Tekton Pipelines - OpenShift Project Setup

Setting up Pipelines in an OpenShift project

In a later post, I’ll show you how to automate this setup across your whole cluster.

  1. Select the Lab subdomain that you want to work with:

  2. Create an OpenShift project for our demonstration:

    oc login -u devuser https://api.okd4.${SUB_DOMAIN}.${LAB_DOMAIN}:6443
    oc new-project app-demo
  3. Create a maven settings.xml file for your maven builds:

    Remember, our OpenShift cluster is on a disconnected network. This means that our Java builds will not be able to access Maven Central directly. So, we will leverage Nexus as a maven mirror. Nexus comes configured, out of the box, with a proxy for Maven Central already configured. We will leverage that.

    This ConfigMap will be mounted as a volume by our Tekton Task that builds Java applications.

    cat << EOF | oc apply -n app-demo -f -
    apiVersion: v1
    kind: ConfigMap
      name: maven-settings-xml
      settings.xml: |
        <?xml version="1.0" encoding="UTF-8"?>
  4. Install the pipelines resources:

    oc apply -f ${OKD_LAB_PATH}/okd-home-lab/pipelines/manifests/ -n app-demo

    A TL;DR description of the manifests can be found here: Tekton Pipelines - Overview of Lab Manifests

  5. Create an authentication secret so that the pipeline service account can access gitea with the credentials we created above:

    Place the credentials into environment variables. We’re using the read shell command so that the username and password are not stored in the shell history.

    read GITEA_USER

    Type the service account user name that we created above and hit retrun:


    Type the service account password that we created above and hit retrun:

    Now create a Kubernetes Secret with this information:

    cat << EOF | oc apply -n app-demo -f -
    apiVersion: v1
    kind: Secret
        name: gitea-secret
          tekton.dev/git-0: https://gitea.${LAB_DOMAIN}:3000
    type: kubernetes.io/basic-auth
      username: $(echo -n ${GITEA_USER} | base64)
      password: $(echo -n ${GITEA_PASSWD} | base64)
    oc patch sa pipeline --type json --patch '[{"op": "add", "path": "/secrets/-", "value": {"name":"gitea-secret"}}]' -n app-demo

    Clear the environment variables:


Finally, we are ready to write some code. So, let’s create a simple Quarkus application:

Quarkus Build & Deploy - Pipelines Demo