Getting Started with Tekton: Installation, Components, and CI/CD Pipeline Examples

Tekton is a powerful, flexible, cloud‑native open‑source CI/CD framework that originated from the Knative build‑pipeline project and provides a standardized way to define pipelines on Kubernetes.

Key benefits include customizability, reusability, extensibility via the Tekton Catalog, standardization using Kubernetes CRDs, and scalability across clusters.

Components

Tekton Pipelines

: core CRDs for building pipelines. Tekton Triggers: event‑driven pipeline instantiation. Tekton CLI ( tkn): command‑line interface. Tekton Dashboard: web UI for pipeline visibility. Tekton Catalog: community‑driven collection of tasks and pipelines. Tekton Hub: web UI for browsing the catalog. Tekton Operator: Kubernetes operator for installing Tekton.

Installation

Install Tekton Pipelines by applying the release manifest:

kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.24.1/release.yaml

If the default GCR images are unavailable, use a custom manifest that points to Docker Hub images:

kubectl apply -f http://my-oss-testing.oss-cn-beijing.aliyuncs.com/k8s/tekton/release.yaml

Verify the tekton-pipelines namespace and pods are running:

$ kubectl get pods -n tekton-pipelines
NAME                                 READY   STATUS    RESTARTS   AGE
tekton-pipelines-controller-...     1/1     Running   0          92s
tekton-pipelines-webhook-...        1/1     Running   0          92s

Optionally install the Tekton CLI on macOS with Homebrew:

brew tap tektoncd/tools
brew install tektoncd/tools/tektoncd-cli

Confirm the installation:

$ tkn version
Client version: 0.15.0
Pipeline version: v0.24.1
Dashboard version: v0.17.0

Core Concepts

Tekton defines several CRD resources: Task: ordered steps executed in separate Pods. Pipeline: ordered collection of Tasks. TaskRun: concrete execution of a Task. PipelineRun: concrete execution of a Pipeline. ClusterTask: Task available cluster‑wide. PipelineResource: input or output artifacts such as Git repos or images.

Example: Testing a Go Application

Create a Task definition ( task-test.yaml) that clones a Git repo and runs go test:

# task-test.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: test
spec:
  resources:
    inputs:
    - name: repo
      type: git
  steps:
  - name: run-test
    image: golang:1.14-alpine
    workingDir: /workspace/repo
    command: ['go']
    args: ['test']

Create the Task and start a TaskRun (or use tkn task start) providing a PipelineResource of type git named demo-git that points to https://github.com/cnych/tekton-demo.

Docker Hub Authentication

Store Docker registry credentials in a Kubernetes Secret and bind it to a ServiceAccount:

# harbor-auth.yaml
apiVersion: v1
kind: Secret
metadata:
  name: harbor-auth
  annotations:
    tekton.dev/docker-0: http://harbor.k8s.local
type: kubernetes.io/basic-auth
stringData:
  username: admin
  password: Harbor12345

# sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: build-sa
secrets:
- name: harbor-auth

Build and Push Docker Image Task

Define a Task ( task-build-push.yaml) that builds an image with Docker and pushes it to Harbor:

# task-build-push.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: build-and-push
spec:
  resources:
    inputs:
    - name: repo
      type: git
    outputs:
    - name: builtImage
      type: image
  params:
  - name: pathToDockerfile
    type: string
    default: /workspace/repo/Dockerfile
  - name: pathToContext
    type: string
    default: /workspace/repo
  steps:
  - name: build-and-push
    image: docker:stable
    script: |
      #!/usr/bin/env sh
      docker login harbor.k8s.local
      docker build -t $(resources.outputs.builtImage.url) -f $(params.pathToDockerfile) $(params.pathToContext)
      docker push $(resources.outputs.builtImage.url)
    volumeMounts:
    - name: dockersock
      mountPath: /var/run/docker.sock
  volumes:
  - name: dockersock
    hostPath:
      path: /var/run/docker.sock

Create the corresponding PipelineResource for the image and a TaskRun that references the build-sa ServiceAccount.

Pipeline Assembly

Combine the test and build tasks into a Pipeline ( pipeline.yaml) that runs the test first and, upon success, builds and pushes the image:

# pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: test-build-push
spec:
  resources:
  - name: repo
    type: git
  tasks:
  - name: test
    taskRef:
      name: test
    resources:
      inputs:
      - name: repo
        resource: repo
  - name: build-and-push
    taskRef:
      name: build-and-push
    runAfter:
    - test
    resources:
      inputs:
      - name: repo
        resource: repo

Run the pipeline with a PipelineRun that supplies the demo-git resource and uses the build-sa ServiceAccount:

# pipelinerun.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: test-build-push-run
spec:
  serviceAccountName: build-sa
  pipelineRef:
    name: test-build-push
  resources:
  - name: repo
    resourceRef:
      name: demo-git

The article demonstrates a complete end‑to‑end Tekton CI/CD workflow on Kubernetes, covering installation, core concepts, task and pipeline definitions, Docker registry authentication, and execution commands.