Tekton Pipeline
TektonPipeline custom resource allows user to install and manage Tekton Pipeline.
It is recommended to install the component through TektonConfig.
The TektonPipeline CR is as below:
apiVersion: operator.tekton.dev/v1alpha1
kind: TektonPipeline
metadata:
name: pipeline
spec:
targetNamespace: tekton-pipelines
disable-affinity-assistant: false
disable-creds-init: false
disable-home-env-overwrite: true
disable-working-directory-overwrite: true
enable-api-fields: stable
enable-custom-tasks: false
enable-tekton-oci-bundles: false
metrics.pipelinerun.duration-type: histogram
metrics.pipelinerun.level: pipeline
metrics.taskrun.duration-type: histogram
metrics.taskrun.level: task
require-git-ssh-secret-known-hosts: false
running-in-environment-with-injected-sidecars: true
scope-when-expressions-to-task: false
trusted-resources-verification-no-match-policy: ignore
performance:
disable-ha: false
buckets: 1
replicas: 1
threads-per-controller: 2
kube-api-qps: 5.0
kube-api-burst: 10
You can install this component using TektonConfig by choosing appropriate profile.
Properties
This fields have default values so even if user have not passed them in CR, operator will add them. User can later change them as per their need.
-
disable-affinity-assistant(Default:false)Setting this flag to “true” will prevent Tekton to create an Affinity Assistant for every TaskRun sharing a PVC workspace. The default behaviour is for Tekton to create Affinity Assistants.
See more in the workspace documentation about Affinity Assistant or more info here.
-
disable-creds-init(Default:false)Setting this flag to “true” will prevent Tekton scanning attached service accounts and injecting any credentials it finds into your Steps.
The default behaviour currently is for Tekton to search service accounts for secrets matching a specified format and automatically mount those into your Steps.
Note: setting this to “true” will prevent PipelineResources from working. See more info here.
-
running-in-environment-with-injected-sidecars(Default:true)This option should be set to false when Pipelines is running in a cluster that does not use injected sidecars such as Istio. Setting it to false should decrease the time it takes for a TaskRun to start running. For clusters that use injected sidecars, setting this option to false can lead to unexpected behavior.
See more info here.
-
require-git-ssh-secret-known-hosts(Default:false)Setting this flag to “true” will require that any Git SSH Secret offered to Tekton must have known_hosts included.
See more info here.
-
enable-tekton-oci-bundles(Default:false)Setting this flag to “true” enables the use of Tekton OCI bundle. This is an experimental feature and thus should still be considered an alpha feature.
-
enable-custom-tasks(Default:false)Setting this flag to “true” enables the use of custom tasks from within pipelines. This is an experimental feature and thus should still be considered an alpha feature.
-
enable-api-fields(Default:stable)Setting this flag will determine which gated features are enabled. Acceptable values are “stable” or “alpha”.
-
scope-when-expressions-to-task(Default:false)Setting this flag to “true” scopes when expressions to guard a Task only instead of a Task and its dependent Tasks.
-
trusted-resources-verification-no-match-policy(Default:ignore)Trusted Resources is a feature which can be used to sign Tekton Resources and verify them. Details of design can be found at TEP–0091. This feature is under alpha version and support v1beta1 version of Task and Pipeline. To know more about this visit pipelines documentation
Metrics Properties
These fields have default values so even if user have not passed them in CR, operator will add them and override the values configure in pipelines.
-
metrics.pipelinerun.duration-type(Default:histogram)Setting this flag will determine the duration type - gauge or histogram.
-
metrics.pipelinerun.level(Default:pipeline)Setting this flag will determine the level of pipelinerun metrics.
-
metrics.taskrun.duration-type(Default:histogram)Setting this flag will determine the duration type - gauge or histogram.
-
metrics.taskrun.level(Default:task)Setting this flag will determine the level of taskrun metrics.
Optional Properties
This fields doesn’t have default values so will be considered only if user passes them. By default Operator won’t add this fields CR and won’t configure for pipelines.
The Default values for this fields are already set in pipelines are not set by Operator. If user passes some values then those will be set for the particular field.
-
default-timeout-minutesdefault-timeout-minutes contains the default number of minutes to use for TaskRun and PipelineRun, if none is specified.
default-timeout-minutes: "60" # 60 minutes -
default-service-accountdefault-service-account contains the default service account name to use for TaskRun and PipelineRun, if none is specified.
default-service-account: "default" -
default-managed-by-label-valuedefault-managed-by-label-value contains the default value given to the “app.kubernetes.io/managed-by” label applied to all Pods created for TaskRuns. If a user’s requested TaskRun specifies another value for this label, the user’s request supersedes.
default-managed-by-label-value: "tekton-pipelines" -
default-pod-templatedefault-pod-template contains the default pod template to use TaskRun and PipelineRun, if none is specified. If a pod template is specified, the default pod template is ignored.
-
default-cloud-events-sinkdefault-cloud-events-sink contains the default CloudEvents sink to be used for TaskRun and PipelineRun, when no sink is specified. Note that right now it is still not possible to set a PipelineRun or TaskRun specific sink, so the default is the only option available. If no sink is specified, no CloudEvent is generated
-
default-task-run-workspace-bindingdefault-task-run-workspace-binding contains the default workspace configuration provided for any Workspaces that a Task declares but that a TaskRun does not explicitly provide.
Performance Properties
spec:
# omitted other fields ...
performance:
disable-ha: false
buckets: 1
replicas: 1
threads-per-controller: 2
kube-api-qps: 5.0
kube-api-burst: 10
These fields are optional and there is no default values. If user passes them, operator will include most of fields into the deployment tekton-pipelines-controller under the container tekton-pipelines-controller as arguments(duplicate name? No, container and deployment has the same name), otherwise pipelines controller’s default values will be considered. and buckets field is updated into config-leader-election config-map under the namespace tekton-pipelines.
A high level descriptions are given here. To get the detailed information please visit pipelines documentation, High Availability Support, and Performance Configuration
disable-ha- enable or disable ha feature, defaults in pipelines controller isdisable-ha=falsebuckets- buckets is the number of buckets used to partition key space of each reconciler. If this number is M and the replica number of the controller is N, the N replicas will compete for the M buckets. The owner of a bucket will take care of the reconciling for the keys partitioned into that bucket. The maximum value ofbucketsat this time is10. default value in pipeline controller is1replicas- pipelines controller deployment replicas countthreads-per-controller- is the number of threads(aka worker) to use when processing the pipelines controller’s workqueue, default value in pipelines controller is2kube-api-qps- QPS indicates the maximum QPS to the cluster master from the REST client, default value in pipeline controller is5.0kube-api-burst- maximum burst for throttle, default value in pipeline controller is10
Note:
kube-api-qpsandkube-api-burstwill be multiplied by 2 in pipelines controller. To get the detailed information visit Performance Configuration guide- if you modify or remove any of the performance properties,
tekton-pipelines-controllerdeployment andconfig-leader-electionconfig-map (ifbucketschanged) will be updated, andtekton-pipelines-controllerpods will be recreated
Feedback
Was this page helpful?