Blueprint for a Tekton + ArgoCD application setup.
Requires a Kubernetes cluster with Istio installation. You can for example create one on the IBM Cloud.
Install Tekton:
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
Create secrets for SSH GitHub and Docker registry access:
This is one way to create a SSH key, that will be added to GitHub. There are in fact many ways for Tekton to get access to GitHub.
ssh-keygen -t rsa -b 4096 -C "tekton@tekton.dev" # save as tekton / tekton.pub # add tekton.pub contents to GitHub # create secret YAML from contents cat tekton | base64 -w 0 cat > tekton-git-ssh-secret.yaml << EOM apiVersion: v1 kind: Secret metadata: name: git-ssh-key namespace: tekton-pipelines annotations: tekton.dev/git-0: github.com type: kubernetes.io/ssh-auth data: ssh-privatekey: <base64 data> --- EOM kubectl apply -f tekton-git-ssh-secret.yaml # create your Docker registry secret, for example: cat ~/.docker/config.json | base64 -w 0 cat > regsecret.yaml << EOM kind: Secret apiVersion: v1 metadata: name: regsecret data: .dockercfg: <base 64 data> type: kubernetes.io/dockercfg EOM kubectl apply -n tekton-pipelines -f regsecret.yaml
Setup the Tekton serviceaccount:
kubectl apply -f tekton/
Install the Tekton dashboard:
kubectl apply -f https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml
Install ArgoCD:
kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml kubectl apply -f argocd/ kubectl apply -n systemtest -f regsecret.yaml kubectl apply -n production -f regsecret.yaml
Login in ArgoCD, find out the admin password and create a token:
# pod name is the admin password kubectl get pods -n argocd | grep argocd-server # forward ports to access in browser kubectl -n argocd port-forward svc/argocd-server 8081:80 kubectl -n tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
Create ArgoCD access with Tekton:
Under https://localhost:8081/settings/accounts/tekton generate a token.
kubectl create secret -n tekton-pipelines generic argocd-env-secret '--from-literal=ARGOCD_AUTH_TOKEN=<token>'
Now, adapt all ocurrences of your application and GitOps config repository, and your application Docker image.
Then you can execute the pipeline, manually:
./pipelinerun/trigger-pipeline.sh
You can setup Tekton Triggers that start the build on a push to the repository main
branch.
Install Tekton Triggers:
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml kubectl apply -f pipelinetriggers/
Create a triggers secret for GitHub:
cat > github-trigger-secret.yaml << EOM apiVersion: v1 kind: Secret metadata: name: github-trigger-secret namespace: tekton-pipelines type: Opaque stringData: secretToken: "123" --- EOM kubectl apply -f github-trigger-secret.yaml
Test the triggers setup manually:
# HMAC is generated from payload and the GitHub triggers secret curl -i \ -H 'X-GitHub-Event: push' \ -H 'X-Hub-Signature: sha1=<HMAC>' \ -H 'Content-Type: application/json' \ -d '{"ref":"refs/heads/main","head_commit":{"id":"123abc..."}}' \ http://tekton-triggers.example.com
After you’ve setup a GitHub WebHook for push events, you can test the pipeline via pushing to you application repository.