Prerequisites
- A Kubernetes cluster running version 1.24 or later.
- Kubectl.
- Grant cluster-admin privileges to the current user.
- Install a Metrics Server if you need support for high-availability use cases.
Installation
To install Tekton Pipelines on OpenShift, you must first apply the anyuid security context constraint to the tekton-pipelines-controller service account. This is required to run the webhook Pod.
Log on as a user with cluster-admin privileges.
oc login -u system:admin
Set up the namespace (project) and configure the service account:
oc new-project tekton-pipelines
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook
Install Tekton Pipelines
Because OpenShift uses a random user ID for pods, we need to remove the securityContext.runAsUser and securityContext.runAsGroup from any container from the release.yaml.
You will need to have yq installed for this to work. Another way would be to download the yaml, search and replace it in your favorite editor.
curl https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml | yq 'del(.spec.template.spec.containers[].securityContext.runAsUser, .spec.template.spec.containers[].securityContext.runAsGroup)' | oc apply -f -
Monitor the installation using the following command until all components show a Running status:
oc get pods --namespace tekton-pipelines --watch
Congratulations! ππ₯πΆπ
You have successfully installed Tekton Pipelines on your OpenShift environment.
Top comments (0)