How to Bridge Jenkins and Tekton in Kubesphere: A Step‑by‑Step Guide

Deploy Jenkins

Jenkins can be quickly deployed with Helm. First install Helm, then run:

helm repo add jenkinsci https://charts.jenkins.io
helm repo update
# optional: download chart locally
helm pull jenkinsci/jenkins
# create namespace and install
kubectl create ns devops
helm install jenkins -n devops .

Access the UI via NodePort or Ingress (configuration not shown).

Install Jenkins Tekton Plugin

Install the tekton-client-plugin from the Jenkins plugin marketplace (or manually from GitHub ) to enable Jenkins‑Tekton communication.

Configure Permissions

Create a Role and RoleBinding that grant Jenkins the necessary Tekton permissions:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tekton-role
  namespace: tekton-devops-pipeline
rules:
- apiGroups: [""]
  resources: [pods, pods/log]
  verbs: [get, list, watch]
- apiGroups: ["tekton.dev"]
  resources: [tasks, taskruns, pipelines, pipelineruns]
  verbs: [create, delete, deletecollection, get, list, patch, update, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: tekton-role-binding
  namespace: tekton-devops-pipeline
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tekton-role
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: devops

Note the ServiceAccount and namespace used for binding.

Write Jenkinsfile

The Jenkinsfile defines a multi‑branch pipeline that triggers Tekton PipelineRuns based on the selected branch:

pipeline {
  agent any
  parameters {
    choice(name: 'BRANCH_NAME', description: '选择分支', choices: ['dev','test','uat','pre','prod'])
  }
  stages {
    stage('deploy to dev') {
      when { expression { return "$BRANCH_NAME".contains('dev') } }
      steps { tektonCreateRaw input: 'deploy/dev/pipeline.yaml', inputType: 'FILE', namespace: 'tekton-devops-pipeline' }
    }
    stage('deploy to test') {
      when { expression { return "$BRANCH_NAME".contains('test') } }
      steps { tektonCreateRaw input: 'deploy/test/pipeline.yaml', inputType: 'FILE', namespace: 'tekton-devops-pipeline' }
    }
    stage('deploy to uat') {
      when { expression { return "$BRANCH_NAME".contains('uat') } }
      steps { tektonCreateRaw input: 'deploy/uat/pipeline.yaml', inputType: 'FILE', namespace: 'tekton-devops-pipeline' }
    }
    stage('deploy to pre') {
      when { expression { return "$BRANCH_NAME".contains('pre') } }
      steps { tektonCreateRaw input: 'deploy/pre/pipeline.yaml', inputType: 'FILE', namespace: 'tekton-devops-pipeline' }
    }
    stage('deploy to prod') {
      when { expression { return "$BRANCH_NAME".contains('prod') } }
      steps { tektonCreateRaw input: 'deploy/prod/pipeline.yaml', inputType: 'FILE', namespace: 'tekton-devops-pipeline' }
    }
  }
}

Tekton PipelineRun Structure

PipelineRuns are organized by directory (e.g., deploy/dev/pipeline.yaml, deploy/test/pipeline.yaml, etc.) to simplify management.

Create a Pipeline in Kubesphere

After configuring the resources, create a pipeline (e.g., hello-world-test) in Kubesphere and select the appropriate branch to trigger the corresponding Tekton PipelineRun.

Common Jenkins Error

When the Check‑API plugin is missing, Jenkins may log:

[Checks API] No suitable checks publisher found.
Failed: null
java.lang.NullPointerException
    at org.waveywaves.jenkins.plugins.tekton.client.build.create.CreateRaw.createPipelineRun(CreateRaw.java:278)
    ... (stack trace truncated) ...

Although the error appears, the Tekton PipelineRun still triggers; further investigation is required.

Conclusion

Using Jenkins to manage Tekton is theoretically feasible and provides a familiar interface for heavy Jenkins users. However, version constraints in Kubesphere’s bundled Jenkins limit direct Tekton integration, so a workaround with manual Helm deployment and the Tekton client plugin is necessary until Kubesphere adds native support.