
name: test
resources:
inputs:
- name: repo
resource: repo
- name: build-and-push
taskRef:
name: build-and-push
runAfter:
- test
resources:
inputs:
- name: repo
resource: repoapiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: test-build-push-run
spec:
serviceAccountName: build-sa
pipelineRef:
name: test-build-push
resources:
- name: repo
resourceRef:
name: cnych-tekton-exampleApplying the pipeline and pipeline run creates the full CI/CD process, which can be monitored via kubectl get pods and kubectl logs. The successful execution confirms that Tekton can orchestrate testing, image building, and deployment in a cloud‑native Kubernetes environment.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.