- A Kubernetes cluster running version 1.24 or later.
- Grant cluster-admin privileges to the current user.
- Install a Metrics Server if you need support for high-availability use cases.
To install Tekton Pipelines on OpenShift, you must first apply the
anyuid security context constraint to the
tekton-pipelines-controller service account. This is required to run the webhook Pod.
Log on as a user with cluster-admin privileges.
oc login -u system:admin
Set up the namespace (project) and configure the service account:
oc new-project tekton-pipelines
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook
Install Tekton Pipelines
Because OpenShift uses a random user ID for pods, we need to remove the
securityContext.runAsGroup from any container from the
You will need to have
yq installed for this to work. Another way would be to download the
yaml, search and replace it in your favorite editor.
curl https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml | yq 'del(.spec.template.spec.containers.securityContext.runAsUser, .spec.template.spec.containers.securityContext.runAsGroup)' | oc apply -f -
Monitor the installation using the following command until all components show a Running status:
oc get pods --namespace tekton-pipelines --watch
You have successfully installed Tekton Pipelines on your OpenShift environment.