owned this note
owned this note
Published
Linked with GitHub
# Jenkins + Tekton Integration on Kind Cluster
## E2E Tests for Tekton Client Plugin
### What E2E Tests Look Like
E2E tests for a Tekton Client Plugin should validate the complete user workflow:
1. **Plugin Installation & Configurationn** - Install plugin via Jenkins UI, configure Kubernetes connection
2. **Pipeline DSL Usage** - Use plugin-specific syntax like `tektonTask{}` and `tektonPipeline{}` in Jenkinsfiles
3. **Complete Workflows** - Test full CI/CD pipelines : Git Commit → Jenkins Pipeline → Tekton Tasks → Build → Test → Deploy → Verify
### How to Automate Them
1. **Custom Jenkins Docker Image**: Build Jenkins with the plugin baked in (jenkinsci/tekton-client-plugin:latest)
2. **Kind Cluster Setup**: Use helm/kind-action to create dedicated test cluster
3. **Helm-based Jenkins Install**: Deploy Jenkins using Helm chart with custom image and disabled plugin installation
4. **Tekton Installation**: Install Tekton via kubectl from official release YAML
5. **CLI Tools Setup**: Install tkn (Tekton CLI) and jcli (Jenkins CLI) for programmatic testing
6. **Image Loading**: Use kind load docker-image to make custom Jenkins image available in cluster
## Overview
This guide demonstrates how to set up Jenkins and Tekton on a Kind (Kubernetes in Docker) cluster, configure their integration, and implement comprehensive testing strategies including Integration Tests and End-to-End (E2E) Tests.
**Key Components:**
- **Kind Cluster**: Local Kubernetes cluster for development/testing
- **Tekton Pipelines**: Cloud-native CI/CD framework running on Kubernetes
- **Jenkins**: CI/CD automation server with Kubernetes agent support
- **Tekton Client Plugin**: (Conceptual) Jenkins plugin for Tekton integration
## Architecture Overview
```
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Developer │───▶│ Jenkins │───▶│ Tekton │
│ │ │ │ │ │
│ • Commits code │ │ • Triggers │ │ • Executes │
│ • Creates PR │ │ • Orchestrates │ │ • Tasks │
│ • Monitors │ │ • Monitors │ │ • Pipelines │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│ │
│ Kubernetes API │
└─────────────────────────┘
```
## Prerequisites
- Docker installed and running
- Kind CLI installed
- kubectl CLI installed
- Helm CLI installed
- Basic understanding of Kubernetes, Jenkins, and CI/CD concepts
## Setup Instructions
### 1. Create Kind Cluster
**Create single-node control-plane cluster:**
```bash
kind create cluster --name jenkins-tekton
```
This creates a minimal Kubernetes cluster with optimized settings for local development, including adequate pod limits and resource reservations for running Jenkins and Tekton workloads.
**Verify cluster:**
```bash
kubectl cluster-info
kubectl get nodes
```
### 2. Install Tekton Pipelines
**Install Tekton core components:**
```bash
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
```
**Wait for Tekton to be ready:**
```bash
kubectl wait --for=condition=Ready pod -l app=tekton-pipelines-controller -n tekton-pipelines --timeout=300s
kubectl wait --for=condition=Ready pod -l app=tekton-pipelines-webhook -n tekton-pipelines --timeout=300s
```
**Verify Tekton installation:**
```bash
kubectl get pods -n tekton-pipelines
kubectl api-resources | grep tekton
```
### 3. Install Jenkins with Kubernetes Plugin
**Add Jenkins Helm repository:**
```bash
helm repo add jenkins https://charts.jenkins.io
helm repo update
```
**Install Jenkins with Kubernetes support:**
```bash
helm install jenkins jenkins/jenkins \
--namespace jenkins --create-namespace \
--set controller.serviceType=NodePort \
--set controller.nodePort=32000 \
--set controller.installPlugins[0]=kubernetes:latest \
--set controller.installPlugins[1]=workflow-aggregator:latest
```
**Get Jenkins admin password:**
```bash
kubectl exec --namespace jenkins -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/additional/chart-admin-password && echo
```
**Access Jenkins:**
- URL: http://localhost:32000
- Username: admin
- Password: (from command above)
### 4. Configure RBAC for Jenkins-Tekton Integration
**Create ClusterRole with comprehensive permissions:**
Create a ClusterRole named `jenkins-tekton` that grants full access to:
- Core Kubernetes resources (pods, services, configmaps, secrets, namespaces)
- Pod execution capabilities (pods/exec, pods/log) for running commands inside containers
- Application resources (deployments, statefulsets, daemonsets)
- All Tekton custom resources (tasks, pipelines, taskruns, pipelineruns, triggers)
This broad permission set enables Jenkins to manage the complete lifecycle of Tekton resources across namespaces.
**Bind ClusterRole to Jenkins ServiceAccount:**
Create a ClusterRoleBinding that associates the `jenkins-tekton` ClusterRole with the Jenkins ServiceAccount in the jenkins namespace. This binding enables Jenkins pods to authenticate with the Kubernetes API and perform Tekton operations cluster-wide.
**Verify RBAC permissions:**
```bash
kubectl auth can-i create tasks --as=system:serviceaccount:jenkins:jenkins
kubectl auth can-i exec pods --as=system:serviceaccount:jenkins:jenkins -n jenkins
```
### 5. Create Test Namespaces
**Create dedicated namespaces for testing:**
```bash
kubectl create namespace integration-tests
kubectl create namespace e2e-tests
```
**Label namespaces for organization:**
```bash
kubectl label namespace integration-tests test-type=integration
kubectl label namespace e2e-tests test-type=e2e
```
## How Jenkins and Tekton Connect
### Connection Mechanism
1. **Kubernetes API**: Jenkins communicates with Tekton through the Kubernetes API server
2. **Custom Resources**: Jenkins creates/manages Tekton CRDs (Tasks, TaskRuns, Pipelines, PipelineRuns)
3. **RBAC**: ServiceAccount-based authentication enables secure cross-namespace operations
4. **Workspaces**: Shared storage (PVCs) allows data flow between Jenkins and Tekton execution
### Integration Flow
```
Jenkins Pipeline → kubectl commands → Kubernetes API → Tekton Controller → Pod Execution
```
**Example Integration:**
```groovy
// Jenkins creates Tekton Task
sh 'kubectl apply -f tekton-task.yaml'
// Jenkins triggers TaskRun
sh 'kubectl apply -f tekton-taskrun.yaml'
// Jenkins monitors execution
sh 'kubectl wait --for=condition=Succeeded taskrun/my-task -n jenkins --timeout=300s'
// Jenkins retrieves results
sh 'kubectl logs -l tekton.dev/taskRun=my-task -n jenkins'
```
## Testing Strategy Implementation
### Integration Tests
**Purpose**: Verify technical connectivity and basic functionality between Jenkins and Tekton components.
**Scope**: Component-level interactions, API accessibility, resource CRUD operations.
**Implementation Overview:**
Integration tests use Jenkins pipelines with Kubernetes agents to validate:
1. **Kubernetes API connectivity** - Verify Jenkins can communicate with cluster
2. **Tekton API discovery** - Confirm Tekton CRDs are accessible via kubectl
3. **Resource creation** - Create simple Tekton Tasks in test namespaces
4. **Resource verification** - Validate created resources exist and are properly configured
5. **TaskRun execution** - Execute tasks and monitor completion status
6. **RBAC validation** - Ensure Jenkins has necessary permissions across namespaces
Tests use lightweight Alpine containers with kubectl, git, and curl tools installed. Each test validates a specific integration point between Jenkins and Tekton, providing fast feedback on technical connectivity issues.
### End-to-End (E2E) Tests
**Purpose**: Validate complete user workflows from code commit to production deployment.
**Scope**: Full CI/CD pipeline simulation, multi-stage workflows, real-world scenarios.
**Implementation Overview:**
E2E tests simulate complete CI/CD workflows using the tektoncd/catalog repository as a realistic codebase. The implementation includes:
1. **Multi-stage Pipeline Creation**:
- Build task that compiles source code and generates artifacts
- Test task that validates build artifacts and runs quality checks
- Deploy task that simulates production deployment with artifact verification
2. **Workspace Management**:
- Shared PersistentVolumeClaim for data flow between pipeline stages
- Proper workspace mounting and artifact persistence
3. **Complete Workflow Execution**:
- PipelineRun creation with proper task dependencies (build → test → deploy)
- Real-time monitoring using kubectl wait commands
- Comprehensive result validation and reporting
4. **Production Simulation**:
- Uses realistic Git repository (tektoncd/catalog) for source code
- Implements proper error handling and exit codes
- Validates deployment artifacts and application readiness
E2E tests provide confidence that the entire integration works end-to-end, simulating real developer workflows from code commit to production deployment.
## Test Results and Learnings
### Implemented Integration Tests
1. **Kubernetes Connectivity Test**: Verified Jenkins can communicate with K8s API
2. **Tekton API Discovery Test**: Confirmed Tekton CRDs are accessible
3. **Resource CRUD Operations Test**: Successfully created, read, updated, deleted Tekton resources
4. **TaskRun Execution Test**: Validated end-to-end task execution flow
5. **RBAC Permissions Test**: Verified Jenkins ServiceAccount has required permissions
### Implemented E2E Tests
1. **Complete CI/CD Pipeline**: Multi-stage pipeline with build → test → deploy flow
2. **Workspace Management**: Shared data flow between pipeline stages
3. **Production Simulation**: Real deployment scenario testing
## Cleanup
**Remove test resources:**
```bash
kubectl delete namespace integration-tests e2e-tests
```
**Remove Jenkins:**
```bash
helm uninstall jenkins -n jenkins
kubectl delete namespace jenkins
```
**Remove Tekton:**
```bash
kubectl delete -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
```
**Delete Kind cluster:**
```bash
kind delete cluster --name jenkins-tekton
```
Google Drive
Gist
Clipboard
Sign in with Wallet
