Open in app

Sign in

Write

Sign in

Referencing Tekton Tasks from OCI registry

Vinamra Jain
4 min readJul 16, 2021

--

Tekton

What is Tekton?

Tekton is a framework for building CI/CD pipelines on Kubernetes. It provides a set of building blocks to craft a system that meets your exact needs by breaking things down into individual Task resources, which are in turn chained together in a user-defined Pipeline.

What is Tekton Catalog?

Tektoncd/catalog is a collection of resusable Tasks and Pipelines which users can use to form their Pipelines for their use case. You can find all those Tasks and Pipelines in Tekton Hub in a more curated way.

Current Situation

In the current scenario many of the Tekton users would be using the Tasks from catalog by first installing them in their cluster either by using kubectl or tkn command. Following this approach lowers the share-ability of the Pipelines as we need to share along the script or the Tasks which are used in the Pipeline. The current approach also introduces one more problem of immutability as the Task present on remote host can be changed at anytime and may change the behaviour and users installing the Task will get the newer Task which is incompatible with that Pipeline.

Solution

There is a proposal which tries to maintain immutability as much as possible but there can be scenarios where it is hard to maintain. There are lot of users who uses Tasks from catalog but the immutability is not offered from those Tasks as there can be some changes which might get published to existing resource without bumping the version.

To solve this problem the community has started publishing tasks to an image registry gcr.io where the tasks are pushed and can be referenced in the TaskRun or Pipeline. How to use the Tasks from OCI registry I am going to demonstrate below. In this blog I’ll be showing examples of using bundle reference in both TaskRun and Pipelines. Also bundles don’t actually install Tasks on the cluster instead the controller just directly pulls the artifact and uses it.

What are OCI artifacts?

OCI Artifacts are not a new specification, format, or API. They’re a set of somewhat-contradictory conventions for how to store things other than images inside an OCI registry. To read more about it you can refer to the blog.

Tekton bundle contract is backed by OCI artifact format which we call it as Tekton Bundle.

Pre-requisites

  • Kubernetes Cluster
  • Tekton Pipelines version 0.18.x+
  • tkn CLI to view the logs

Enable oci-bundle support

OCI bundle support is still in alpha state so to enable it we need to edit the feature-flags ConfigMap by running the command.

$ kubectl edit configmap feature-flags -n tekton-pipelines

You will see that the screen will change to

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  disable-affinity-assistant: "false"
  disable-creds-init: "false"
  disable-home-env-overwrite: "true"
  disable-working-directory-overwrite: "true"
  enable-api-fields: alpha
  enable-custom-tasks: "false"
  enable-tekton-oci-bundles: "false"      <------- change here
  require-git-ssh-secret-known-hosts: "false"
  running-in-environment-with-injected-sidecars: "true"
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"disable-affinity-assistant":"false","disable-creds-init":"false","disable-home-env-overwrite":"true","disable-working-directory-overwrite":"true","enable-api-fields":"stable","enable-custom-tasks":"false","enable-tekton-oci-bundles":"false","require-git-ssh-secret-known-hosts":"false","running-in-environment-with-injected-sidecars":"true"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"default","app.kubernetes.io/part-of":"tekton-pipelines"},"name":"feature-flags","namespace":"tekton-pipelines"}}
  creationTimestamp: "2021-07-07T07:56:24Z"
  labels:
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
  name: feature-flags
  namespace: tekton-pipelines
  resourceVersion: "624500"
  uid: dd81bfb0-87bd-4ef2-a20b-0af1195f1868

Change the value of enable-tekton-oci-bundlesfrom false to true and save the ConfigMap and close the editor. Now we are good to go and can start referencing our Tasks via bundle reference.

Referencing Tasks via bundles in TaskRuns

The following TaskRun will clone the git repo and store in the VolumeClaimTemplate.

To run the above TaskRun just run the following command in your terminal

$ kubectl apply --filename https://gist.githubusercontent.com/vinamra28/253556d4beb5f4f74a56c68303a13eb4/raw/c5867d0609bc4b8d9a9970b1ba7fc4fe10e0b961/git-clone-taskrun.yaml -n <namespace>

Referencing Tasks via bundles in Pipelines

To run the above Pipeline andPipelineRun just run the following command in your terminal

$ kubectl apply --filename https://gist.githubusercontent.com/vinamra28/966e9b67c27e0e6c8a3b64126bee4912/raw/ba64d5cd090c0e518a709e33f383af561ff51f08/maven-pipeline.yaml -n <namespace>

The Pipeline is now running and to view the logs you can run the following command

$ tkn pipelinerun logs maven-pipeline-run -f -n <namespace>

So in this article I showed you how to use the bundles in your Tekton Manifest. In the next article I’ll show you how to publish your own Tekton Bundleusing tkn CLI.

Kubernetes
Tekton
Maven
Ci Cd Pipeline
Open Source

--

--

Vinamra Jain

Written by Vinamra Jain

43 Followers

SDE @ Razorpay || Ex-Red Hat || Open Source || Tekton || Go

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams