The following section demonstrates how to trigger and run pipelines as well as to check on the application status.
Create a project for the sample application:
$ oc new-project pipelines-tutorial
Building container images using build tools such as S2I, Buildah, or Kaniko, require privileged containers to access the cluster. The default security settings in OpenShift do not allow privileged containers. Create a service account for running
Pipelines and enable it to run privileged pods for building container images:
$ oc create serviceaccount pipeline $ oc adm policy add-scc-to-user privileged -z pipeline $ oc adm policy add-role-to-user edit -z pipeline
Create the Kubernetes objects for deploying the PetClinic application on OpenShift:
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/master/resources/petclinic.yaml
Navigate to Home → Projects → Status in the OpenShift Web Console to verify the deployment. The deployment at this stage is not complete. The
Pipelineyou create in the next steps builds the container images for the PetClinic application and completes the deployment.
Tasks are the building blocks of a
Pipeline and consist of sequentially executed steps.
steps are a series of commands that achieve a specific goal, for instance, build an image.
Task runs as a pod and each
step runs in its own container within the same pod. Since they run within the same pod they have access to the same volumes to cache files, configmaps, and secrets. They use
inputs parameters, for example, a git , and
outputs parameters, for example, an image in a registry, to interact with other tasks.
Tasks are reusable and can be used in multiple
Pipeline s. For this tutorial, you create a Maven
Task with a single step to build a Maven based application, and then add two reusable
Tasks from the catalog repository.
To create the Maven
Copy the contents of the following sample
TaskYAML file and save it:
apiVersion: tekton.dev/v1alpha1 kind: Task metadata: name: maven-build spec: inputs: resources: - name: workspace-git targetPath: / type: git steps: - name: build image: maven:3.6.0-jdk-8-slim command: - /usr/bin/mvn args: - install
Taskstarts a pod and runs a container inside that pod using the
maven:3.6.0-jdk-8-slimimage to run the specified commands. It receives an input directory called
workspace-gitwhich contains the source code of the application.
Only the requirement for a git repository is declared on the
Taskand not a specific git repository to be used. This allows
Tasksto be reusable for multiple
Pipelines and purposes.
Taskwithin your project:
oc create -f maven-build-task.yaml
Tasksfrom the catalog repository, which contains a list of reusable
$ oc create -f https://raw.githubusercontent.com/tektoncd/catalog/master/openshift-client/openshift-client-task.yaml $ oc create -f https://raw.githubusercontent.com/openshift/pipelines-catalog/master/s2i-java8/s2i-java-8-task.yaml
Tasksadded to the
$ tkn task ls NAME AGE maven-build 23 secs ago openshift-client 10 secs ago s2i-java 11 secs ago
PipelineResources are artifacts that are used as inputs to a
Task and can be output by a
After you create
Task s, create
PipelineResources that contain the specifics of the Git repository and the image registry to be used in the
Pipeline during execution as follows:
PipelineResourceYAML file with a
PipelineResourcethat defines the Git repository and reference for the PetClinic application as follows:
apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata: name: petclinic-git spec: type: git params: - name: url value: https://github.com/spring-projects/spring-petclinic
To the above
PipelineResourceYAML file, add another
PipelineResourcethat defines the OpenShift internal registry to which you want to push the PetClinic image, as shown below, and save it.
apiVersion: tekton.dev/v1alpha1 kind: PipelineResource metadata: name: petclinic-image spec: type: image params: - name: url value: image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/spring-petclinic
Create the above pipeline resources as follows:
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/master/resources/petclinic-resources.yaml
Verify the resources created as follows:
$ tkn resource ls NAME TYPE DETAILS petclinic-git git url: https://github.com/spring-projects/spring-petclinic petclinic-image image url: image-registry.openshift-image-registry.svc:5000/pipelines-tutorial/spring-petclinic
Pipeline represents a CI/CD flow and is defined by the
Tasks to be executed. It specifies how the
Tasks interact with each other and their order of execution using the
outputs, and the
run-After parameters. It is designed to be generic and reusable in multiple applications and environments.
For this tutorial, we create a
Pipeline that takes the source code of the Spring PetClinic application from GitHub, builds the application, and deploys it on OpenShift as outlined below:
Copy the contents of the following sample
PipelineYAML file and save it:
apiVersion: tekton.dev/v1alpha1 kind: Pipeline metadata: name: petclinic-deploy-pipeline spec: resources: - name: app-git type: git - name: app-image type: image tasks: - name: build taskRef: name: s2i-java-8 params: - name: TLSVERIFY value: "false" resources: inputs: - name: source resource: app-git outputs: - name: image resource: app-image - name: deploy taskRef: name: openshift-client runAfter: - build params: - name: ARGS value: "rollout latest spring-petclinic"
Pipelineperforms the following tasks:
Clones the source code of the application from a Git repository (app-git resource).
Builds the container image using the S2I task which generates a Dockerfile for the application and uses Buildah to build an image.
The application image is then pushed to an image registry (app-image resource).
The new application image is deployed on OpenShift using the OpenShift-CLI.
Note that, the
PipelineYAML file contains no references to the PetClinic Git repository and its image in the registry. These are defined in the
Pipelines in Tekton are designed to be generic and re-usable across environments and stages through the applications lifecycle. They abstract away the specifics of the Git source repository and image registries to be used during
The execution order of the tasks is determined by the dependencies defined between the tasks using the
outputsparameters, and the explicit orders that are defined using
$ oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/master/resources/petclinic-deploy-pipeline.yaml
Verify that the
Pipelinehas been added to the application as follows:
$ tkn pipeline ls NAME AGE LAST RUN STARTED DURATION STATUS deploy-pipeline 8 seconds ago --- --- --- ---
PipelineRun starts a
Pipeline and ties it to the Git and image resources that should be used for the specific invocation.
$ tkn pipeline start petclinic-deploy-pipeline \ -r app-git=petclinic-git \ -r app-image=petclinic-image \ -s pipeline Pipelinerun started: petclinic-deploy-pipeline-run-q62p8
-rflag specifies the
PipelineResources that should be provided to the pipeline
-sflag specifies the service account to be used for running the pipeline
Starting a pipeline instantiates the
PipelineRunand creates a number of pods to execute the tasks that are defined in the pipeline. The
PipelineRunautomatically creates and triggers the
Taskin the pipeline.
After a few minutes, verify that the
Pipelineran successfully by listing all the
$ tkn pipeline list NAME AGE LAST RUN STARTED DURATION STATUS petclinic-deploy-pipeline 7 minutes ago petclinic-deploy-pipeline-run-tsv92 5 minutes ago 4 minutes Succeeded
You can examine the logs for
PipelineRuns to verify its status.
PipelineRunlogs as it runs using the
tkn pipeline logscommand, which interactively allows you to chose the required pipelinerun and inspect the logs:
$ tkn pipeline logs -f ? Select pipeline : petclinic-deploy-pipeline ? Select pipelinerun : petclinic-deploy-pipeline-run-tsv92 started 39 seconds ago ... [build : nop] Build successful [deploy : build-step-oc] deploymentconfig.apps.openshift.io/spring-petclinic rolled out [deploy : nop] Build successful
Check the Project Status in the OpenShift Web Console to verify that the PetClinic image is successfully built and deployed.
To rerun the last pipelinerun, using the same pipeline resources and service account used in the previous pipeline, use:
tkn pipeline start petclinic-deploy-pipeline --last