Tekton Reviews

While working with the client at Deloitte, we focused on enhancing our DevOps practices and ensuring site availability through continuous integration and deployment (CI/CD) pipelines. Jenkins was the primary technology in use at that time. However, the client expressed interest in transitioning to cloud-native, more efficient solutions to create a futuristic platform. We chose Tekton due to its compatibility with Red Hat OpenShift, which was already part of the client's Red Hat subscription. Tekton's ease of customization and availability as a default plugin in Red Hat OpenShift made it the preferred choice for our project.

Tekton's most important feature is its cloud-native nature. Unlike Jenkins, which may not scale as efficiently, Tekton's CI pipeline can automatically scale up to handle increased workload demands without needing manual adjustments.

Another important aspect is the level of customization offered by Tekton. Each task in the CI pipeline can be customized independently, allowing developers to write code in various languages like shell scripting, Java, or Python and incorporate them into the pipeline as needed. This level of abstraction and customization greatly benefits developers in creating efficient CI pipelines.

Also, it can be challenging to understand the logs and troubleshoot issues without clear guidance. It's not always easy to reach technical support and get immediate answers. In my opinion, improvement in this area would be beneficial.

When we started with Tekton around 2021 or early 2022, the community support was somewhat limited, which posed challenges when dealing with issues or debugging. We had to rely on Red Hat OpenShift support to overcome these challenges. However, I believe that these issues will naturally improve over time as the developer community grows stronger. From a technical perspective, I haven't had the opportunity to deeply evaluate the product end-to-end, especially in the past year or so, when I've been less involved with it.

During my time at Deloitte, I worked on a project using Tekton. I have one year of working experience with the tool.

Tekton is generally stable, although we observed occasional minor issues or bugs. I don't believe these were major issues caused by Tekton itself. It could have been due to configurations or other factors we missed initially. We were able to identify and fix these issues later on. But in general, Tekton is stable, and there's always room for improvement as it matures.

Since the Red Hat community developed Tekton, we had strong support from our Red Hat subscription. This meant that if we encountered any issues, we could directly contact the Red Hat technical team for assistance, and they were able to support us. By following the documentation and clicking through the necessary
steps in OpenShift, all the components were automatically set up behind the scenes, making Tekton ready to use without much hassle.

The initial installation and setup of Tekton were relatively straightforward and not too time-consuming. The documentation provided clear instructions on setting up the base Tekton server configuration. Additionally, integrating Tekton with Red Hat OpenShift was made more straightforward due to the platform's user-friendly plugins.

It is worth the investment because, from my perspective and expertise, it proves to be beneficial when used efficiently. For instance, if we compare it to running a Jenkins server, which has limited resources and can handle a specific number of applications, Tekton can provide better scalability and efficiency at a larger scale.

If you're dealing with many applications and need a reliable, scalable, and efficient system, I'd recommend going with Tekton, as it's more mature and has a growing developer community. However, if you prefer sticking to traditional technologies like Jenkins, especially if your team is already familiar with them and needs a quick ramp-up, that's also a viable option.

I would rate the solution an eight out of ten.

We are using Tekton for continuous integration and continuous delivery to deploy our code to production.

By using Tekton, we have streamlined our deployment process and enabled continuous integration and delivery, which is crucial for maintaining our production systems.

The most valuable aspect of Tekton is its Kubernetes maintenance, allowing us to use it anywhere that supports Kubernetes. It is an open-source tool, which makes it highly adaptable.

Improvements could include introducing a UI-based pipeline development feature, such as drag and drop, which would help individuals with limited technical knowledge start building pipelines. However, I acknowledge that might be too ambitious.

I have been using Tekton for over six months.

We have experienced some performance issues with our clusters, leading the deployment team to create new clusters for enhanced performance. Teams are in the process of migrating to these new clusters.

Scalability-wise, Tekton should be adequate since it supports Kubernetes natively. Although I have limited knowledge in this area, it should scale by adding pods and clusters.

I have only received communications regarding migration from customer service. There haven't been any significant issues requiring their contact.

Positive

Previously, I was not involved in using any CI/CD platform, as there was a separate deployment team handling it. Therefore, Tekton is my first experience with a CI/CD solution.

The initial setup was challenging due to the various core concepts involved and multiple required connections, such as GitHub and cloud. Understanding triggers, events, and pipelines was important, but it posed a learning curve.

The setup process was managed by involving a senior colleague with experience, which aided in deploying successfully.

It is an excellent choice for CI/CD, primarily due to being open source and Kubernetes-native, which avoids vendor lock-in and allows flexibility in backend changes with minimal settings adjustments.

I'd rate the solution eight out of ten.

It is an open-source tool initially developed by Google for internal use, later open-sourced, and widely adopted for building and deploying applications in Kubernetes environments. When deployed in a Kubernetes cluster, Tekton seamlessly integrates with the environment, streamlining the application pipeline delivery process. It automatically triggers when code is merged into the main branch, operating natively within Kubernetes without requiring additional external components. The automated pipeline, initiated by Tekton, builds the application, deploys it to specified container registries, and then to the Kubernetes cluster. Tekton's versatility shines in multi-environment setups like staging, testing, and production, efficiently managing the continuous integration (CI) part by triggering processes linked to code merges. Users often integrate Argo CD to complement Tekton in the continuous deployment (CD) phase. Argo CD pulls and deploys the latest application image within the Kubernetes cluster, creating a comprehensive and automated CI/CD workflow.

Its user-friendly features include a clean and sleek dashboard. This dashboard provides detailed logs and stages of the pipeline, offering transparency into each step of the process. In case of any failures at a specific stage, the dashboard provides comprehensive information about the issue, enabling quick identification and resolution. Another valuable aspect is its lightweight nature. There's no need for additional deployments or reliance on external vendors for CI/CD, resulting in significant cost savings. Its seamless integration with Kubernetes, being built on top of it and utilizing Custom Resource Definitions, ensures a smooth experience within Kubernetes environments exclusively. Its capability to build entire applications within containers contributes to a seamless and efficient workflow. It stands out for its customizability and scalability, allowing users to undertake diverse tasks.

It tends to occupy a significant amount of disk space on the node, which could potentially pose challenges. This aspect could be enhanced for better efficiency. Additionally, the build time, particularly for larger applications, seems a bit extended, ranging from five to ten minutes in some cases. There's room for improvement to streamline and minimize the build time.

I have been using it for the last six months.

The product appears to be stable, I haven't encountered any noticeable bugs or errors. It has proven reliable in automatically executing tasks once triggered, making it a dependable tool.

The developers' team, consisting of over thirty or forty individuals, actively uses it.

The initial setup was quite straightforward since it comprises various components that are defined separately and then combined to create a pipeline.

Deploying it was easy and seamless, but creating a pipeline involved a bit more effort, requiring attention to various details and taking some time. Despite the complexity of creating pipelines, the overall deployment and readiness of the tool for use were smooth and uncomplicated. Understanding the architecture of this technology is crucial. For newcomers, there might be a learning curve initially, making it a bit more challenging. I am the one responsible for configuring, deploying, and creating pipelines for the development team. I have established a read-only dashboard that provides a clear and concise overview of the pipeline statuses when triggered.

It is entirely open source and free of charge.

While other options like Jenkins were available, Tekton's native compatibility and endorsement by a skilled team of Google developers influenced my decision. It is a stable tool from Google, providing authentication validation for applications. Additionally, I appreciated the seamless integration with Kubernetes, making it a native and well-developed tool for CI/CD processes.

I highly recommend that you operate in a Kubernetes-based environment closely integrated with Kubernetes. However, I suggest deploying it in a separate cluster, not where your primary workloads run, to avoid potential disruptions to production cluster resources. I also recommend it for users who are already familiar with the tool. While it offers significant capabilities, harnessing its full potential requires a certain level of understanding. Overall, I would rate it seven out of ten.

Tekton is the orchestration engine within OpenShift, which is our on-premise platform. Since we are not on the cloud yet, OpenShift plays a strategic role, and Tekton is a significant part of it. It serves as an orchestrator.

In my experience of the last two years using Tekton and OpenShift pipelines, I haven't encountered many issues. As an orchestrator, Tekton works best. It's just one component of the larger OpenShift platform. Tekton consists of multiple components like events, trigger bindings, and more. However, when it comes to the overall OpenShift platform, being a platform as a service, most aspects are taken care of. 

Tekton plays a primary role as an orchestrator. When we receive a webhook from any Git repository, such as Azure Git or GitLab, Tekton triggers the pipeline and performs tasks like code retrieval, running SonarQube or Fortify tasks, and creating and deploying images to multiple environments.

So we can have multiple promoted environments, starting from dev to SIT, then to UAT, and finally to production. We follow a continuous flow branching approach, allowing us to promote changes from smaller environments to larger ones like dev to SIT, SIT to UAT, and UAT to production, which is our master branch. This helps us maintain a smooth workflow and ensures reliable deployment.

Tekton is an orchestrator. It provides seamless integration for our pipelines. It offers robust support for executing tasks within the pipeline, allowing us to set up and run pipelines quickly.

Additionally, Tekton's underlying architecture with OpenShift enables us to create, implement, and run end-to-end pipelines. We can integrate various automation tools like Fortify or SonarQube for testing, code scanning, regression testing, and more. All these tasks can be executed within the pipeline using Tekton.

There might be occasional issues with storage or cluster-level logging, which can affect production. But as a component, Tekton performs flawlessly.

As an orchestrator, Tekton effectively executes most tasks. However, there are instances where we feel that YAML files, which Tekton reads, could benefit from increased flexibility. You see, in OpenShift, everything revolves around YAML. We have different components specified in YAML files, and when we put them together in an OpenShift pipeline, it generally works fine. However, occasionally we encounter difficulties when editing these YAML files.

I have been working with Tekton since we implemented it in 2020, so it's been almost two years.

We haven't encountered any stability issues with it. It has been reliable and available.

Tekton is scalable.

Red Hat's support has been quite excellent. We have a close partnership with Red Hat, as our DevOps strategy heavily relies on OpenShift as a core component. 

Since our entire architecture is on-premise, we have made significant investments in OpenShift. Setting up the OpenShift cluster and configuring different components, including Tekton, has been smooth and hassle-free for us, thanks to Red Hat's support.

It's not solely about Tekton itself. We chose OpenShift as a platform as a service because we opted for on-premise implementation instead of the cloud. The implementation of OpenShift includes the incorporation of Tekton.

The initial setup is actually easy. Tekton is just one of the underlying components in OpenShift pipelines. It's a technology and engine with a straightforward architecture, so the setup process is quite simple.

We have a command-line setup where we use the OpenShift client to connect to Tekton. It's like talking to the cluster, and Tekton executes the tasks on that specific cluster. It's an efficient and streamlined process.

The entire OpenShift platform is supported by just two DevOps engineers.

But we might need to expand the team in the future. Two resources are not sufficient considering the workload and stress we handle.

The pricing is based on OpenShift's vCPU licenses. We pay according to the number of virtual CPUs, which can be costly. 

However, it's important to note that Tekton is just one of the underlying components in OpenShift. Therefore, the pricing and licensing considerations are more related to OpenShift as a whole rather than Tekton alone.

We have evaluated multiple vendors, including Red Hat, whose DevOps architecture includes Tekton as an underlying component. However, other vendors also offer similar orchestration components in their architectures. 

So, there are various tools available from different vendors that serve the same purpose as Tekton.

There are several vendors in the market who provide their own versions of orchestration components for DevOps architectures, apart from Red Hat. They implement their own approaches and name their components accordingly, but the purpose is similar to Tekton.

I would recommend Tekton as an orchestrator because it works well within the OpenShift environment. While there may be similar orchestrator components offered by other vendors in different DevOps architectures, Tekton's integration with other OpenShift components makes it a strong choice.

I would rate Tekton a seven. The only drawback I've experienced is the difficulty of modifying YAML files on the fly and making changes, as it doesn't work well in that aspect. However, apart from that, Tekton performs well in other areas.

We mostly use Tekton to run all of our pipelines. We create unit tests and also use it for Jira build messages as well as the Docker build application. We check the logs within Tekton itself and create a manifest to deploy in our development, test, and other environments.

We can create multiple pipelines with Tekton. I find it beneficial to show data from Tekton to another GitHub or Bitbucket pipeline.

It would be better if Tekton could show the YAML file while it is running, similar to GitHub pipelines, to provide more visibility on what's happening. We need information on the duration and specifics of the running pipeline for easier analysis.

It's been one year since we started using Tekton.

Tekton is a stable product. It comes integrated with OpenShift. We can definitely use it, and it supports authorization and authentication, enhancing security.

We can easily scale Tekton as it is integrated with OpenShift clusters.

Previously, I was using a setup PSD pipeline.

The initial setup is not straightforward. We run it on-premises, meaning there must be an open-source cluster with a Tekton pipeline. The pipeline pods should also run in the same cluster.

The implementation is usually handled by the DevOps team.

Pricing varies based on whether the user is an enterprise or individual. Exact pricing details are managed by the company.

I recommend Tekton, but users should have some underlying knowledge about how CI/CD pipelines work.

I'd rate the solution eight out of ten.

I am using Tekton for continuous integration in our project.

The feature that I like most about Tekton is that it is built for Kubernetes, so we can utilize our resources effectively.

Tekton should have more accessibility for some rare use cases so that we can have more references when applying some techniques to our pipeline.

I have been using Tekton since February.

If we set it up correctly and know exactly what we have done, it is very stable because it runs on top of Kubernetes.

I can't give an opinion right now because I haven't applied the scale to our deployment. It's only in our staging environment.

I haven't contacted support yet since most of my errors are addressed in their GitHub repository.

Positive

I had some experience using Tekton when my company migrated the CI panel from another platform.

The initial setup is rather easy because the tutorial is easy to follow.

Tekton is free to use. It's open source.

I would recommend Tekton to my coworkers if they use Kubernetes most at work. However, if my colleagues don't use Kubernetes, I wouldn't recommend Tekton to them because it is very difficult to understand Tekton if you aren't familiar with Kubernetes.

I'd rate the solution eight out of ten.

Our primary use case is for cloud integration and cloud deployment. Tekton is a cloud-native tool that we utilize in Kubernetes and OpenShift. It helps us with code integrations and code deployment. We use it for automating various processes and integrating it with our DevOps environment.

Tekton has improved our performance by allowing us to define metrics and resource limits, enhancing the performance of our whole pipeline. The ability to customize tasks and use custom containers has also allowed us to tailor our workflows to our needs.

The customization is valuable. We can make a lot of customizations, and data sharing between tasks using workspaces is very convenient. Moreover, the flexibility and ease of use in creating and attaching new tasks make it very user-friendly. The Tekton UI and user interactions are very good.

Tekton could improve by adding better documentation. The documentation needs improvement to clarify supported features and required integrations. Additionally, while it is currently a cloud-native solution limited to Kubernetes, an option to run it locally on our own systems would be very useful. Security integrations and third-party integrations also need enhancement.

We have been using the Tekton solution for nearly two years.

Tekton is stable and performs well. However, it would benefit from adding new features quickly to stay relevant and helpful.

Tekton is highly scalable due to its cloud-native nature.

We have not escalated any queries to Tekton itself. Since Tekton comes as an integral part of Red Hat, we rely on existing documentation and haven't had any issues requiring direct technical support.

Neutral

In the past, we used Jenkins for CI/CD. Each tool has its own use case and pros and cons, but Tekton's cloud-native capabilities and ease of deployment and maintenance make it a better fit for our needs.

The initial setup of Tekton is very straightforward. We install it as an operator in our cluster, making maintenance tasks like auto-upgrades and updates easier.

There is no specific cost related to resource optimization provided by Tekton. We need to manage the resource limits and requests ourselves to prevent resource exhaustion, especially when running on cloud platforms like AWS, Azure, or GCP.

I recommend Tekton to anyone closely interacting with Kubernetes. It is particularly useful for larger teams with complex application deployment requirements. However, for smaller teams or simpler use cases, it may not be necessary.

I'd rate the solution six out of ten.

In my company, we use Tekton for the pipeline, specifically Bitbucket pipelines. We have some cluster setups as well. In order to run some testing of the cluster, we chose to handle pipelines via Tekton.

The best feature of Tekton is that it is a Kubernetes-native tool for CI/CD. The tool offers flexibility and compatibility. If we look under the Kubernetes-native area, Tekton is built to run natively on Kubernetes, so it leverages Kubernetes 'scalability, security, and robustness, making it an ideal cloud-native application. I can relate to the pipeline customization in Tekton. It provides a highly customizable and reusable pipeline component. You can define tasks and pipelines that suit your specific workflow needs and easily reuse them as a different service platform. If you see the interoperability, Tekton is designed to indicate that there are other tools and services in the Kubernetes ecosystem. It makes it easy to incorporate things into the existing workflow.

Earlier, I used to use Jenkins pipeline, but compared to Jenkins, Tekton is better. Tekton is quite a user-friendly tool. The tool offers good dashboard access, and it is extremely user-friendly. If you are a beginner, then accessing the flexibility part can be overwhelming. We think the learning curve of the tool is steep, especially for those who are not already familiar with Kubernetes. There is a need to improve the recommendations and create more tutorials for the tool. The tool is very user-friendly for advanced users and not for beginners. There are some limitations, especially since the tool primarily operates through YAML configurations and command lines with limited graphical user interface options. While there are some third-party tools that look like Tekton's dashboard, there are still basic and compact major systems like Jenkins or GitLab.With more advanced built-in CGI and GUI, as a user, we can make it easier to monitor and manage Python faster. We can also improve the data handling and debugging. The debugging of failed pipelines in Tekton can be challenging. The error messages are not very descriptive, and the tool has limited support for step-by-step debugging. So, the improvement in error handling and data handling for debugging needs to be improved so that it could significantly improve the developer experience.

I have been using Tekton for three years. In our company, we have been using the tool for more than eight months. I am just a user of the tool.

In our company, there are around more than 5,000 employees. There are actually many things under the cloud and platform delivery and infrastructure. We don't know the exact number of employees who are using the tool. I believe over 100 people in my company use the tool.

In my entire career, I never went to the support team for help. If I had any doubts or any kind of features, I was able to Google it or use ChatGPT.

The solution is deployed on the cloud.

Beginners should go through the product documentation. There are many tutorials available on the product that can help a person to configure the pipeline and task functions. Once you get a proper idea of the architecture of Tekton and how it works, only after knowing how to use the tool will a person get to apply the practical knowledge in the Tekton tools. I suggest that businesses get an idea about Python and how it works, as they need to understand the architecture of Tekton.

I rate the tool an eight out of ten.

The CI solution of the team I worked for was based on Tekton. Since Tekton is a Kubernetes native framework, we can easily configure it within a Kubernetes cluster, which has many benefits.

I would say the customization ability that Tekton provides is good. As an example, if we look at the pipeline structure of Tekton, a Tekton Pipeline was built with Tekton Tasks. We can specify a Tekton Task within the pipeline YAML. Otherwise, we can specify the task in a separate YAML and add it as a reference within the pipeline so that we can use the Tekton Task as a reusable component in other pipelines as well. Another thing is that we can execute a Tekton Task based on conditions such as "when" expressions. Furthermore, Tekton provides Tekton Triggers. We use Tekton Triggers to dynamically execute a pipeline based on an event, which is also a very useful feature for us. These customization features of Tekton made it more valuable and flexible to use for us.

The product's documentation is an area of concern, making it an area where improvements are required.

Apart from the documentation, there is one more thing that I believe needs to improve in Tekton. In the Tekton pipeline structure, there is an optional feature called finally section, where we can add all the core Tekton Tasks, which have to be executed even in a pipeline failure scenario. But the issue is that we cannot give a sequence for the tasks in the finally section, so all the tasks are running simultaneously. I believe if we had a feature to help users add a sequence for the tasks in the finally section, then it would make our lives easier.

The scalability could improve a lot in the future.

I have been using Tekton for a year. I am a user of the tool.

Sometimes, we face some version compatibility issues, but when we upgrade the version, it gets rectified. Stability-wise, I rate the solution an eight out of ten.

I know that there are more than 20 people using Tekton within our company. As the CI solution in our company is based on Tekton, many people, including new joiners, also have to learn Tekton. Scalability-wise, I rate the solution a seven out of ten.

When our company faced challenges with the tool, we had to do our own trials and errors to find a solution. Sometimes, we had to go through some GitHub issues related to the challenges we faced, but most of the time, we couldn't find an exact solution by looking at the GitHub issues. So we had to try to resolve the issues we faced in Tekton with the knowledge we had. We did not contact Tekton's support team.

Tekton's integration capabilities have helped our company's development workflow. Tekton is a Kubernetes native framework, so most of the command lines that we use in Kubernetes could also be used within Tekton framework. Basically, configuring Tekton Pipelines within our Kubernetes cluster was very easy compared to using other solutions. Overall, the development workflow was easy when using Tekton.

As a beginner who is trying to use Tekton, it will take some effort to learn it because the documentation in Tekton has to improve a lot. There are no tutorials to learn about Tekton because I personally learned it from my seniors and my experience and even when we faced challenges in the development, we couldn't find a solution on the internet. We had to do our own trial and error to find a solution, which was one of the main challenges while using Tekton.

I recommend the tool to others as using Tekton makes our lives easier. As far as I know, many companies don't know about Tekton. If they knew that there is something called Tekton, they would definitely adjust to it. 

I rate the tool a nine out of ten.

We don't know the customer's end goal, but we are developing a cloud-agnostic platform based on their wishes. That's why we moved almost all our architecture to Kubernetes. For our development pipeline, which is cloud-agnostic, we also put all our CI/CD pipelines on Kubernetes. We decided to use Tekton because it's Kubernetes-native for CI/CD. Currently, it works on Kubernetes in the GCP and Azure. So we use Azure Kubernetes Services and GCP.

The first functional requirement we wanted from Tekton or any other CI/CD pipeline was to be cloud-agnostic. We met this requirement with Tekton. One of our main goals was to improve the development experience. We wanted a narrow branch approach so developers could easily create isolated environments for feature branches. In this environment, it's good to have independent assets like the build system. For example, if a developer wants to develop and use microservices, they can create a feature branch, and Tekton and any build assets are isolated to this branch. Tekton allows this because it is a native Kubernetes build system and works with Kubernetes namespaces as an isolation strategy. You can isolate most Tekton assets in the Kubernetes namespace for your feature branch. This allows you to freely change Tekton assets and objects to adapt to your feature branch and requirements. Additionally, when you remove a namespace, all Tekton assets are removed with it, so you don't need to clean up build assets manually.

Based on the event triggers, we found a workaround proposed by the Tekton team. This involves trigger groups. However, I'm a bit worried about scaling Tekton from the point of view of big CI/CD processes. As you know, Tekton uses a Kubernetes native approach with a controller feature. The controller is a service that controls every aspect of Tekton's work in the cluster. The problem is that this controller works in a single zone. You can configure the number of replicas for this controller for high availability, but the controller doesn't allow a sharding strategy. For example, you can't set up the controller to process only a subset of the Tekton objects in your cluster. This singleton approach could lead to performance problems in the future. Currently, our production controller takes around 500 megabytes of RAM. If our environment grows, it might take one or two gigabytes. It would be better to have a sharding or partition strategy to distribute the load from the single controller to multiple ones.

I have been using Tekton for the past six months actively, but extensively I started exploring it two months ago.

Tekton is convenient because, previously, I had experience with GCP Cloud Builds. The good thing about Tekton is that it works well with autoscale in Kubernetes. You can set up zero nodes, and when you run your Tekton CI/CD pipeline, the number of nodes will grow automatically. This allows for cost efficiency from a build point of view because you won't need to have pre-existing nodes for your workloads.

My organization is promising to move all our builds to Tekton. Of course, we have some concerns about scalability, but for now, it works okay.

We found the solutions faster than the technical team answered us. They have a standard GitHub community forum or issues list where you can ask questions and create issues. But I think their response is not so fast. It took around maybe one week to get an answer from them. But, of course, it's understandable because this is open source and not a paid project for them. 

The process of installation has worked smoothly. You just run a couple of commands, and Tekton is installed in your Kubernetes cluster. There are no problems here at all. We did meet some issues with the default configuration of Tekton because, by default, Tekton uses the Affinity feature, some kind of PostgreSQL feature. This feature, when enabled, prevented better scaling. We turned it off, and everything worked as we expected. By default, this feature is turned on, and we met some scalability issues. This feature allows assigning different pods for the same pipeline to the same node. But if you set up different requests and limits for different stages of your pipeline, assigning them to the same node prevents scaling up the node pool. That's why we turned this feature off. Now everything works okay. So maybe the default configuration of Tekton is not perfect, at least for our scenario.

Initially, our project was located in the GCP, but our customer wanted to make it cloud-agnostic. They wanted to move it to Azure and maybe on-premises afterwards.

Based on our requirements, the main need was for a cloud-agnostic platform, which is why we chose to run everything in Kubernetes, and Tekton fits this task easily. If you're familiar with other CI/CD pipelines like GitHub Actions or GitLab CI and they meet all your requirements, it might be good to stick with them. They are quite similar in functionality. Tekton stands out because it provides supply chain security out of the box with Tekton Chains, which we use. It includes built-in tools to sign and verify images. GitHub Actions and GitLab CI don't have this feature out of the box, so you'd need to implement it yourself. For better security, Tekton might be a better fit.