- Ramp up on kubernetes and CRDs
- Ramp Tekton Pipelines
- Create a GitHub account
- Setup GitHub access via SSH
- Create and checkout a repo fork
- Set up your shell environment
- Install requirements
- Set up a Kubernetes cluster
- Configure kubectl to use your cluster
- Set up a docker repository you can push to
- Install Tekton Pipelines
- Install Tekton Triggers
- Iterate!
Welcome to the project!! You may find these resources helpful to ramp up on some of the technology this project is built on.
This project extends Kubernetes (aka k8s
) with Custom Resource Definitions
(CRDSs). To find out more:
- The Kubernetes docs on Custom Resources - These will orient you on what words like "Resource" and "Controller" concretely mean
- Understanding Kubernetes objects - This will further solidify k8s nomenclature
- API conventions - Types(kinds) - Another useful set of words describing words. "Objects" and "Lists" in k8s land
- Extend the Kubernetes API with CustomResourceDefinitions- A tutorial demonstrating how a Custom Resource Definition can be added to Kubernetes without anything actually "happening" beyond being able to list Objects of that kind
- Tekton Pipelines README - Some of the terms here may make more sense!
- Install via official installation docs or continue through getting started for development
- Tekton Pipeline "Hello World" tutorial -
Define
Tasks
,Pipelines
, andPipelineResources
, see what happens when they are run
The Go tools require that you clone the repository to the
src/github.com/tektoncd/triggers
directory in your
GOPATH
.
To check out this repository:
- Create your own fork of this repo
- Clone it to your machine:
mkdir -p ${GOPATH}/src/github.com/tektoncd
cd ${GOPATH}/src/github.com/tektoncd
git clone git@github.com:${YOUR_GITHUB_USERNAME}/triggers.git
cd triggers
git remote add upstream git@github.com:tektoncd/triggers.git
git remote set-url --push upstream no_push
Adding the upstream
remote sets you up nicely for regularly
syncing your fork.
You must install these tools:
go
: The language Tekton Pipelines is built ingit
: For source controlko
: For development.ko
version v0.1 or higher is required fortriggers
to work correctly.kubectl
: For interacting with your kube cluster
Your [$GOPATH
] setting is critical for ko apply
to function properly: a
successful run will typically involve building pushing images instead of only
configuring Kubernetes resources.
Docker for Desktop using an edge version has been proven to work for both developing and running Pipelines. The recommended configuration is:
- Kubernetes version 1.21 or later
- 4 vCPU nodes (
n1-standard-4
) - Node autoscaling, up to 3 nodes
- API scopes for cloud-platform
To setup a cluster with GKE:
-
Install required tools and setup GCP project (You may find it useful to save the ID of the project in an environment variable (e.g.
PROJECT_ID
). -
Create a GKE cluster (with
--cluster-version=latest
but you can use any version 1.21 or later):export PROJECT_ID=my-gcp-project export CLUSTER_NAME=mycoolcluster gcloud container clusters create $CLUSTER_NAME \ --enable-autoscaling \ --min-nodes=1 \ --max-nodes=3 \ --scopes=cloud-platform \ --enable-basic-auth \ --no-issue-client-certificate \ --project=$PROJECT_ID \ --region=us-central1 \ --machine-type=n1-standard-4 \ --image-type=cos \ --num-nodes=1 \ --cluster-version=latest
Note that the
--scopes
argument togcloud container cluster create
controls what GCP resources the cluster's default service account has access to; for example to give the default service account full access to your GCR registry, you can addstorage-full
to your--scopes
arg. -
Grant cluster-admin permissions to the current user:
kubectl create clusterrolebinding cluster-admin-binding \ --clusterrole=cluster-admin \ --user=$(gcloud config get-value core/account)
To run your controllers with ko
you'll need to set these
environment variables (we recommend adding them to your .bashrc
):
GOPATH
: If you don't have one, simply pick a directory and addexport GOPATH=...
$GOPATH/bin
onPATH
: This is so that tooling installed viago get
will work properly.KO_DOCKER_REPO
: The docker repository to which developer images should be pushed (e.g.gcr.io/[gcloud-project]
). You can also run a local registry and setKO_DOCKER_REPO
to reference the registry (e.g. atlocalhost:5000/myimages
).
.bashrc
example:
export GOPATH="$HOME/go"
export PATH="${PATH}:${GOPATH}/bin"
export KO_DOCKER_REPO='gcr.io/my-gcloud-project-name'
Make sure to configure
authentication
for your KO_DOCKER_REPO
if required. To be able to push images to
gcr.io/<project>
, you need to run this once:
gcloud auth configure-docker
The user you are using to interact with your k8s cluster must be a cluster admin to create role bindings:
# Using gcloud to get your current user
USER=$(gcloud config get-value core/account)
# Make that user a cluster admin
kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole=cluster-admin \
--user="${USER}"
To install Tekton Pipelines you can either:
- Install a released version
- Setup Tekton Pipelines for development (install and iterate from HEAD)
While iterating on the project, you may need to:
-
Verify it's working by looking at the logs
-
Update your (external) dependencies with:
./hack/update-deps.sh
Running dep ensure manually, will pull a bunch of scripts deleted here
-
Update your type definitions with:
./hack/update-codegen.sh
-
Update the documentation with:
./hack/update-docs.sh
To make changes to these CRDs, you will probably interact with
- The CRD type definitions in ./pkg/apis/triggers/alpha1
- The reconcilers in ./pkg/reconciler
- The clients are in ./pkg/client (these are generated by
./hack/update-codegen.sh
)
You can stand up a version of this controller on-cluster (to your
kubectl config current-context
):
ko apply -f config/
ko apply -f config/interceptors
As you make changes to the code, you can redeploy your controller with:
ko apply -f config/controller.yaml
You can clean up everything with:
ko delete -f config/
To look at the controller logs, run:
kubectl -n tekton-pipelines logs $(kubectl -n tekton-pipelines get pods -l app=tekton-triggers-controller -o name)
To look at the webhook logs, run:
kubectl -n tekton-pipelines logs $(kubectl -n tekton-pipelines get pods -l app=tekton-triggers-webhook -o name)
If you need to add a new CRD type, you will need to add:
- A yaml definition in config/
- Add the type to the cluster roles in:
We've introduced a feature-flag called enable-api-fields
to the
config-feature-flags.yaml file deployed
as part of our releases.
This field can be configured either to be alpha
or stable
. This field is documented as
part of our install docs.
For developers adding new features to Triggers' CRDs we've got a couple of helpful tools to make gating those features simpler and to provide a consistent testing experience.
Writing new features is made trickier when you need to support both the existing stable behaviour as well as your new alpha behaviour.
In the reconciler or sink code, you can guard your new features with an if
statement
such as the following:
alphaAPIEnabled := config.FromContextOrDefaults(ctx).FeatureFlags.EnableAPIFields == "alpha"
if alphaAPIEnabled {
// new feature code goes here
} else {
// existing stable code goes here
}
Notice that you'll need a context object to be passed into your function for this to work. When writing new features keep in mind that you might need to include this in your new function signatures.
Just because your application code might be correctly observing
the feature gate flag doesn't mean you're done yet! When a user submits
a Tekton resource it's validated by a validation webhook. Here too you'll need
to ensure your new features aren't accidentally accepted when the feature gate
suggests they shouldn't be. We've got a helper function,
ValidateEnabledAPIFields
,
to make validating the current feature gate easier. Use it like this:
requiredVersion := config.AlphaAPIFields
// errs is an instance of *apis.FieldError, a common type in our validation code
errs = errs.Also(ValidateEnabledAPIFields(ctx, "your feature name", requiredVersion))
If the user's cluster isn't configured with the required feature gate it'll return an error like this:
<your feature> requires "enable-api-fields" feature gate to be "alpha" but it is "stable"
Any new code you write that uses the ctx
context variable is trivially
unit tested with different feature gate settings. You should make sure
to unit test your code both with and without a feature gate enabled to
make sure it's properly guarded. See the following for an example of a
unit test that sets the feature gate to test behaviour:
ctx, err := test.FeatureFlagsToContext(context.Background(), map[string]string{
"enable-api-fields": "alpha",
})
if err != nil {
t.Fatalf("unexpected error initializing feature flags: %v", err)
}
if err := ts.TestThing(ctx); err != nil {
t.Errorf("unexpected error with alpha feature gate enabled: %v", err)
}
For integration tests we provide the requireGate
function which
should be passed to the setup
function used by tests:
c, namespace := setup(ctx, t, requireGate("enable-api-fields", "alpha"))
This will Skip your integration test if the feature gate is not set to alpha
with a clear message explaining why it was skipped.
Note: As with running example YAMLs you have to manually set the enable-api-fields
flag to alpha
in your test cluster to see your alpha integration tests
run. When the flag in your cluster is alpha
all integration tests are executed,
both stable
and alpha
. Setting the feature flag to stable
will exclude alpha
tests.