Win $20,000. Help build the future of education. Answer the call. Learn more

Build an application on IBM Power Systems Virtual Server using Tekton pipeline and triggers

This tutorial is part of the Learning path: Deploying Red Hat OpenShift Container Platform 4.x on IBM Power Systems Virtual Servers.

Introduction

Tekton is a Kubernetes-native open source framework for creating continuous integration and continuous delivery (CI/CD) pipelines. And if you are building a CI/CD mechanism for cloud-native applications running on a Kubernetes or OpenShift cluster, then it just makes sense to use a cloud-native CI/CD solution along with appropriate tools. As a Kubernetes-native framework, Tekton makes it easier to deploy applications across multiple cloud providers or hybrid environments. It is implemented as a set of Kubernetes Custom Resource Definitions (CRDs), which are the standard Kubernetes extension mechanisms.

Tekton is officially supported on IBM Power (ppc64le) architecture. With increasing demand for Tekton on IBM Power Systems, many users are showing interest in using the functionalities of Tekton on Power Virtual Server as well. The objective of this tutorial is to guide interested users in creating an end-to-end Tekton pipeline for building and deploying applications on an OpenShift cluster on the IBM Power Systems Virtual Server.

Prerequisites

Make sure that the following prerequisites are fulfilled for creating a Tekton pipeline on Power Virtual Server:

Estimated time

It takes around 30 minutes to install Tekton and to set up the basic CI/CD pipeline.

Steps

Install Tekton components

Tekton consists of multiple components, and therefore, installation can be slightly complicated. To begin with, you need to install pipelines and triggers, and the usual method to perform this is by using raw Kubernetes manifests. However, there is a simpler way! You can install Tekton Operator from OperatorHub, which already includes all the components.

In this example, perform the following steps to install and configure Tekton pipelines, triggers, dashboard, and CLI:

  1. Set up the environment on Power Virtual Server.

    Log in to the OpenShift cluster on Power Virtual Server and create a new project, named tekton-pipelines. The namespace of this project is used by all the Tekton components.

    ssh -i <ssh_key> root@<bastion_node_ip>
    oc login -u kubeadmin -p <kubepassword>
    oc new-project tekton-pipelines
    
  2. Install and configure the Tekton pipelines component.

    1. Configure the service account with the required security context constraint permissions. This is required to run the Tekton pipelines webhook pod.

      oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
      oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook
      
    2. Install the Tekton pipelines component.

      oc apply --filename https://github.com/tektoncd/pipeline/releases/download/v0.24.0/release.notags.yaml
      
    3. Monitor the installation using the following command until all the components show the status as Running:

      oc get pods --namespace tekton-pipelines

      Expected output:

      NAME                                                        READY   STATUS      RESTARTS   AGE
      tekton-pipelines-controller-6c599dd7f-fwr2n                 1/1     Running     0          11s
      tekton-pipelines-webhook-d698985d9-dm6zf                    1/1     Running     0          11s
      
  3. Install Tekton CLI.

    1. Install the Tekton CLI tkn using the following command:

      rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.19.1/tektoncd-cli-0.19.1_Linux-ppc64le.rpm
      
    2. Verify the installation. It should display the installed version for tkn CLI.

      tkn version

      Expected output:

      Client version: 0.19.1
      Pipeline version: v0.24.0
      
  4. Install and configure the Tekton triggers component.

    1. Configure the service account with the required security context constraint permissions.

      oc adm policy add-scc-to-user anyuid -z tekton-triggers-controller
      oc adm policy add-scc-to-user anyuid -z tekton-triggers-webhook
      oc adm policy add-scc-to-user anyuid -z tekton-triggers-core-interceptors
      
    2. Install Tekton triggers.

      oc apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.0/release.yaml
      oc apply -f https://github.com/tektoncd/triggers/releases/download/v0.14.0/interceptors.yaml
      
    3. Monitor the installation using the following command until all components show the status as Running:

      oc get pods --namespace tekton-pipelines

      Expected output:

      NAME                                                        READY   STATUS      RESTARTS   AGE
      tekton-pipelines-controller-6c599dd7f-fwr2n                 1/1     Running     0          50s
      tekton-pipelines-webhook-d698985d9-dm6zf                    1/1     Running     0          50s
      tekton-triggers-controller-d5b487c84-8bmcb                  1/1     Running     1          11s
      tekton-triggers-core-interceptors-547b5df66-4w5x5           1/1     Running     0          11s
      tekton-triggers-webhook-765dbd9879-444l9                    1/1     Running     0          11s
      
  5. Install and configure the Tekton dashboard component.

    1. Install the Tekton dashboard.

      oc apply -f https://github.com/tektoncd/dashboard/releases/download/v0.17.0/tekton-dashboard-release.yaml

    2. Monitor the installation using the following command until all the components show the status as Running:

      oc get pods --namespace tekton-pipelines

      Expected output:

      NAME                                                        READY   STATUS      RESTARTS   AGE
      tekton-dashboard-545b99657d-brx6v                           1/1     Running     0          11s
      tekton-pipelines-controller-6c599dd7f-fwr2n                 1/1     Running     0          78s
      tekton-pipelines-webhook-d698985d9-dm6zf                    1/1     Running     0          78s
      tekton-triggers-controller-d5b487c84-8bmcb                  1/1     Running     1          40s
      tekton-triggers-core-interceptors-547b5df66-4w5x5           1/1     Running     0          40s
      tekton-triggers-webhook-765dbd9879-444l9                    1/1     Running     0          40s
      
    3. Create a route to expose the Tekton dashboard service.

      oc create route edge tekton-dashboard --service=tekton-dashboard --port=http --insecure-policy=Redirect -n tekton-pipelines

      Get the route and open the link in browser to access the Tekton dashboard.

      oc get route

Configure the pipeline

Perform the following steps to set up the Tekton pipeline in the cluster:

  1. Clone the sample web application source code repository on the Power Virtual Server cluster Link to repository: https://github.com/snehakpersistent/sample-web-app Fork this repository in your GitHub workspace and clone the forked repo to your Power Virtual Server cluster.

    Checkout to the simple-pipeline branch: git checkout simple-pipeline

  2. Set up quay repositories with proper account permissions.

    1. Create a quay repository in your own quay registry. In this example, we use tekton-sample-app as the quay repository

    2. Make sure that you have read and write permissions to the repository.

    3. Update the PipelineResource (quay-resource-app.yaml) object as well as the quay resource in TriggerTemplate (triggers/triggertemplate.yaml) with link to your quay repository. This quay repository link will be used as an image URL while pushing the images to quay.

  3. Create a secret on the cluster for pushing images to quay.

    1. Update quay username, password, auth and proxy fields in config/docker_config.json on the Power Virtual Server cluster. Use your authentication credentials to log in to the quay repository.

      username – quay username
      password – quay password
      auth – base64(username:password)
      httpProxy/httpsProxy – Proxy value in the Power Virtual Server cluster (if required)

    2. Create a secret using the above docker_config.json file on the Power Virtual Server cluster.

      oc create secret generic quay-secret \
      --from-file=.dockerconfigjson=/root/sample-web-app/config/docker_config.json \
      --type=kubernetes.io/dockerconfigjson
      
  4. Create a pipeline service account on the Power Virtual Server cluster.

    This service account will be used in PipelineRun for running the pipeline. It uses the secret created on Power Virtual Server in the previous step.

    oc apply -f config/sa-pipeline.yaml

  5. Update the cluster resource tokens on the Power Virtual Server cluster.

    A cluster resource can be used to access a Kubernetes cluster. The resource will use the provided parameters to create a kubeconfig file that can be used by steps in the pipeline task to access the target cluster.

    In this example, we use a single cluster resource. This resource (pipelineresources/ppc-cluster-resource.yaml) points to Power Virtual Server cluster.

    Update the YAML file with the correct token required for cluster login. You can find this token in the kubeconfig file on the cluster.

    Also update the token for the cluster resource in triggers/triggertemplate.yaml.

Run the pipeline

This section explains the two scenarios in which the pipeline can be triggered.

Trigger the pipeline manually

Perform the following steps to trigger the pipeline manually on a Power Virtual Server cluster:

  1. Switch to project, tekton-pipelines.

    oc project tekton-pipelines

  2. Create all the task resources.

    oc apply -f task/

  3. Create all the pipeline resources. Before running the following command, ensure that quay-resource-app.yaml has the correct quay repository link and ppc-cluster-resource.yaml has the correct cluster token.

    oc apply -f pipelineresources/

  4. Create the pipeline resource.

    oc apply -f pipeline/pipeline.yaml

  5. Create the pipeline run resource.

    oc apply -f pipeline/pipelineRun.yaml

  6. Monitor the pipeline run on the Tekton dashboard. Run the following command to view the pipeline run logs on CLI.

    tkn pipelinerun logs --last -f

Run the pipeline based on Tekton triggers

Perform the following steps to set up Tekton triggers on an existing pipeline and to run it:

  1. Create the resources (Eventlistener, Eventlistener route, TriggerTemplate, TriggerBinding, and RBAC resources) required for Tekton triggers.

    oc apply -f task/
    oc apply -f pipeline/pipeline.yaml
    
    cd triggers/
    oc apply -f triggers-rbac.yaml
    oc adm policy add-scc-to-user anyuid -z tekton-triggers-sa
    oc apply -f triggertemplate.yaml
    oc apply -f triggerbinding.yaml
    oc apply -f eventlistener.yaml
    oc apply -f eventlistener-route.yaml
    
    oc get route      //to get route of event listener
    
  2. Create a GitHub webhook on your forked repository with the Eventlistener route we exposed in the previous step.

    Figure 1

  3. Trigger the pipeline run.

    1. We have configured webhook in GitHub to detect a Git push event. Before you trigger PipelineRun, ensure that the triggers/triggertemplate.yaml file has the correct cluster token in PipelineResource.

    2. To trigger PipelineRun, perform a Git push operation on your repository. We can also test this by pushing an empty commit.

      git commit -m "empty-commit" --allow-empty && git push origin main

    3. Access the Tekton dashboard or the OpenShift web console and a pipeline run will be automatically created. In this case, PipelineResources are also created automatically based on the TriggerTemplate.

Troubleshooting

If you face any of the following issues, you can try the corresponding workaround solution:

  • On ppc64le, release.yaml is broken due to distroless/base image

    Error message:

    [create-dir-builtimage-8fx4v] 2021/04/01 12:56:16 Error executing command: fork/exec /busybox/mkdir: exec format errorcontainer step-create-dir-builtimage-8fx4v has failed : [{“key”:”StartedAt”,”value”:”2021–04–01T12:56:16.916Z”,”type”:”InternalTektonResult”}]
    

    Workaround:
    Upgrade the Tekton pipeline to version 0.24.0. This release has a proper distroless/base image for ppc64le architecture.

  • Unable to access cluster server

    Error message:
    Unable to connect to the server: Forbidden

    Workaround:
    Comment the following line from /etc/squid/squid.conf on bastion node and restart the squid service. Commenting this line will allow all HTTPS ports.

    http_access deny CONNECT !SSL_ports

Summary

This tutorial explained how to install Tekton components and create a basic CI/CD pipeline for building and deploying an application image on an OpenShift cluster on Power Virtual Server. This information can help users interested in using the functionalities of Tekton on the IBM Power Virtual Server environment.