Integrate Tekton CI with ArgoCD CD: A Step‑by‑Step Pipeline Guide
This article demonstrates how to split a Tekton pipeline into CI and CD phases, using Tekton for continuous integration and ArgoCD for continuous deployment, covering repository setup, Helm chart management, task and pipeline creation, and verification of the end‑to‑end workflow.
Previous articles introduced Tekton basics; now we separate CI and CD, using Tekton for CI and ArgoCD for CD.
To adopt the Tekton+ArgoCD model, the original deploy task is changed to modify Helm chart information and push it to GitLab, while ArgoCD handles the actual deployment.
Overall steps:
Pull code
Build image and push
Update Helm chart value.yaml with new image info and push to the repository
ArgoCD detects the chart repository change and updates the application
Prerequisite: ArgoCD must be deployed; refer to the official documentation for installation.
Save Helm Chart to GitLab
Because ArgoCD follows a GitOps approach, create a
devops-helm-chartrepository and push the Helm chart to it.
Deploy Application on ArgoCD
(1) Add Repository
(2) Deploy Application
Refactor Tekton Pipeline
Now we create a task that updates the Helm chart.
Create Task to Change Helm Chart
The task modifies the Helm chart in the Git repository, ensuring changes are traceable via Git.
<code>apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: deploy-to-gitlab
spec:
workspaces:
- name: source
- name: kubernetesconfig
mountPath: /root/.kube
params:
- name: IMAGE
- name: TAG
- name: GIT_USERNAME
- name: GIT_PASSWORD
- name: CHART_GITLAB_URL
- name: GIT_NAME
default: joker
- name: GIT_EMAIL
default: [email protected]
- name: CHART_DIR
steps:
- name: run-change-helm-chart
image: registry.cn-hangzhou.aliyuncs.com/coolops/helm-kubectl-curl-git-jq-yq:latest
workingDir: $(workspaces.source.path)
script: |
git remote set-url origin http://$(params.GIT_USERNAME):$(params.GIT_PASSWORD)@$(params.CHART_GITLAB_URL)
git config --global user.name "$(params.GIT_NAME)"
git config --global user.email "$(params.GIT_EMAIL)"
git clone http://$(params.GIT_USERNAME):$(params.GIT_PASSWORD)@$(params.CHART_GITLAB_URL) /opt/devops-cd
cd /opt/devops-cd/$(params.CHART_DIR)
git pull
yq w --inplace values.yaml 'image.repository' "$(params.IMAGE)"
yq w --inplace values.yaml 'image.tag' "$(params.TAG)"
git commit -am 'image update'
git push
</code>Modify Tekton Pipeline
We add the new task to the pipeline and define necessary parameters and workspaces.
<code>apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
name: rd-argocd-pipeline
spec:
workspaces:
- name: rd-repo-pvc
- name: docker-config
params:
- name: git_url
- name: revision
type: string
default: "master"
- name: gitInitImage
type: string
default: "registry.cn-hangzhou.aliyuncs.com/coolops/tekton-git-init:v0.29"
- name: pathToDockerfile
description: The path to the build context, used by Kaniko within the workspace
default: .
- name: imageUrl
description: Url of image repository
- name: imageTag
description: Tag to apply to the built image
default: latest
- name: git_username
type: string
default: root
- name: git_password
type: string
- name: chart_gitlab_url
type: string
default: 192.168.205.130/root/devops-helm-chart.git
- name: git_name
type: string
default: joker
- name: git_email
type: string
default: [email protected]
- name: chart_dir
type: string
default: coolops-rd
- name: app_name
type: string
- name: sonar_username
type: string
default: admin
- name: sonar_password
type: string
default: admin
- name: sonar_url
type: string
tasks:
- name: clone
taskRef:
name: git-clone
workspaces:
- name: output
workspace: rd-repo-pvc
params:
- name: url
value: $(params.git_url)
- name: revision
value: $(params.revision)
- name: gitInitImage
value: $(params.gitInitImage)
- name: unit-test
workspaces:
- name: source
workspace: rd-repo-pvc
taskRef:
name: unit-test
runAfter:
- clone
- name: build-push-image
params:
- name: pathToDockerfile
value: $(params.pathToDockerfile)
- name: imageUrl
value: $(params.imageUrl)
- name: imageTag
value: $(tasks.clone.results.commit)
taskRef:
name: build-push-image
runAfter:
- unit-test
workspaces:
- name: source
workspace: rd-repo-pvc
- name: dockerconfig
workspace: docker-config
- name: deploy-to-gitlab
taskRef:
name: deploy-to-gitlab
params:
- name: IMAGE
value: $(params.imageUrl)
- name: TAG
value: $(tasks.clone.results.commit)
- name: GIT_USERNAME
value: $(params.git_username)
- name: GIT_PASSWORD
value: $(params.git_password)
- name: CHART_GITLAB_URL
value: $(params.chart_gitlab_url)
- name: GIT_NAME
value: $(params.git_name)
- name: GIT_EMAIL
value: $(params.git_email)
- name: CHART_DIR
value: $(params.chart_dir)
workspaces:
- name: source
workspace: rd-repo-pvc
runAfter:
- build-push-image
- name: sonar-scanner
when:
- input: $(params.revision)
operator: in
values:
- test
taskRef:
name: sonar-scanner
params:
- name: SONAR_USERNAME
value: $(params.sonar_username)
- name: SONAR_PASSWORD
value: $(params.sonar_password)
- name: SONAR_URL
value: $(params.sonar_url)
- name: APP_NAME
value: $(params.app_name)
workspaces:
- name: source
workspace: rd-repo-pvc
</code>Modify PipelineRun
Finally, we create a PipelineRun to test the pipeline.
<code>apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: devops-hello-world-pipeline-run
spec:
pipelineRef:
name: rd-argocd-pipeline
params:
- name: revision
value: test
- name: git_url
value: http://192.168.205.130/root/devops-hello-world.git
- name: imageUrl
value: registry.cn-hangzhou.aliyuncs.com/coolops/devops-hello-world
- name: imageTag
value: latest
- name: pathToDockerfile
value: Dockerfile
- name: git_password
value: Joker@123456
- name: app_name
value: devops-hello-world
- name: sonar_username
value: admin
- name: sonar_password
value: Joker@123456
- name: sonar_url
value: http://sonarqube.coolops.cn
workspaces:
- name: rd-repo-pvc
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: local
resources:
requests:
storage: 1Gi
- name: docker-config
secret:
secretName: docker-config
serviceAccountName: tekton-build-sa
</code>After execution, the Tekton Dashboard shows the run completed successfully.
The
value.yamlin the chart repository is updated accordingly.
ArgoCD detects the change and updates the application.
Conclusion
The Tekton series is now complete, covering installation, theory, and multiple practical examples.
Ops Development Stories
Maintained by a like‑minded team, covering both operations and development. Topics span Linux ops, DevOps toolchain, Kubernetes containerization, monitoring, log collection, network security, and Python or Go development. Team members: Qiao Ke, wanger, Dong Ge, Su Xin, Hua Zai, Zheng Ge, Teacher Xia.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.