Tekton is a Kaa platform infrastructure service which manages a repository of application-specific configurations for the Kaa service instances. When Tekton integration is enabled in Kaa services, Tekton acts as a convenient alternative to configuration files for managing Kaa applications, application versions, and the associated configurations in the cluster.

When the application-specific configs are managed through the configuration files, applying a change requires a service restart. Tekton provides a NATS-based configuration change notification mechanism that Kaa services subscribe to and receive live configuration updates. On such notification, Kaa services fetch the updated application configuration via Tekton REST API and apply it without a restart.

Tekton must be configured with the list of service instances deployed in a given Kaa cluster. It provides REST API for retrieving configured service instances and their properties. This API is used, for example, by the Web Dashboard (WD) to display all service instances available in your cluster and to allow configuring them.


Tekton supports a number of interfaces to perform its functional role. The key supported interfaces are summarized in the following diagram.

Tekton interfaces diagram

For inter-service communication, Kaa services mainly use REST APIs and messaging protocols that run over NATS messaging system.

Service instances API

Service instances API allows retrieving information on service instances deployed in a given Kaa cluster along with their properties, such as:

  • the service instance name (e.g. “cmx-ota”)
  • the name of the underlying service (e.g. “CMX”)
  • application-specific configuration schema, etc.

Tekton sources the service instances data from its configuration. It must be defined in order for Tekton to be able to manage the corresponding service instance configurations.

Application management API

Application management API allows managing Kaa applications and their versions in Tekton. All service replicas in your Kaa cluster receive notifications from Tekton on changes to the list of defined applications and their versions.

Application configuration management API

Application configuration management API allows managing application- and appversion-specific configurations applicable to service instances in your Kaa cluster. Replicas of the affected service instance in your Kaa cluster receive notifications from Tekton on changes to the configuration data.

This API is also used by Kaa services to retrieve application- and appversion-specific configuration data from Tekton.

Service configuration management protocol

Service Configuration Management Protocol (17/SCMP) is a NATS-based messaging protocol for notifying Kaa cluster services of the runtime changes in applications, application versions, and their associated configurations.

Tekton acts as a provider in terms of 17/SCMP, while the other services in your Kaa cluster act as consumers. When there is a change in the list of applications or their versions, Tekton generates a broadcast notification message that gets delivered to all service instance replicas in the Kaa cluster. Upon an application- or appversion-specific configuration change for a service instance, Tekton generates a message that gets delivered to all replicas of the affected service instance.

Kaa Tenant Manager

Tekton supports multi-tenancy with each tenant using a separate OAuth 2.0 issuer for authentication, authorization, and resource management. The list of the existing tenants is managed by [the Kaa Tenant Manager][Tenant Manager], which provides REST API for retrieving tenant security configs.

See the security configuration for more details on how to enable multi-tenancy in Tekton.

Management interface

Tekton exposes an HTTP-based management interface with the following endpoints:

  • GET /health returns 200 OK if the service is up and running properly, and 500 Internal Server Error otherwise. In case of errors, the response payload contains their human-redable descriptions. This endpoint can be used by Kubernetes for liveness and readiness probing.
  • GET /metrics provides service metrics in Prometheus text-based format.