TAP on EKS (beta-4) : Part 2 – Install TAP with supply chain basic

Reading Time: 3 mins

In this post, I will be demonstrating the steps to install Tanzu Application Platform packages from the Tanzu Application Platform package repository. Before you install the packages, ensure you have prepared the setup as mentioned in post.

Add TAP package repository

Add TAP package repository
# Set up environment variables for use during the installation.

export INSTALL_REGISTRY_USERNAME=TANZU-NET-USER
export INSTALL_REGISTRY_PASSWORD=TANZU-NET-PASSWORD
export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com

# Create a namespace called tap-install for deploying any component packages by running:

kubectl create ns tap-install

#Create a registry secret by running:

tanzu secret registry add tap-registry --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace tap-install

# Add Tanzu Application Platform package repository to the cluster by running:

tanzu package repository add tanzu-tap-repository --url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:0.4.0 --namespace tap-install

# Get the status of the Tanzu Application Platform package repository, and ensure the status updates to Reconcile succeeded by running:

tanzu package repository get tanzu-tap-repository --namespace tap-install
\ Retrieving repository tanzu-tap-repository...
NAME:          tanzu-tap-repository
VERSION:       50358
REPOSITORY:    registry.tanzu.vmware.com/tanzu-application-platform/tap-packages
TAG:           0.4.0
STATUS:        Reconcile succeeded
REASON:

#List the available packages by running:

tanzu package available list --namespace tap-install

Install Tanzu Application Platform profile

Tanzu Application Platform can be installed through pre-defined profiles or through individual packages. TAP contains the following two profiles. In this demo, I will cover about dev profile.

      • Full
      • Dev

Note: refer to doc for more details

$ tanzu package available list tap.tanzu.vmware.com --namespace tap-install
/ Retrieving package versions for tap.tanzu.vmware.com...
  NAME                  VERSION  RELEASED-AT
  tap.tanzu.vmware.com  0.4.0    2021-12-13 00:00:00 +0000 UTC
Dev Profile Syntax
profile: dev
ceip_policy_disclosed: true # Installation fails if this is set to 'false'

buildservice:
  kp_default_repository: "KP-DEFAULT-REPO"
  kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME"
  kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD"
  tanzunet_username: "TANZUNET-USERNAME"
  tanzunet_password: "TANZUNET-PASSWORD"

supply_chain: basic

ootb_supply_chain_basic:
  registry:
    server: "SERVER-NAME"
    repository: "REPO-NAME"

tap_gui:
  service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer

metadata_store:
  app_service_type: LoadBalancer # (optional) Defaults to LoadBalancer. Change to NodePort for distributions that don't support LoadBalancer
  • KP-DEFAULT-REPO is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
    • Harbor has the form kp_default_repository: "my-harbor.io/my-project/build-service"
    • Dockerhub has the form kp_default_repository: "my-dockerhub-user/build-service" or kp_default_repository: "index.docker.io/my-user/build-service"
    • Google Cloud Registry has the form kp_default_repository: "gcr.io/my-project/build-service"
  • KP-DEFAULT-REPO-USERNAME is the username that can write to KP-DEFAULT-REPO. You should be able to docker push to this location with this credential.
    • For Google Cloud Registry, use kp_default_repository_username: _json_key
  • KP-DEFAULT-REPO-PASSWORD is the password for the user that can write to KP-DEFAULT-REPO. You can docker push to this location with these credentials.
    • For Google Cloud Registry, use the contents of the service account JSON key.
  • SERVER-NAME is the hostname of the registry server. Examples:
    • Harbor has the form server: "my-harbor.io"
    • Dockerhub has the form server: "index.docker.io"
    • Google Cloud Registry has the form server: "gcr.io"
  • REPO-NAME is where workload images are stored in the registry. Images are written to SERVER-NAME/REPO-NAME/workload-name. Examples:
    • Harbor has the form repository: "my-project/supply-chain"
    • Dockerhub has the form repository: "my-dockerhub-user"
    • Google Cloud Registry has the form repository: "my-project/supply-chain"

Since we are using Google Cloud Registry in this demo, I have a simple script to parse the credentials. Replace the necessary values before executing.

script
# where <key>.json is the file downloaded from GCP console

service_account_key="$(cat <key>.json)"
cat <<EOF > tap-values.yaml
profile: dev
ceip_policy_disclosed: true # Installation fails if this is set to 'false'
buildservice:
  kp_default_repository: "gcr.io/eknath-se/build-service" # Replace the project id with yours. In my case eknath-se is the project ID
  kp_default_repository_username: _json_key
  kp_default_repository_password: '$(echo $service_account_key)'
  tanzunet_username: "<Tanzu network user name>" # Provide the Tanzu network user name
  tanzunet_password: "<Tanzu network password>" # Provide the Tanzu network password
supply_chain: basic

ootb_supply_chain_basic:
  registry:
    server: "gcr.io"
    repository: "eknath-se/supply-chain" # Replace the project id with yours. In my case eknath-se is the project ID
tap_gui:
  service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer
metadata_store:
  app_service_type: LoadBalancer # (optional) Defaults to LoadBalancer. Change to NodePort for distributions that don't support LoadBalancer
contour:
  envoy:
    service:
      type: LoadBalancer
EOF
Package Install
# Install the package using below command

tanzu package install tap -p tap.tanzu.vmware.com -v 0.4.0 --values-file tap-values.yaml -n tap-install
| Installing package 'tap.tanzu.vmware.com'
/ Getting package metadata for 'tap.tanzu.vmware.com'
| Creating service account 'tap-tap-install-sa'
| Creating cluster admin role 'tap-tap-install-cluster-role'
| Creating cluster role binding 'tap-tap-install-cluster-rolebinding'
| Creating secret 'tap-tap-install-values'
| Creating package resource
/ Waiting for 'PackageInstall' reconciliation for 'tap'
\ 'PackageInstall' resource install status: Reconciling


 Added installed package 'tap'

#Verify the package install by running:

tanzu package installed get tap -n tap-install
/ Retrieving installation details for tap... I0106 16:20:05.005994    5291 request.go:665] Waited for 1.023919096s due to client-side throttling, not priority and fairness, request: GET:https://96CFBBE5E6201E4E11150BE2D79A7487.gr7.ap-south-1.eks.amazonaws.com/apis/eventing.knative.dev/v1beta1?timeout=32s
- Retrieving installation details for tap...
NAME:                    tap
PACKAGE-NAME:            tap.tanzu.vmware.com
PACKAGE-VERSION:         0.4.0
STATUS:                  Reconcile succeeded
CONDITIONS:              [{ReconcileSucceeded True  }]
USEFUL-ERROR-MESSAGE:

# Verify tht all the necessary packages in the profile are installed by running:

tanzu package installed list -A
/ Retrieving installed packages... I0106 16:20:25.378237    5307 request.go:665] Waited for 1.043027695s due to client-side throttling, not priority and fairness, request: GET:https://96CFBBE5E6201E4E11150BE2D79A7487.gr7.ap-south-1.eks.amazonaws.com/apis/eventing.knative.dev/v1beta1?timeout=32s
/ Retrieving installed packages...
  NAME                      PACKAGE-NAME                                  PACKAGE-VERSION  STATUS               NAMESPACE
  accelerator               accelerator.apps.tanzu.vmware.com             0.5.1            Reconcile succeeded  tap-install
  appliveview               run.appliveview.tanzu.vmware.com              1.0.0            Reconcile succeeded  tap-install
  appliveview-conventions   build.appliveview.tanzu.vmware.com            1.0.0            Reconcile succeeded  tap-install
  buildservice              buildservice.tanzu.vmware.com                 1.4.0-build.1    Reconcile succeeded  tap-install
  cartographer              cartographer.tanzu.vmware.com                 0.0.8-rc.7       Reconcile succeeded  tap-install
  cert-manager              cert-manager.tanzu.vmware.com                 1.5.3+tap.1      Reconcile succeeded  tap-install
  cnrs                      cnrs.tanzu.vmware.com                         1.1.0            Reconcile succeeded  tap-install
  contour                   contour.tanzu.vmware.com                      1.18.2+tap.1     Reconcile succeeded  tap-install
  conventions-controller    controller.conventions.apps.tanzu.vmware.com  0.4.2            Reconcile succeeded  tap-install
  developer-conventions     developer-conventions.tanzu.vmware.com        0.4.0-build1     Reconcile succeeded  tap-install
  fluxcd-source-controller  fluxcd.source.controller.tanzu.vmware.com     0.16.0           Reconcile succeeded  tap-install
  ootb-delivery-basic       ootb-delivery-basic.tanzu.vmware.com          0.4.0-build.2    Reconcile succeeded  tap-install
  ootb-supply-chain-basic   ootb-supply-chain-basic.tanzu.vmware.com      0.4.0-build.2    Reconcile succeeded  tap-install
  ootb-templates            ootb-templates.tanzu.vmware.com               0.4.0-build.2    Reconcile succeeded  tap-install
  service-bindings          service-bindings.labs.vmware.com              0.6.0            Reconcile succeeded  tap-install
  services-toolkit          services-toolkit.tanzu.vmware.com             0.5.0-rc.3       Reconcile succeeded  tap-install
  source-controller         controller.source.apps.tanzu.vmware.com       0.2.0            Reconcile succeeded  tap-install
  spring-boot-conventions   spring-boot-conventions.tanzu.vmware.com      0.2.0            Reconcile succeeded  tap-install
  tap                       tap.tanzu.vmware.com                          0.4.0            Reconcile succeeded  tap-install
  tap-gui                   tap-gui.tanzu.vmware.com                      1.0.0-rc.72      Reconcile succeeded  tap-install
  tap-telemetry             tap-telemetry.tanzu.vmware.com                0.1.1            Reconcile succeeded  tap-install
  tekton-pipelines          tekton.tanzu.vmware.com                       0.30.0           Reconcile succeeded  tap-install

Configure TAP GUI

  • On your Git repository of choice, extract the Blank Software Catalog from VMware Tanzu Network. You link to that catalog-info.yaml file when you configure your catalog later. In this demo I am using an existing catalog-info.yaml file from my repo
  • Collect the External IP of LoadBalancer by running:
$ kubectl get svc -n tap-gui
NAME     TYPE           CLUSTER-IP     EXTERNAL-IP                                                                PORT(S)          AGE
server   LoadBalancer   10.100.19.59   aef59c185eaff33c1f0c8b771-1890044.ap-south-1.elb.amazonaws.com   7000:31022/TCP   12m
  • Add the following section to tap-values.yml by using the following template, and replace all placeholders with your relevant values.
Syntax for new lines to be added
tap_gui:
  service_type: LoadBalancer
  # Existing tap-values.yml above  
  app_config:
    app:
      baseUrl: http://EXTERNAL-IP:7000
    integrations:
      github: # Other integrations available see NOTE below
        - host: github.com
          token: GITHUB-TOKEN
    catalog:
      locations:
        - type: url
          target: https://GIT-CATALOG-URL/catalog-info.yaml
    backend:
        baseUrl: http://EXTERNAL-IP:7000
        cors:
          origin: http://EXTERNAL-IP:7000
  • Updated yaml file should be similar to below:
updated yaml - tap-values.yaml
profile: dev
ceip_policy_disclosed: true # Installation fails if this is set to 'false'
buildservice:
  kp_default_repository: "gcr.io/eknath-se/build-service"  # Change project
  kp_default_repository_username: _json_key
  kp_default_repository_password: '<removed for security>'
  tanzunet_username: "<Tanzu network user name>"
  tanzunet_password: "<Tanzu network password>"
supply_chain: basic

ootb_supply_chain_basic:
  registry:
    server: "gcr.io"
    repository: "eknath-se/supply-chain" # Change project

tap_gui:
  service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer
  # Existing tap-values.yml above
  app_config:
    app:
      baseUrl: http://aef59c185eafe4da48ef33c1f0c8b771-1897470044.ap-south-1.elb.amazonaws.com:7000 ## Load balancer External IP collected in previous step
    integrations:
      github: # Other integrations available see NOTE below
        - host: github.com
          token: ghp_t7a7WxC4SMaY8AyUv46IAOk  ## To be collected from git portal
    catalog:
      locations:
        - type: url
          target: https://github.com/Eknathreddy09/tanzu-java-web-app/blob/main/catalog/catalog-info.yaml # Replace with yours
    backend:
        baseUrl: http://aef59c185eafe4da48ef33c1f0c8b771-1897470044.ap-south-1.elb.amazonaws.com:7000  ## Load balancer External IP collected in previous step
        cors:
          origin: http://aef59c185eafe4da48ef33c1f0c8b771-1897470044.ap-south-1.elb.amazonaws.com:7000  ## Load balancer External IP collected in previous step
metadata_store:
  app_service_type: LoadBalancer # (optional) Defaults to LoadBalancer. Change to NodePort for distributions that don't support LoadBalancer
contour:
  envoy:
    service:
      type: LoadBalancer

Update the package profile:

$   tanzu package installed update tap --package-name tap.tanzu.vmware.com --version 0.4.0 -n tap-install -f tap-values.yaml
| Updating installed package 'tap'
/ Getting package install for 'tap' I0106 16:42:57.967894    5388 request.go:665] Waited for 1.043302774s due to client-side throttling, not priority and fairness, request: GET:https://96CFBBE5E6201E4E11150BE2D79A7487.gr7.ap-south-1.eks.amazonaws.com/apis/eventing.knative.dev/v1beta1?timeout=32s
/ Getting package install for 'tap'
| Getting package metadata for 'tap.tanzu.vmware.com'
| Updating secret 'tap-tap-install-values'
| Updating package install for 'tap'
- Waiting for 'PackageInstall' reconciliation for 'tap'

Updated installed package 'tap' in namespace 'tap-install'
  • Access the external IP collected earlier with port 7000 to access the TAP GUI. Ex: http://EXTERNAL-IP:7000