Building a Tekton CI/CD Pipeline to Build and Push Docker Images with Kaniko

First, a Kubernetes Secret named docker-auth is created to store Docker Hub credentials, and a ServiceAccount build-sa is defined to reference this secret.

apiVersion: v1 kind: Secret metadata: name: docker-auth annotations: tekton.dev/docker-0: https://index.docker.io/v1/ type: kubernetes.io/basic-auth stringData: username: myusername password: mypassword

apiVersion: v1 kind: ServiceAccount metadata: name: build-sa secrets: - name: docker-auth

These resources are applied with kubectl apply -f secret.yaml and kubectl apply -f serviceaccount.yaml , enabling Tekton tasks to authenticate with Docker Hub.

Next, a Tekton Task named build-and-push is defined to build the Docker image using the Kaniko executor and push it to Docker Hub. The task uses the previously created secret via the DOCKER_CONFIG environment variable.

apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: build-and-push spec: resources: inputs: - name: repo type: git steps: - name: build-and-push image: cnych/kaniko-executor:v0.22.0 env: - name: DOCKER_CONFIG value: /tekton/home/.docker command: - /kaniko/executor - --dockerfile=Dockerfile - --context=/workspace/repo - --destination=cnych/tekton-test:latest

A corresponding TaskRun references the task and the build-sa ServiceAccount:

apiVersion: tekton.dev/v1beta1 kind: TaskRun metadata: name: build-and-push spec: serviceAccountName: build-sa taskRef: name: build-and-push resources: inputs: - name: repo resourceRef: name: cnych-tekton-example

Applying the TaskRun with kubectl apply -f taskrun-build-push.yaml triggers the build; pod logs show successful cloning, building, and pushing of the image.

Finally, a Pipeline combines the earlier test task with the new build-and-push task, ensuring the build runs only after tests succeed. A PipelineRun using the same build-sa ServiceAccount starts the full workflow.

apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: test-build-push spec: resources: - name: repo type: git tasks: - name: test taskRef: name: test resources: inputs: - name: repo resource: repo - name: build-and-push taskRef: name: build-and-push runAfter: - test resources: inputs: - name: repo resource: repo

apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: name: test-build-push-run spec: serviceAccountName: build-sa pipelineRef: name: test-build-push resources: - name: repo resourceRef: name: cnych-tekton-example

Applying the pipeline and pipeline run creates the full CI/CD process, which can be monitored via kubectl get pods and kubectl logs . The successful execution confirms that Tekton can orchestrate testing, image building, and deployment in a cloud‑native Kubernetes environment.