Install Tekton Pipelines
This page includes content about running Tekton with specific platforms and cloud providers. The accuracy and freshness of this vendor documentation varies by vendor.
If you want to contribute with platform-specific documentation, follow the vendor contributions guidelines.
This guide explains how to install Tekton Pipelines.
Prerequisites
- A Kubernetes cluster running version 1.28 or later.
- Kubectl.
- Grant
cluster-admin
privileges to the current user. See the Kubernetes role-based access control (RBAC) docs for more information. - (Optional) Install a Metrics Server if you need support for high availability use cases.
See the local installation guide if you want to test Tekton on your computer.
Installation
To install Tekton Pipelines on a Kubernetes cluster:
-
Run one of the following commands depending on which version of Tekton Pipelines you want to install:
-
Latest official release:
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
Note: These instructions are ideal as a quick start installation guide with Tekton Pipelines and not meant for the production use. Please refer to the operator to install, upgrade and manage Tekton projects.
-
Nightly release:
kubectl apply --filename https://storage.googleapis.com/tekton-releases-nightly/pipeline/latest/release.yaml
-
Specific release:
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/<version_number>/release.yaml
Replace
<version_number>
with the numbered version you want to install. For example,v0.26.0
. -
Untagged release:
If your container runtime does not support
image-reference:tag@digest
:kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml
-
Multi-tenant installation is only partially supported today, read the guide for reference.
-
Monitor the installation:
kubectl get pods --namespace tekton-pipelines --watch
When all components show
1/1
under theREADY
column, the installation is complete. Hit Ctrl + C to stop monitoring.
Congratulations! You have successfully installed Tekton Pipelines on your Kubernetes cluster.
Before you proceed, create or select a project on Google Cloud and install the gcloud CLI on your computer.
To install Tekton Pipelines:
-
Enable the Google Kubernetes Engine (GKE) API:
gcloud services enable container.googleapis.com
-
Create a cluster with Workload Identity enabled. For example:
gcloud container clusters create tekton-cluster \ --num-nodes=<nodes> \ --region=<location> \ --workload-pool=<project-id>.svc.id.goog
Where:
-
<location>
is the cluster location. For example,us-central1
. See the documentation about regional and zonal clusters for more information. -
<project-id>
is the project ID. -
<nodes>
is the number of nodes.
Workload Identity allows your GKE cluster to access Google Cloud services using an Identity Access Management (IAM) service account. For example, the Tekton build and push guide explains how to authenticate to Artifact Registry on a cluster with Workload Identity enabled.
You can also enable Workload Idenitity on an existing cluster.
-
-
Follow the regular Kubernetes installation steps.
Private clusters
If you are running a private cluster and experience problems
with GKE DNS resolution, allow the port 8443
in your firewall
rules.
gcloud compute firewall-rules update <firewall_rule_name> --allow tcp:8443
See the documentation about firewall rules for private clusters for more information.
Autopilot
If you are using Autopilot mode on your GKE cluster and experience some problems, try the following:
-
Allow port
8443
in your firewall rules.gcloud compute firewall-rules update <firewall_rule_name> --allow tcp:8443
-
Disable the affinity assistant.
kubectl patch cm feature-flags -n tekton-pipelines \ -p '{"data":{"disable-affinity-assistant":"true"}}'
-
Increase the ephemeral storage.
To install Tekton Pipelines on OpenShift, you must first apply the anyuid
security context constraint to the tekton-pipelines-controller
service
account. This is required to run the webhook Pod. See Security Context
Constraints for more information.
-
Log on as a user with
cluster-admin
privileges. The following example uses the defaultsystem:admin
user:oc login -u system:admin
-
Set up the namespace (project) and configure the service account:
oc new-project tekton-pipelines oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook
-
Install Tekton Pipelines:
Because OpenShift uses random user id (and user id range per namespace) for pods, we need to remove the
securityContext.runAsUser
andsecurityContext.runAsGroup
from any container from the release.yaml. You will need to haveyq
installed for this to work. Another way would be to download the yaml, search and replace (here replace with nothing) in your favourite editor.curl https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml | yq 'del(.spec.template.spec.containers[].securityContext.runAsUser, .spec.template.spec.containers[].securityContext.runAsGroup)' | oc apply -f -
See the OpenShift CLI documentation for more information on the
oc
command. -
Monitor the installation using the following command until all components show a
Running
status:oc get pods --namespace tekton-pipelines --watch
Note: Hit CTRL + C to stop monitoring.
Congratulations! You have successfully installed Tekton Pipelines on your OpenShift environment.
To run OpenShift 4.x on your laptop (or desktop), take a look at Red Hat CodeReady Containers.
Additional configuration options
You can enable additional alpha and beta features, customize execution parameters, configure availability, and many more options. See the additional configuration options for more information.
Next steps
To get started with Tekton check the Introductory tutorials, the how-to guides, and the examples folder.
Feedback
Was this page helpful?