The Tekton Dashboard is a Kubernetes-native web UI that allows you to visualize and manage your Tekton Pipelines.
Here’s how to set it up.
Deploying the Tekton Dashboard
The easiest way to deploy the Tekton Dashboard is using its provided Kubernetes manifests. These manifests will create the necessary Deployment, Service, and RBAC resources.
kubectl apply -f https://raw.githubusercontent.com/tektoncd/dashboard/v0.33.0/k8s/00-tekton- epoxide.yaml
kubectl apply -f https://raw.githubusercontent.com/tektoncd/dashboard/v0.33.0/k8s/00-tekton-dashboard.yaml
These commands fetch the latest stable release of the dashboard’s YAML configurations and apply them to your Kubernetes cluster. The 00-tekton-epoxide.yaml file sets up the necessary CRDs for the dashboard, and 00-tekton-dashboard.yaml deploys the dashboard itself.
Accessing the Tekton Dashboard
By default, the Tekton Dashboard is exposed as a ClusterIP service. To access it, you’ll typically want to use kubectl port-forward or create an Ingress.
Port Forwarding
This is the simplest method for local access during development or testing.
kubectl port-forward service/tekton-dashboard -n tekton-pipelines 9097:9097
This command forwards traffic from your local machine’s port 9097 to the tekton-dashboard service running in the tekton-pipelines namespace on port 9097. You can then access the dashboard by navigating to http://localhost:9097 in your web browser.
Creating an Ingress (for external access)
For more permanent or shared access, you’ll want to expose the dashboard via an Ingress.
First, ensure you have an Ingress controller installed in your cluster (e.g., Nginx Ingress Controller, Traefik).
Here’s an example Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tekton-dashboard-ingress
namespace: tekton-pipelines
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false" # Or configure TLS
spec:
rules:
- host: tekton.yourdomain.com # Replace with your desired hostname
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tekton-dashboard
port:
number: 9097
Apply this Ingress resource:
kubectl apply -f your-ingress-file.yaml
Once the Ingress is active and your DNS is configured to point tekton.yourdomain.com to your Ingress controller’s IP address, you’ll be able to access the dashboard via that hostname.
Understanding the Dashboard Interface
The Tekton Dashboard provides a clear, organized view of your Tekton resources.
- Pipelines: Lists all your defined
Pipelineresources. You can click on a pipeline to see its definition, including its tasks and parameters. - TaskRuns: Shows the execution history of your
Taskresources. EachTaskRunrepresents a single execution of aTask. - PipelineRuns: Displays the execution history of your
Pipelineresources. EachPipelineRunrepresents a single execution of aPipeline. You can see the status of each task within the pipeline, logs, and any associated parameters. - Tasks: Lists all your defined
Taskresources. You can view their steps, parameters, and workspaces. - Workspaces: Lists all your defined
Workspaceresources. - Images: Lists all images used by your Tekton resources.
When a PipelineRun is in progress, you can see a visual representation of the pipeline’s execution flow, highlighting which tasks are running, have succeeded, or have failed. Clicking on a specific task within the visualizer will often provide direct access to its logs.
Security Considerations
By default, the Tekton Dashboard is not secured. Anyone with access to the Kubernetes API can access it. For production environments, it’s crucial to implement proper authentication and authorization.
The Tekton Dashboard supports OIDC (OpenID Connect) for authentication. You can configure this by setting environment variables on the dashboard’s Deployment.
You can find detailed instructions on configuring OIDC and other security measures in the official Tekton Dashboard documentation.
Customization and Configuration
You can customize the dashboard’s behavior by modifying its Deployment or ConfigMap. For instance, you might want to:
- Change the namespace: The default namespace is
tekton-pipelines. If you installed Tekton in a different namespace, you’ll need to adjust the deployment and service accordingly. - Configure RBAC: Ensure the ServiceAccount used by the dashboard has the necessary permissions to list and watch Tekton resources in the desired namespaces.
- Enable specific features: The dashboard has various feature flags that can be enabled or disabled.
The dashboard’s configuration is primarily managed through environment variables within its Kubernetes Deployment. You can edit the deployment:
kubectl edit deployment tekton-dashboard -n tekton-pipelines
Look for the env section under spec.template.spec.containers[0].env to add or modify environment variables.
For example, to change the default log retrieval limit:
- name: ENABLE_LOG_SCROLLING
value: "true"
- name: LOG_PAGE_SIZE
value: "1000" # Default is 100
The most surprising thing about the Tekton Dashboard’s internal workings is how it leverages Kubernetes events and the Kubernetes API directly to provide real-time updates without relying on a separate WebSocket server for every client connection. Instead, it uses the standard Kubernetes watch API, which is highly efficient and scalable for streaming resource changes.
If you’re looking to integrate the dashboard with external CI/CD systems or trigger pipeline runs programmatically, you’ll want to explore the Tekton API itself.
This setup provides a solid foundation for visualizing and interacting with your Tekton Pipelines. The next step is often to explore how to automate pipeline creation and execution, which leads into understanding Tekton’s programmatic interfaces and GitOps integration patterns.