TAP on EKS (beta-4) : Part 2 – Install TAP with supply chain basic

Reading Time: 3 mins

In this post, I will be demonstrating the steps to install Tanzu Application Platform packages from the Tanzu Application Platform package repository. Before you install the packages, ensure you have prepared the setup as mentioned in post.

Add TAP package repository

Add TAP package repository
# Set up environment variables for use during the installation.

export INSTALL_REGISTRY_USERNAME=TANZU-NET-USER
export INSTALL_REGISTRY_PASSWORD=TANZU-NET-PASSWORD
export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com

# Create a namespace called tap-install for deploying any component packages by running:

kubectl create ns tap-install

#Create a registry secret by running:

tanzu secret registry add tap-registry --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace tap-install

# Add Tanzu Application Platform package repository to the cluster by running:

tanzu package repository add tanzu-tap-repository --url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:0.4.0 --namespace tap-install

# Get the status of the Tanzu Application Platform package repository, and ensure the status updates to Reconcile succeeded by running:

tanzu package repository get tanzu-tap-repository --namespace tap-install
\ Retrieving repository tanzu-tap-repository...
NAME: tanzu-tap-repository
VERSION: 50358
REPOSITORY: registry.tanzu.vmware.com/tanzu-application-platform/tap-packages
TAG: 0.4.0
STATUS: Reconcile succeeded
REASON:

#List the available packages by running:

tanzu package available list --namespace tap-install

Install Tanzu Application Platform profile

Tanzu Application Platform can be installed through pre-defined profiles or through individual packages. TAP contains the following two profiles. In this demo, I will cover about dev profile.

      • Full
      • Dev

Note: refer to doc for more details

$ tanzu package available list tap.tanzu.vmware.com --namespace tap-install
/ Retrieving package versions for tap.tanzu.vmware.com...
NAME VERSION RELEASED-AT
tap.tanzu.vmware.com 0.4.0 2021-12-13 00:00:00 +0000 UTC
Dev Profile Syntax
profile: dev
ceip_policy_disclosed: true # Installation fails if this is set to 'false'

buildservice:
kp_default_repository: "KP-DEFAULT-REPO"
kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME"
kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD"
tanzunet_username: "TANZUNET-USERNAME"
tanzunet_password: "TANZUNET-PASSWORD"

supply_chain: basic

ootb_supply_chain_basic:
registry:
server: "SERVER-NAME"
repository: "REPO-NAME"

tap_gui:
service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer

metadata_store:
app_service_type: LoadBalancer # (optional) Defaults to LoadBalancer. Change to NodePort for distributions that don't support LoadBalancer
  • KP-DEFAULT-REPO is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
    • Harbor has the form kp_default_repository: "my-harbor.io/my-project/build-service"
    • Dockerhub has the form kp_default_repository: "my-dockerhub-user/build-service" or kp_default_repository: "index.docker.io/my-user/build-service"
    • Google Cloud Registry has the form kp_default_repository: "gcr.io/my-project/build-service"
  • KP-DEFAULT-REPO-USERNAME is the username that can write to KP-DEFAULT-REPO. You should be able to docker push to this location with this credential.
    • For Google Cloud Registry, use kp_default_repository_username: _json_key
  • KP-DEFAULT-REPO-PASSWORD is the password for the user that can write to KP-DEFAULT-REPO. You can docker push to this location with these credentials.
    • For Google Cloud Registry, use the contents of the service account JSON key.
  • SERVER-NAME is the hostname of the registry server. Examples:
    • Harbor has the form server: "my-harbor.io"
    • Dockerhub has the form server: "index.docker.io"
    • Google Cloud Registry has the form server: "gcr.io"
  • REPO-NAME is where workload images are stored in the registry. Images are written to SERVER-NAME/REPO-NAME/workload-name. Examples:
    • Harbor has the form repository: "my-project/supply-chain"
    • Dockerhub has the form repository: "my-dockerhub-user"
    • Google Cloud Registry has the form repository: "my-project/supply-chain"

Since we are using Google Cloud Registry in this demo, I have a simple script to parse the credentials. Replace the necessary values before executing.

script
# where <key>.json is the file downloaded from GCP console

service_account_key="$(cat <key>.json)"
cat <<EOF > tap-values.yaml
profile: dev
ceip_policy_disclosed: true # Installation fails if this is set to 'false'
buildservice:
kp_default_repository: "gcr.io/eknath-se/build-service" # Replace the project id with yours. In my case eknath-se is the project ID
kp_default_repository_username: _json_key
kp_default_repository_password: '$(echo $service_account_key)'
tanzunet_username: "<Tanzu network user name>" # Provide the Tanzu network user name
tanzunet_password: "<Tanzu network password>" # Provide the Tanzu network password
supply_chain: basic

ootb_supply_chain_basic:
registry:
server: "gcr.io"
repository: "eknath-se/supply-chain" # Replace the project id with yours. In my case eknath-se is the project ID
tap_gui:
service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer
metadata_store:
app_service_type: LoadBalancer # (optional) Defaults to LoadBalancer. Change to NodePort for distributions that don't support LoadBalancer
contour:
envoy:
service:
type: LoadBalancer
EOF
Package Install
# Install the package using below command

tanzu package install tap -p tap.tanzu.vmware.com -v 0.4.0 --values-file tap-values.yaml -n tap-install
| Installing package 'tap.tanzu.vmware.com'
/ Getting package metadata for 'tap.tanzu.vmware.com'
| Creating service account 'tap-tap-install-sa'
| Creating cluster admin role 'tap-tap-install-cluster-role'
| Creating cluster role binding 'tap-tap-install-cluster-rolebinding'
| Creating secret 'tap-tap-install-values'
| Creating package resource
/ Waiting for 'PackageInstall' reconciliation for 'tap'
\ 'PackageInstall' resource install status: Reconciling


Added installed package 'tap'

#Verify the package install by running:

tanzu package installed get tap -n tap-install
/ Retrieving installation details for tap... I0106 16:20:05.005994 5291 request.go:665] Waited for 1.023919096s due to client-side throttling, not priority and fairness, request: GET:https://96CFBBE5E6201E4E11150BE2D79A7487.gr7.ap-south-1.eks.amazonaws.com/apis/eventing.knative.dev/v1beta1?timeout=32s
- Retrieving installation details for tap...
NAME: tap
PACKAGE-NAME: tap.tanzu.vmware.com
PACKAGE-VERSION: 0.4.0
STATUS: Reconcile succeeded
CONDITIONS: [{ReconcileSucceeded True }]
USEFUL-ERROR-MESSAGE:

# Verify tht all the necessary packages in the profile are installed by running:

tanzu package installed list -A
/ Retrieving installed packages... I0106 16:20:25.378237 5307 request.go:665] Waited for 1.043027695s due to client-side throttling, not priority and fairness, request: GET:https://96CFBBE5E6201E4E11150BE2D79A7487.gr7.ap-south-1.eks.amazonaws.com/apis/eventing.knative.dev/v1beta1?timeout=32s
/ Retrieving installed packages...
NAME PACKAGE-NAME PACKAGE-VERSION STATUS NAMESPACE
accelerator accelerator.apps.tanzu.vmware.com 0.5.1 Reconcile succeeded tap-install
appliveview run.appliveview.tanzu.vmware.com 1.0.0 Reconcile succeeded tap-install
appliveview-conventions build.appliveview.tanzu.vmware.com 1.0.0 Reconcile succeeded tap-install
buildservice buildservice.tanzu.vmware.com 1.4.0-build.1 Reconcile succeeded tap-install
cartographer cartographer.tanzu.vmware.com 0.0.8-rc.7 Reconcile succeeded tap-install
cert-manager cert-manager.tanzu.vmware.com 1.5.3+tap.1 Reconcile succeeded tap-install
cnrs cnrs.tanzu.vmware.com 1.1.0 Reconcile succeeded tap-install
contour contour.tanzu.vmware.com 1.18.2+tap.1 Reconcile succeeded tap-install
conventions-controller controller.conventions.apps.tanzu.vmware.com 0.4.2 Reconcile succeeded tap-install
developer-conventions developer-conventions.tanzu.vmware.com 0.4.0-build1 Reconcile succeeded tap-install
fluxcd-source-controller fluxcd.source.controller.tanzu.vmware.com 0.16.0 Reconcile succeeded tap-install
ootb-delivery-basic ootb-delivery-basic.tanzu.vmware.com 0.4.0-build.2 Reconcile succeeded tap-install
ootb-supply-chain-basic ootb-supply-chain-basic.tanzu.vmware.com 0.4.0-build.2 Reconcile succeeded tap-install
ootb-templates ootb-templates.tanzu.vmware.com 0.4.0-build.2 Reconcile succeeded tap-install
service-bindings service-bindings.labs.vmware.com 0.6.0 Reconcile succeeded tap-install
services-toolkit services-toolkit.tanzu.vmware.com 0.5.0-rc.3 Reconcile succeeded tap-install
source-controller controller.source.apps.tanzu.vmware.com 0.2.0 Reconcile succeeded tap-install
spring-boot-conventions spring-boot-conventions.tanzu.vmware.com 0.2.0 Reconcile succeeded tap-install
tap tap.tanzu.vmware.com 0.4.0 Reconcile succeeded tap-install
tap-gui tap-gui.tanzu.vmware.com 1.0.0-rc.72 Reconcile succeeded tap-install
tap-telemetry tap-telemetry.tanzu.vmware.com 0.1.1 Reconcile succeeded tap-install
tekton-pipelines tekton.tanzu.vmware.com 0.30.0 Reconcile succeeded tap-install

Configure TAP GUI

  • On your Git repository of choice, extract the Blank Software Catalog from VMware Tanzu Network. You link to that catalog-info.yaml file when you configure your catalog later. In this demo I am using an existing catalog-info.yaml file from my repo
  • Collect the External IP of LoadBalancer by running:
$ kubectl get svc -n tap-gui
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
server LoadBalancer 10.100.19.59 aef59c185eaff33c1f0c8b771-1890044.ap-south-1.elb.amazonaws.com 7000:31022/TCP 12m
  • Add the following section to tap-values.yml by using the following template, and replace all placeholders with your relevant values.
Syntax for new lines to be added
tap_gui:
service_type: LoadBalancer
# Existing tap-values.yml above
app_config:
app:
baseUrl: http://EXTERNAL-IP:7000
integrations:
github: # Other integrations available see NOTE below
- host: github.com
token: GITHUB-TOKEN
catalog:
locations:
- type: url
target: https://GIT-CATALOG-URL/catalog-info.yaml
backend:
baseUrl: http://EXTERNAL-IP:7000
cors:
origin: http://EXTERNAL-IP:7000
  • Updated yaml file should be similar to below:
updated yaml - tap-values.yaml
profile: dev
ceip_policy_disclosed: true # Installation fails if this is set to 'false'
buildservice:
kp_default_repository: "gcr.io/eknath-se/build-service" # Change project
kp_default_repository_username: _json_key
kp_default_repository_password: '<removed for security>'
tanzunet_username: "<Tanzu network user name>"
tanzunet_password: "<Tanzu network password>"
supply_chain: basic

ootb_supply_chain_basic:
registry:
server: "gcr.io"
repository: "eknath-se/supply-chain" # Change project

tap_gui:
service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer
# Existing tap-values.yml above
app_config:
app:
baseUrl: http://aef59c185eafe4da48ef33c1f0c8b771-1897470044.ap-south-1.elb.amazonaws.com:7000 ## Load balancer External IP collected in previous step
integrations:
github: # Other integrations available see NOTE below
- host: github.com
token: ghp_t7a7WxC4SMaY8AyUv46IAOk ## To be collected from git portal
catalog:
locations:
- type: url
target: https://github.com/Eknathreddy09/tanzu-java-web-app/blob/main/catalog/catalog-info.yaml # Replace with yours
backend:
baseUrl: http://aef59c185eafe4da48ef33c1f0c8b771-1897470044.ap-south-1.elb.amazonaws.com:7000 ## Load balancer External IP collected in previous step
cors:
origin: http://aef59c185eafe4da48ef33c1f0c8b771-1897470044.ap-south-1.elb.amazonaws.com:7000 ## Load balancer External IP collected in previous step
metadata_store:
app_service_type: LoadBalancer # (optional) Defaults to LoadBalancer. Change to NodePort for distributions that don't support LoadBalancer
contour:
envoy:
service:
type: LoadBalancer

Update the package profile:

$   tanzu package installed update tap --package-name tap.tanzu.vmware.com --version 0.4.0 -n tap-install -f tap-values.yaml
| Updating installed package 'tap'
/ Getting package install for 'tap' I0106 16:42:57.967894 5388 request.go:665] Waited for 1.043302774s due to client-side throttling, not priority and fairness, request: GET:https://96CFBBE5E6201E4E11150BE2D79A7487.gr7.ap-south-1.eks.amazonaws.com/apis/eventing.knative.dev/v1beta1?timeout=32s
/ Getting package install for 'tap'
| Getting package metadata for 'tap.tanzu.vmware.com'
| Updating secret 'tap-tap-install-values'
| Updating package install for 'tap'
- Waiting for 'PackageInstall' reconciliation for 'tap'

Updated installed package 'tap' in namespace 'tap-install'
  • Access the external IP collected earlier with port 7000 to access the TAP GUI. Ex: http://EXTERNAL-IP:7000