Developing Knative pipelines on IBM Cloud.

I set myself an objective to contribute to open source in 2019 more than I did last year. Since I’ve been working with serverless technologies and I have years of experience with continuous integration and deployment, Knative looked like a good candidate. I started looking at setting up a simple CD pipeline for an helm chart I worked on some time ago. I previously setup CI for the same repo Skaffold and TravisCI. The Knative community has been transparent and welcoming and so after a few small pull requests were merged, I was able to stand up a simple CD pipeline that builds three docker images and deploys a helm chart that consumes them. In this blog post I will describe how to setup a development environment for Knative’s build-pipeline using your latop and IBM Cloud, both the container service IKS as well as the IBM Container Registry. I won’t get into platform specific details about how to configure kubectl and other tools on your laptop; instead I will provide links to existing excellent documents. In the next blog post I will describe how to setup the CD pipeline.

Knative Pipelines

Pipelines are the newest addition to the Knative project, which already included three components: serving, eventing and build. Quoting from the official README, “The Pipeline CRD provides k8s-style resources for declaring CI/CD-style pipelines”. The build-pipeline project introduces a few new custom resource definitions (CRDs) that make it possible to define pipelineresources, tasks/taskruns and pipelines/pipelineruns directly in Kubernetes.

Preparing your laptop

Before you start, you need to set up the development environment on your laptop. Install git, go and the IBM Cloud CLI. Make sure your GOPATH is set correctly. Either /go or ~/go are good choices, I prefer the former to keep paths shorter.

You also need an IBM Cloud account. If you don’t have one, you can create one for free at Knative development benefits from ko to build and deploy its components seamlessly. You will use ko to build knative container images and publish them to the container registry. Let’s go ahead and install it.

Next you need to configure ko to be able to push images to the cloud registry:

You need a kubernetes cluster where to deploy Knative. If you don’t have one, provision one in IKS (IBM Cloud Kubernetes Service). Store the cluster name in the IKS_CLUSTER environment variable.

Installing Knative from source

Everything is ready now to setup Knative. Obtain the source code:

Deploy Knative build pipeline:

In the last step, ko compiles the code, builds the docker images, pushes them to the registry, updates the YAML manifests to include the correct image path and version and finally applies all of them to the kubernetes cluster. The first time you run this it will take a bit longer. The manifest file creates a namespace knative-build-pipeline and a service account within it called build-pipeline-controller. This service account won’t be able to pull the images from the CR until we define the default image pull secret to be used in every pod created with that service account.

Delete the controller pods so they are restarted with the right secrets:

If everything went well, you will see something like this:

Prepare a service account to push images

You configured ko to be able to push images to the registry, and the build-pipeline-controller service account to be able to pull images from it. The pipeline will execute build and push images using the PIPELINE_SERVICE_ACCOUNT in the PIPELINE_NAMESPACE, so you need to ensure that PIPELINE_SERVICE_ACCOUNT can push images to the registry as well. Create a container registry read/write token, in the same way as you did for configuring ko. Define the following secret template:

Fill in the endpoint and token values from the environment variables:

Making a code change to Knative

To verify that the development workflow is setup correctly, let’s make a small code change to the Knative pipeline controller:

You can build and deploy the modified controller with just one command:

The output looks like the following:

Changing the code of the controller causes the controller pod to be destroyed and recreated automatically, so if you check the controller logs you can see the customized startup message:

If you can see the line highlighted in the log above, you successfully setup your Knative pipeline development environment on IBM Cloud, congratulations!


The Knative pipeline manifest that configures the build-pipeline-controller service account does not support configuring imagePullSecrets; this is why the service account has to be patched after the initial install. It is convenient, however, when developing on Knative, to simple issue a ko apply -f config/ command to apply to the cluster all code changes at once. That command would however revert the service account and drop the imagePullSecrets. I use git stash to work around this issue as follows:

  • On a clean code base, alter config/200-serviceaccount.yaml, to include the imagePullSecrets:
  • Run git stash to restore a clean code base

The deployment workflow then becomes:


You can follow a similar approach to set up other Knative components as well. In the next blog post, I will continue from here to describe how to set up a CD pipeline through the Knative pipeline service you just installed.


One thought on “Developing Knative pipelines on IBM Cloud.

  1. Build pipelines have been renamed as Tekton pipelines now, and consequently the new serviceaccount is tekton-pipelines-controller and the new namespace is tekton-pipelines.

Leave a Reply