This repository explores a delegated approach for running pipelines. This will allow projects to bring their own pipeline by adding a tekton folder containing the pipeline definition.
This repository contains the following folders:
kustomize- the delegate pipeline that will install the actual pipeline that can be used in an event-listenerlibrary- an example setup for shared pipelines and shared tasks to be used by projectstekton- an example of a bring-your-own pipeline as it would be included in projects
The delegate-pipeline include tasks that require a container image that includes kubectl, kustomize, tkn, git and jq. A Dockerfile for such an image is also included in this repository.
To easily setup the delegate pipeline, you can use the Makefile. The command make install run logs will install the delegate pipeline in the tekton-pipelines namespace, start a pipeline run and will display the logs of the started delegate pipeline. Note that this asumes you kubectl, kustomize and tkn are available.
The delegate pipeline will create a new namespace in which the resources of the tekton folder will be applied (using kustomize). After that, it will start all installed pipelines. If the namespace already existed, the delegating pipeline will remove any obsolete objects that might be left in the namespace. This is to prevent orphaned pipelines from running.
The pipelines are started by providing the below parameters, and should support these. An example can be found in the library folder (which is also used by the tekton example in this repository).
spec:
params:
- name: git-url
- name: git-revision
- name: git-repository-name
- name: git-push-user-email
workspaces:
- name: workspaceThe delegating pipeline automatically creates a new namespace, including a service account with edit permissions on the newly created namespace. This service account is used when running the pipelines that were installed.
In case secrets are required in delegated pipelines, the suggested approach to support these is to have these secrets available in the tekton-pipelines namespace. The tekline implementation will copy over all secrets that have the tekline.joyrex2001.com/sync-to-delegate=true label. When copied over, it will remove all labels and annotations, except for annotations that start with tekton.
The delegate pipeline setup supports running multiple pipelines in the same namespace next to each other. These pipeline will all be triggered automatically once the delegate pipeline is triggered. In order to be able to reference the same tasks in the different pipelines, optionally even using different versions of the same task, a different name is needed for the tasks. Otherwise both pipelines would try to create the same task, which Kustomize by design doesn't allow. It also makes sure that different pipelines cannot override eachothers tasks. This is achieved by adding a prefix to all tasks, conveniently provided by Kustomize. In order for Kustomize to properly create the override, we need to tell it which fields are name references, using the kustomizeconfig component.