Install Tekton Pipelines

Install Tekton Pipelines on your cluster

This page includes content about running Tekton with specific platforms and cloud providers. The accuracy and freshness of this vendor documentation varies by vendor.

If you want to contribute with platform-specific documentation, follow the vendor contributions guidelines.

This guide explains how to install Tekton Pipelines.

Prerequisites

See the local installation guide if you want to test Tekton on your computer.

Installation

To install Tekton Pipelines on a Kubernetes cluster:

  1. Run one of the following commands depending on which version of Tekton Pipelines you want to install:

    • Latest official release:

      kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

    • Nightly release:

      kubectl apply --filename https://storage.googleapis.com/tekton-releases-nightly/pipeline/latest/release.yaml

    • Specific release:

       kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/<version_number>/release.yaml

      Replace <version_number> with the numbered version you want to install. For example, v0.26.0.

    • Untagged release:

      If your container runtime does not support image-reference:tag@digest:

      kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml

  2. Monitor the installation:

    kubectl get pods --namespace tekton-pipelines --watch

    When all components show 1/1 under the READY column, the installation is complete. Hit Ctrl + C to stop monitoring.

Congratulations! You have successfully installed Tekton Pipelines on your Kubernetes cluster.

Before you proceed, create or select a project on Google Cloud and install the gcloud CLI on your computer.

To install Tekton Pipelines:

  1. Enable the Google Kubernetes Engine (GKE) API:

    gcloud services enable container.googleapis.com

  2. Create a cluster with Workload Identity enabled. For example:

    gcloud container clusters create tekton-cluster \
  --num-nodes=<nodes> \
  --region=<location> \
  --workload-pool=<project-id>.svc.id.goog

    Where:

    • <location> is the cluster location. For example, us-central1. See the documentation about regional and zonal clusters for more information.

    • <project-id> is the project ID.

    • <nodes> is the number of nodes.

    Workload Identity allows your GKE cluster to access Google Cloud services using an Identity Access Management (IAM) service account. For example, the Tekton build and push guide explains how to authenticate to Artifact Registry on a cluster with Workload Identity enabled.

    You can also enable Workload Idenitity on an existing cluster.

  3. Follow the regular Kubernetes installation steps.

Private clusters

If you are running a private cluster and experience problems with GKE DNS resolution, allow the port 8443 in your firewall rules.

gcloud compute firewall-rules update <firewall_rule_name> --allow tcp:8443

See the documentation about firewall rules for private clusters for more information.

Autopilot

If you are using Autopilot mode on your GKE cluster and experience some problems, try the following:

  1. Allow port 8443 in your firewall rules.

    gcloud compute firewall-rules update <firewall_rule_name> --allow tcp:8443

  2. Disable the affinity assistant.

    kubectl patch cm feature-flags -n tekton-pipelines \
  -p '{"data":{"disable-affinity-assistant":"true"}}'

  3. Increase the ephemeral storage.

To install Tekton Pipelines on OpenShift, you must first apply the anyuid security context constraint to the tekton-pipelines-controller service account. This is required to run the webhook Pod. See Security Context Constraints for more information.

  1. Log on as a user with cluster-admin privileges. The following example uses the default system:admin user:

    oc login -u system:admin

  2. Set up the namespace (project) and configure the service account:

    oc new-project tekton-pipelines
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook

  3. Install Tekton Pipelines:

    Because OpenShift uses random user id (and user id range per namespace) for pods, we need to remove the securityContext.runAsUser and securityContext.runAsGroup from any container from the release.yaml. You will need to have yq installed for this to work. Another way would be to download the yaml, search and replace (here replace with nothing) in your favourite editor.

    curl https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml | yq 'del(.spec.template.spec.containers[].securityContext.runAsUser, .spec.template.spec.containers[].securityContext.runAsGroup)' | oc apply -f -

    See the OpenShift CLI documentation for more information on the oc command.

  4. Monitor the installation using the following command until all components show a Running status:

    oc get pods --namespace tekton-pipelines --watch

    Note: Hit CTRL + C to stop monitoring.

Congratulations! You have successfully installed Tekton Pipelines on your OpenShift environment.

To run OpenShift 4.x on your laptop (or desktop), take a look at Red Hat CodeReady Containers.

Additional configuration options

You can enable additional alpha and beta features, customize execution parameters, configure availability, and many more options. See the addition configurations options for more information.

Next steps

To get started with Tekton check the Introductory tutorials, the how-to guides, and the examples folder.