Contibuted by James Strachan | originally posted on Jenkins.io
What is Tekton?
Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems.
Why use Tekton?
Tekton pipelines have a number of benefits:
- they are cloud native and designed from the ground up for Kubernetes
- each Tekton
Pipelineis fully declarative and completely self-described; it does not depend on any separate out of band Jenkins controllers, plugins or plugin/controller configurations
Pipeline Taskruns as a stand-alone Kubernetes Pod which is completely independent of any other pods and pipelines and are fully scheduled by Kubernetes to maximise resilience and optimize resource usage. A bad pipeline cannot take down another one & the Kubernetes scheduler manages them all
- each step can be any command in any container image with whatever secrets, volume mounts, environment variables and resource limits you need
- there is no need to bundle a JVM or Jenkins Remoting container into the pod so you can keep resources and cost down
Why use Jenkins and Tekton together?
Jenkins is the most popular open source automation server around. Lots of developers use it every day to get things done. Jenkins can now be used to automate the Tekton pipelines too which helps teams digitally transform to more cloud native solutions for their CI and CD. In such a case, you can use Tekton pipeline engine while getting all benefits from Jenkins as an orchestrator, user interface and the reporting engine.
Introducing the Tekton Plugin for Jenkins
The Tekton Client plugin for Jenkins lets you easily use Jenkins to automate creating and running Tekton pipelines. It bridges the Kubernetes learning gap and allows invoking Tekton Pipelines and resources through Jenkins. This allows users to not have much of the Kubernetes-specific knowledge beforehand and work.
It’s a single Jenkins plugin to install – so it’s easy to use.
For background check out the blog post Bridging the Gap with Tekton-client-plugin for Jenkins by the founder of the plugin Vibhav Bobade.
The Tekton Client plugin for Jenkins assumes you have access to a Kubernetes cluster.
The Kubernetes cluster should have Tekton pipelines installed.
The Jenkins controller should also have Kubernetes RBAC access to be able to create Tekton resources and watch them and their associated pods and pod logs.
If you are running your Jenkins controller inside Kubernetes then an easy way to set up the RBAC is to install the Jenkins Resource Helm Chart in the same namespace as your Jenkins controller.
Specifying the Tekton pipelines
You can configure the Tekton pipeline via:
- a file path in a git clone block
- a URL to a tekton YAML file
- a block of YAML
This means that you can version your pipelines in git. It also means you can benefit from the various IDE plugins available for Tekton such as VS Code and IDEA so that you get auto-completion, formatting and validation while editing the YAML.
So you can use the usual Git provider support in Jenkins to clone the git repository that contains the Tekton YAML file then reference the file by name.
Reusing Pipelines from the Tekton Catalog
The Tekton Catalog defines a ton of Tekton Tasks you can reuse in your pipelines
We have found when it comes to a microservices style architecture you end up with lots of repositories and pipelines. Then using a Pipeline As Code pattern with GitOps we want to Version Everything but also make it easy for any repository to use any version of any task or pipeline.
e.g. you may have many repositories using the current version of a pipeline but want to try out a new change to the pipeline in just 1 repository to verify it works well; then if it does, incrementally roll that change out to more repositories.
This can make it hard trying to reuse as much as you can across the different git repositories while also minimising the number of versions and forks of git repositories you have and simplifying the maintenance of all of the pipelines.
So we reuse Tasks and Pipelines via the uses: image notation which lets us keep all of our Tekton Tasks and Pipelines in vanilla Tekton YAML; so that the IDE completion and validation work – but we can easily reuse Tasks or steps from libraries while also Versioning Everything
Note that if wish to reuse steps/tasks via the uses: image notation then you must click the
Tekton Catalog flag in your Job definition which will then resolve the
uses: clause with the actual step/task.
What is Jenkins X?
- Automated CI/CD pipelines let you focus on your actual application code while Jenkins X automatically creates battle-tested Tekton CI/CD pipelines for your project which are managed via GitOps so that it’s super easy to keep your pipelines up to date across your repositories or to upgrade or override pipelines or steps for specific repositories.
- Automatic promotion of versioned artifacts via GitOps through your Environments such as
Productionwhether they are running in the same Kubernetes cluster or you are using multiple clusters for your environments
- Preview Environments lets you propose code changes via Pull Requests and have a Preview Environment automatically created, running your code in Kubernetes to get fast feedback from your team before agreeing to merge changes to the main branch
- ChatOps comment on Pull Requests to give feedback, approve/hold changes, trigger optional pipelines for additional testing and other ChatOps commands
All of the above is implemented in reusable Tekton pipelines.
Reusing Jenkins X Pipelines
So how can we reuse automated CI/CD pipelines from Jenkins X project from Jenkins?
Make sure you have the Tekton Client plugin for Jenkins installed in your Jenkins server.
Using a working template
If you want to start with a working example then
- Create A Git Repository From This Template
- add a new
Frestyle projectto your Jenkins server
- enable the
Gitsource code management for your new github.com repository
Add build Step(near the bottom of the page) and then select
Tekton : Create Resource (Raw)
- make sure that
FILEis selected for the input and enter the name
.lighthouse/jenkins-x/release.yamlfor the file name
- if you are using a Jenkins X cluster enter
jxfor the namespace
- ensure that
Enable Tekton Catalogis checked
- now save the pipeline – it should look something like this:
Now if you trigger the pipeline you should see it create a Tekton Pipeline and you should see the output of the Tekton pipeline in the Jenkins console. The pipeline is actually running as a completely separate Pod in Kubernetes; the Jenkins controller just tails the log into the console.
In a Jenkins X cluster, this pipeline should just work (reusing all the cloud resources and IAM roles set up by the Terraform) but in an arbitrary Kubernetes cluster, you may get issues around not being able to push images or promote due to lack of GitOps environments being defined which we can help you work through via the Jenkins X slack room.
Using an existing repository
You can configure a Pull Request or Release pipeline in your project by copying the YAML file for the language pack you wish to use.
Then follow the above instructions for setting up a
Freestyle project for your git repository and referencing the file name for your pipeline.
Being able to reuse steps from libraries of pipelines is awesome, but sometimes you need to change things. The assumptions, commands, arguments, environment variables or approaches used for every step in a library may not quite match what you need on a specific application. You may need to run steps before/after steps in the library or you may need to override a specific step to do something different.
The fact that all the Tekton YAML is fully declarative makes it super easy to modify things via your IDE with validation and smart completion and not have to use a scripting language and understand complex shared pipeline libraries.
The easiest way to try overriding a step is to install the jx binary to your $PATH then use the jx pipeline override command which will create a new locally overridden step you can then just edit in your IDE.
Then at any time, you can view the effective pipeline when you make local changes
Comparing the Kubernetes and Tekton plugins
What this means is that:
- a Kubernetes pod is created based on the pod YAML file which is scheduled by Kubernetes
- the Jenkinsfile runs on the Jenkins controller talking over Jenkins remoting to the pod to tell it to run commands in different containers. The pod includes the
jnlpcontainer which does the remoting between the Jenkins controller and the pod
This has a few issues:
- each container in the pod must have a shell so that jnlp can invoke commands. This may mean you have to create your own images
- it can be a little slow to start since there is chattiness with the Jenkins controller and the pod – whereas with Tekton pods just start and run locally without any coordination with the Jenkins controller
- you have to maintain 2 files: the
pod.yamland it’s hard to share/override both of those files across multiple repositories as you need to make changes (e.g. overriding environment variables/images/commands/resource limits on-demand on steps).
Though one downside of the Tekton approach is that by default there is no automatic synchronisation of state; after a Task in Tekton completes there’s no automatic upload of state to the Jenkins controllers disk. You can always add a step in your Task to upload the workspace state to the Jenkins controller if that’s what you want.
Though remember that tekton plugin doesn’t take anything away; so you can mix and match the Kubernetes and tekton plugins to suit your needs.
We are really excited about the combination of Jenkins, Tekton and Jenkins X letting developers pick the best tool for the job while becoming more cloud native and increasing the automation help reduce the amount of manual work creating and maintaining pipelines while also helping to improve the quality and practices of our CI/CD.
Please try it out and let us know how you get on!