Chapter 2. Installing and configuring Pipelines as Code
You can install Pipelines as Code as a part of Red Hat OpenShift Pipelines installation.
2.1. Installing Pipelines as Code on an OpenShift Container Platform
Pipelines as Code is installed in the openshift-pipelines namespace when you install the Red Hat OpenShift Pipelines Operator. For more details, see Installing OpenShift Pipelines in the Additional resources section.
To disable the default installation of Pipelines as Code with the Operator, set the value of the enable parameter to false in the TektonConfig custom resource.
apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
name: config
spec:
platforms:
openshift:
pipelinesAsCode:
enable: false
settings:
application-name: Pipelines as Code CI
auto-configure-new-github-repo: "false"
bitbucket-cloud-check-source-ip: "true"
hub-catalog-name: tekton
hub-url: https://api.hub.tekton.dev/v1
remote-tasks: "true"
secret-auto-create: "true"
# ...Optionally, you can run the following command:
$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": false}}}}}'
To enable the default installation of Pipelines as Code with the Red Hat OpenShift Pipelines Operator, set the value of the enable parameter to true in the TektonConfig custom resource:
apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
name: config
spec:
platforms:
openshift:
pipelinesAsCode:
enable: true
settings:
application-name: Pipelines as Code CI
auto-configure-new-github-repo: "false"
bitbucket-cloud-check-source-ip: "true"
hub-catalog-name: tekton
hub-url: https://api.hub.tekton.dev/v1
remote-tasks: "true"
secret-auto-create: "true"
# ...Optionally, you can run the following command:
$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": true}}}}}'2.2. Installing Pipelines as Code CLI
Cluster administrators can use the tkn pac and opc CLI tools on local machines or as containers for testing. The tkn pac and opc CLI tools are installed automatically when you install the tkn CLI for Red Hat OpenShift Pipelines.
You can install the tkn pac and opc version 1.15.0 binaries for the supported platforms:
2.3. Customizing Pipelines as Code configuration
To customize Pipelines as Code, cluster administrators can configure the following parameters in the TektonConfig custom resource, in the platforms.openshift.pipelinesAsCode.settings spec:
| Parameter | Description | Default |
|---|---|---|
|
| The name of the application. For example, the name displayed in the GitHub Checks labels. |
|
|
| Indicates whether or not a secret should be automatically created using the token generated in the GitHub application. This secret can then be used with private repositories. |
|
|
| When enabled, allows remote tasks from pipeline run annotations. |
|
|
| The base URL for the Tekton Hub API. | |
|
| The Tekton Hub catalog name. |
|
|
|
The URL of the Tekton Hub dashboard. Pipelines as Code uses this URL to generate a | NA |
|
| Indicates whether to secure the service requests by querying IP ranges for a public Bitbucket. Changing the parameter’s default value might result into a security issue. |
|
|
| Indicates whether to provide an additional set of IP ranges or networks, which are separated by commas. | NA |
|
|
A maximum limit for the | NA |
|
|
A default limit for the | NA |
|
| Configures new GitHub repositories automatically. Pipelines as Code sets up a namespace and creates a custom resource for your repository. This parameter is only supported with GitHub applications. |
|
|
|
Configures a template to automatically generate the namespace for your new repository, if |
|
|
| Enables or disables the view of a log snippet for the failed tasks, with an error in a pipeline. You can disable this parameter in the case of data leakage from your pipeline. |
|
|
| Enables or disables the inspection of container logs to detect error message and expose them as annotations on the pull request. This setting applies only if you are using the GitHub app. |
|
|
|
The maximum number of lines inspected in the container logs to search for error messages. Set to | 50 |
|
|
If set to |
|
|
| Additional repositories for scoping the generated GitHub access token. |
2.4. Configuring additional Pipelines as Code controllers to support additional GitHub apps
By default, you can configure Pipelines as Code to interact with one GitHub app. In some cases you might need to use more than one GitHub app, for example, if you need to use different GitHub accounts or different GitHub instances such as GitHub Enterprise or GitHub SaaS. If you want to use more than one GitHub app, you must configure an additional Pipelines as Code controller for every additional GitHub app.
Procedure
In the
TektonConfigcustom resource, add theadditionalPACControllerssection to theplatforms.openshift.pipelinesAsCodespec, as in the following example:Example
additionalPACControllerssectionapiVersion: operator.tekton.dev/v1 kind: TektonConfig metadata: name: config spec: platforms: openshift: pipelinesAsCode: additionalPACControllers: pac_controller_2: 1 enable: true 2 secretName: pac_secret_2 3 settings: # 4 # ...- 1
- The name of the controller. This name must be unique and not exceed 25 characters in length.
- 2
- This parameter is optional. Set this parameter to
trueto enable the additional controller or tofalseto disable the additional controller. The default vaule istrue. - 3
- Set this parameter to the name of a secret that you must create for the GitHub app.
- 4
- This section is optional. In this section, you can set any Pipelines as Code settings for this controller if the settings must be different from the main Pipelines as Code controller.
-
Optional: If you want to use more than two GitHub apps, create additional sections under the
pipelinesAsCode.additionalPACControllersspec to configure a Pipelines as Code controller for every GitHub instance. Use a unique name for every controller.
