Skip to content

Tekton Reference: K8s-Native CI/CD Pipelines, Tasks, Triggers & Tekton Hub

Tekton is a CNCF project for building K8s-native CI/CD pipelines. Each step runs as a K8s pod — pipelines are defined as CRDs, use K8s RBAC, and integrate naturally with K8s secrets and workspaces. Used directly or as the engine behind Jenkins X and OpenShift Pipelines.

1. Core Concepts

Tasks, Pipelines, PipelineRuns — the building blocks
Resource What it is
Task Unit of work — a sequence of Steps, each a container command
TaskRun A single execution of a Task
Pipeline Ordered sequence of Tasks with input/output passing
PipelineRun A single execution of a Pipeline
Workspace Shared storage between Tasks (PVC, ConfigMap, Secret, emptyDir)
Trigger EventListener + TriggerTemplate to start PipelineRuns from webhooks 
# Install Tekton Pipelines:
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

# Install Tekton CLI (tkn):
brew install tektoncd-cli       # macOS

# Verify:
kubectl get pods -n tekton-pipelines
tkn version

2. Tasks & Steps

Define and run individual Task units 
# A Task — runs tests:
apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: run-tests
  namespace: default
spec:
  params:
    - name: image
      type: string
      default: python:3.12-slim
  workspaces:
    - name: source                    # workspace where source code lives
  steps:
    - name: install-deps
      image: $(params.image)
      workingDir: $(workspaces.source.path)
      command: [pip, install, -r, requirements.txt]

    - name: run-tests
      image: $(params.image)
      workingDir: $(workspaces.source.path)
      command: [pytest, tests/, -v, --tb=short]
      env:
        - name: DB_URL
          valueFrom:
            secretKeyRef:
              name: test-db-credentials
              key: url

# Run it directly (TaskRun):
apiVersion: tekton.dev/v1
kind: TaskRun
metadata:
  generateName: run-tests-
spec:
  taskRef:
    name: run-tests
  params:
    - name: image
      value: python:3.12-slim
  workspaces:
    - name: source
      persistentVolumeClaim:
        claimName: source-pvc

# Or via CLI:
kubectl create -f taskrun.yaml     # generateName creates unique name
tkn taskrun logs -f                # stream logs from latest TaskRun

3. Pipelines

Chain tasks with parameters, workspaces, and conditions 
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
  name: build-test-deploy
spec:
  params:
    - name: git-url
    - name: image-name
    - name: image-tag
      default: latest

  workspaces:
    - name: shared-source           # shared across all tasks
    - name: docker-credentials      # Docker registry auth

  tasks:
    # Step 1: Clone source
    - name: clone
      taskRef:
        resolver: hub               # use Tekton Hub task
        params:
          - name: kind
            value: task
          - name: name
            value: git-clone
          - name: version
            value: "0.9"
      workspaces:
        - name: output
          workspace: shared-source
      params:
        - name: url
          value: $(params.git-url)

    # Step 2: Run tests (after clone)
    - name: test
      runAfter: [clone]             # explicit ordering
      taskRef: {name: run-tests}
      workspaces:
        - name: source
          workspace: shared-source

    # Step 3: Build image (after tests pass)
    - name: build-image
      runAfter: [test]
      taskRef:
        resolver: hub
        params: [{name: name, value: kaniko}, {name: version, value: "0.6"}]
      workspaces:
        - name: source
          workspace: shared-source
        - name: dockerconfig
          workspace: docker-credentials
      params:
        - name: IMAGE
          value: $(params.image-name):$(params.image-tag)

    # Step 4: Deploy (parallel tasks can run simultaneously):
    - name: deploy-staging
      runAfter: [build-image]
      taskRef: {name: kubectl-apply}
      params:
        - name: manifest
          value: k8s/staging/

    - name: notify-slack
      runAfter: [build-image]       # runs in parallel with deploy-staging
      taskRef: {name: send-slack-notification}

4. Triggers — Webhook-Driven Pipelines

Start PipelineRuns from GitHub/GitLab webhooks 
# Install Tekton Triggers:
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml

# TriggerTemplate — what to create when event arrives:
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerTemplate
metadata:
  name: pipeline-trigger-template
spec:
  params:
    - name: git-url
    - name: git-revision
  resourcetemplates:
    - apiVersion: tekton.dev/v1
      kind: PipelineRun
      metadata:
        generateName: build-test-deploy-
      spec:
        pipelineRef: {name: build-test-deploy}
        params:
          - name: git-url
            value: $(tt.params.git-url)
          - name: image-tag
            value: $(tt.params.git-revision)

# TriggerBinding — map webhook payload to parameters:
apiVersion: triggers.tekton.dev/v1beta1
kind: TriggerBinding
metadata:
  name: github-push-binding
spec:
  params:
    - name: git-url
      value: $(body.repository.clone_url)
    - name: git-revision
      value: $(body.after)           # commit SHA from GitHub push event

# EventListener — receives webhook, routes to trigger:
apiVersion: triggers.tekton.dev/v1beta1
kind: EventListener
metadata:
  name: github-listener
spec:
  serviceAccountName: tekton-triggers-sa
  triggers:
    - name: github-push
      interceptors:
        - ref: {name: github}        # validates GitHub webhook signature
          params:
            - name: secretRef
              value: {secretName: github-webhook-secret, secretKey: secret}
            - name: eventTypes
              value: [push]
      bindings:
        - ref: github-push-binding
      template:
        ref: pipeline-trigger-template

5. CLI & Operations

tkn CLI for managing and debugging pipelines 
# List resources:
tkn pipeline list                       # all Pipelines
tkn pipelinerun list                    # all PipelineRuns
tkn taskrun list                        # all TaskRuns

# Monitor and debug:
tkn pipelinerun logs -f my-run-xxx      # stream logs
tkn pipelinerun describe my-run-xxx     # status per task + step
tkn taskrun describe my-task-run-xxx    # step-level status

# Re-run a failed pipeline (with same params):
tkn pipelinerun rerun my-run-xxx        # creates new PipelineRun with same params

# Tekton Hub — pre-built community tasks:
tkn hub search git-clone                # search for tasks
tkn hub install task git-clone          # install to cluster
tkn hub install task kaniko             # Docker image build without daemon
# Browse: hub.tekton.dev

# Cancel a running PipelineRun:
tkn pipelinerun cancel my-run-xxx

# Timeout configuration (in Pipeline spec):
spec:
  timeouts:
    pipeline: 1h0m0s           # total pipeline timeout
    tasks: 30m0s               # per-task timeout
    finally: 10m0s             # finally tasks timeout

Track Tekton, Kubernetes, and CI/CD tooling releases.
ReleaseRun monitors Kubernetes, Docker, and 13+ DevOps technologies.

Related: ArgoCD & GitOps Reference | Argo Workflows Reference | Kubernetes YAML Reference

🔍 Free tool: K8s YAML Security Linter — check your Tekton Pipeline and Task manifests for K8s security misconfigurations.

Founded

2023 in London, UK

Contact

hello@releaserun.com