Chapter 2. Installing and configuring Pipelines as Code
You can install Pipelines as Code as a part of Red Hat OpenShift Pipelines installation.
2.1. Installing Pipelines as Code on an OpenShift Container Platform
Pipelines as Code is installed in the openshift-pipelines
namespace when you install the Red Hat OpenShift Pipelines Operator. For more details, see Installing OpenShift Pipelines in the Additional resources section.
To disable the default installation of Pipelines as Code with the Operator, set the value of the enable
parameter to false
in the TektonConfig
custom resource.
apiVersion: operator.tekton.dev/v1alpha1 kind: TektonConfig metadata: name: config spec: platforms: openshift: pipelinesAsCode: enable: false settings: application-name: Pipelines as Code CI auto-configure-new-github-repo: "false" bitbucket-cloud-check-source-ip: "true" hub-catalog-name: tekton hub-url: https://api.hub.tekton.dev/v1 remote-tasks: "true" secret-auto-create: "true" # ...
Optionally, you can run the following command:
$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": false}}}}}'
To enable the default installation of Pipelines as Code with the Red Hat OpenShift Pipelines Operator, set the value of the enable
parameter to true
in the TektonConfig
custom resource:
apiVersion: operator.tekton.dev/v1alpha1 kind: TektonConfig metadata: name: config spec: platforms: openshift: pipelinesAsCode: enable: true settings: application-name: Pipelines as Code CI auto-configure-new-github-repo: "false" bitbucket-cloud-check-source-ip: "true" hub-catalog-name: tekton hub-url: https://api.hub.tekton.dev/v1 remote-tasks: "true" secret-auto-create: "true" # ...
Optionally, you can run the following command:
$ oc patch tektonconfig config --type="merge" -p '{"spec": {"platforms": {"openshift":{"pipelinesAsCode": {"enable": true}}}}}'
2.2. Installing Pipelines as Code CLI
Cluster administrators can use the tkn pac
and opc
CLI tools on local machines or as containers for testing. The tkn pac
and opc
CLI tools are installed automatically when you install the tkn
CLI for Red Hat OpenShift Pipelines.
You can install the tkn pac
and opc
version 1.16.0
binaries for the supported platforms:
2.3. Customizing Pipelines as Code configuration
To customize Pipelines as Code, cluster administrators can configure the following parameters in the TektonConfig
custom resource, in the platforms.openshift.pipelinesAsCode.settings
spec:
Parameter | Description | Default |
---|---|---|
| The name of the application. For example, the name displayed in the GitHub Checks labels. |
|
| Indicates whether or not a secret should be automatically created using the token generated in the GitHub application. This secret can then be used with private repositories. |
|
| When enabled, allows remote tasks from pipeline run annotations. |
|
| The base URL for the Tekton Hub API. | |
| The Tekton Hub catalog name. |
|
|
The URL of the Tekton Hub dashboard. Pipelines as Code uses this URL to generate a | NA |
| Indicates whether to secure the service requests by querying IP ranges for a public Bitbucket. Changing the parameter’s default value might result into a security issue. |
|
| Indicates whether to provide an additional set of IP ranges or networks, which are separated by commas. | NA |
|
A maximum limit for the | NA |
|
A default limit for the | NA |
| Configures new GitHub repositories automatically. Pipelines as Code sets up a namespace and creates a custom resource for your repository. This parameter is only supported with GitHub applications. |
|
|
Configures a template to automatically generate the namespace for your new repository, if |
|
| Enables or disables the view of a log snippet for the failed tasks, with an error in a pipeline. You can disable this parameter in the case of data leakage from your pipeline. |
|
| Enables or disables the inspection of container logs to detect error message and expose them as annotations on the pull request. This setting applies only if you are using the GitHub app. |
|
|
The maximum number of lines inspected in the container logs to search for error messages. Set to | 50 |
|
If set to |
|
| Additional repositories for scoping the generated GitHub access token. |
2.4. Configuring additional Pipelines as Code controllers to support additional GitHub apps
By default, you can configure Pipelines as Code to interact with one GitHub app. In some cases you might need to use more than one GitHub app, for example, if you need to use different GitHub accounts or different GitHub instances such as GitHub Enterprise or GitHub SaaS. If you want to use more than one GitHub app, you must configure an additional Pipelines as Code controller for every additional GitHub app.
Procedure
In the
TektonConfig
custom resource, add theadditionalPACControllers
section to theplatforms.openshift.pipelinesAsCode
spec, as in the following example:Example
additionalPACControllers
sectionapiVersion: operator.tekton.dev/v1 kind: TektonConfig metadata: name: config spec: platforms: openshift: pipelinesAsCode: additionalPACControllers: pac_controller_2: 1 enable: true 2 secretName: pac_secret_2 3 settings: # 4 # ...
- 1
- The name of the controller. This name must be unique and not exceed 25 characters in length.
- 2
- This parameter is optional. Set this parameter to
true
to enable the additional controller or tofalse
to disable the additional controller. The default vaule istrue
. - 3
- Set this parameter to the name of a secret that you must create for the GitHub app.
- 4
- This section is optional. In this section, you can set any Pipelines as Code settings for this controller if the settings must be different from the main Pipelines as Code controller.
-
Optional: If you want to use more than two GitHub apps, create additional sections under the
pipelinesAsCode.additionalPACControllers
spec to configure a Pipelines as Code controller for every GitHub instance. Use a unique name for every controller.