TAP on EKS (beta-4) : Part 3 – Deploy an application with supply chain basic

Eknath -
Reading Time: 4 mins

Overview

In this section, I will walk you through the steps required to deploy an application using the Tanzu Application Platform. Before moving further, please ensure below are completed:

  • Prepare set up is completed, If not done, then follow the steps in the post
  • Default kubeconfig context is set to the target Kubernetes cluster.
  • Tanzu Application Platform GUI is successfully installed, for more details, read here

Install default Supply Chain

The Out of the Box Supply Chain Basic package provides the most basic ClusterSupplyChain that brings an application from source code to a deployed instance of it running in a Kubernetes environment.

  • Create a file named ootb-supply-chain-basic-values.yaml that specifies the corresponding values to the properties you want to tweak.
# Syntax:

registry:
  server: REGISTRY-SERVER
  repository: REGISTRY-REPOSITORY
service_account: default

# For Example:

registry:
  server: gcr.io
  repository: eknath-se/supply-chain  ## Repo Name, where eknath-se is my GCP project name, this should be changed for yours. 
service_account: default
  • Install the package by running:
$ tanzu package install ootb-supply-chain-basic --package-name ootb-supply-chain-basic.tanzu.vmware.com --version 0.4.0-build.2 --namespace tap-install --values-file ootb-supply-chain-basic-values.yaml
/ Installing package 'ootb-supply-chain-basic.tanzu.vmware.com' I0106 16:57:36.075810    5451 request.go:665] Waited for 1.042978264s due to client-side throttling, not priority and fairness, request: GET:https://96CFBBE5E6201E4E11150BE2D79A7487.gr7.ap-south-1.eks.amazonaws.com/apis/eventing.knative.dev/v1beta1?timeout=32s
/ Installing package 'ootb-supply-chain-basic.tanzu.vmware.com'

| Getting package install for 'ootb-supply-chain-basic'
| Getting package metadata for 'ootb-supply-chain-basic.tanzu.vmware.com'
| Creating secret 'ootb-supply-chain-basic-tap-install-values'
| Updating package install for 'ootb-supply-chain-basic'
/ Waiting for 'PackageInstall' reconciliation for 'ootb-supply-chain-basic'
\ 'PackageInstall' resource install status: Reconciling



Updated installed package 'ootb-supply-chain-basic'

Setup Developer Namespaces to use Installed Packages

To create workload for your application using the registry credentials specified, run these commands to add credentials and Role-Based Access Control (RBAC) rules to the namespace that you plan to create the workload in:

# Syntax: 

kubectl create secret docker-registry registry-credentials --docker-server=REGISTRY-SERVER --docker-username=REGISTRY-USERNAME --docker-password=REGISTRY-PASSWORD -n YOUR-NAMESPACE

# Example:  where <key>.json is the key file downloaded from GCP portal. 

kubectl create secret docker-registry registry-credentials --docker-server=gcr.io --docker-username=_json_key --docker-password="$(cat <key>.json)" -n tap-install
  • Add placeholder read secrets, a service account, and RBAC rules to the developer namespace by running:
cat <<EOF | kubectl -n tap-install apply -f -

apiVersion: v1
kind: Secret
metadata:
  name: tap-registry
  annotations:
    secretgen.carvel.dev/image-pull-secret: ""
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: e30K

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
secrets:
  - name: registry-credentials
imagePullSecrets:
  - name: registry-credentials
  - name: tap-registry

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: default
rules:
- apiGroups: [source.toolkit.fluxcd.io]
  resources: [gitrepositories]
  verbs: ['*']
- apiGroups: [source.apps.tanzu.vmware.com]
  resources: [imagerepositories]
  verbs: ['*']
- apiGroups: [carto.run]
  resources: [deliverables, runnables]
  verbs: ['*']
- apiGroups: [kpack.io]
  resources: [images]
  verbs: ['*']
- apiGroups: [conventions.apps.tanzu.vmware.com]
  resources: [podintents]
  verbs: ['*']
- apiGroups: [""]
  resources: ['configmaps']
  verbs: ['*']
- apiGroups: [""]
  resources: ['pods']
  verbs: ['list']
- apiGroups: [tekton.dev]
  resources: [taskruns, pipelineruns]
  verbs: ['*']
- apiGroups: [tekton.dev]
  resources: [pipelines]
  verbs: ['list']
- apiGroups: [kappctrl.k14s.io]
  resources: [apps]
  verbs: ['*']
- apiGroups: [serving.knative.dev]
  resources: ['services']
  verbs: ['*']
- apiGroups: [servicebinding.io]
  resources: ['servicebindings']
  verbs: ['*']
- apiGroups: [services.apps.tanzu.vmware.com]
  resources: ['resourceclaims']
  verbs: ['*']
- apiGroups: [scst-scan.apps.tanzu.vmware.com]
  resources: ['imagescans', 'sourcescans']
  verbs: ['*']

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: default
subjects:
  - kind: ServiceAccount
    name: default

EOF

 

Deploy Application

  • Follow these steps to get started with an accelerator called Tanzu-Java-Web-App.
  • From the Tanzu Application Platform GUI portal, click on Accelerators on the left side of the navigation bar to see the list of available accelerators.
  • Locate the Tanzu Java Web App accelerator, which is a sample Spring Boot web app, and click on Choose button.

  • In the Generate Accelerators prompt, replace the default value dev.local in the prefix for container image registry field with the registry in the form of SERVER-NAME/REPO-NAME. The SERVER-NAME/REPO-NAME must match what was specified for registry as part of the installation values for ootb_supply_chain_basic. Click NEXT STEP, verify the provided information, and click CREATE.

  • After the Task Activity processes are complete, click on the DOWNLOAD ZIP FILE button

  • After downloading the zip file, expand it in a workspace directory and follow your preferred procedure for uploading the generated project files to a Git repository for your new project.
# Unzip the downloaded file and follow below process to push to git repo: 

reddye@reddye-a02 tanzu-java-web-app-demo % ls
LICENSE			Tiltfile		catalog-info.yaml	mvnw			pom.xml
README.md		accelerator-log.md	config			mvnw.cmd		src

# Initialize git

reddye@reddye-a02 tanzu-java-web-app-demo % git init

Initialized empty Git repository in /Users/reddye/Downloads/tanzu-java-web-app-demo/.git/

#Add all the files
git add *

#Commit
git commit -am "First commit"

git branch -M main

# Created a new repo named tanzu-java-web-app-demo in my github account and later executed below command: 

git remote add origin https://github.com/Eknathreddy09/tanzu-java-web-app-demo.git

# Syntax: git config --global user.email "github account email"

git config --global user.email "[email protected]"

$ git push -u origin main
Username for 'https://github.com': eknathreddy09
Password for 'https://[email protected]':
Enumerating objects: 28, done.
Counting objects: 100% (28/28), done.
Delta compression using up to 16 threads
Compressing objects: 100% (19/19), done.
Writing objects: 100% (28/28), 15.36 KiB | 3.07 MiB/s, done.
Total 28 (delta 0), reused 0 (delta 0), pack-reused 0
To https://github.com/Eknathreddy09/tanzu-java-web-app-demo.git
 * [new branch]      main -> main
Branch 'main' set up to track remote branch 'main' from 'origin'.

# Login to Github account and verify the repo.
  • Deploy the Tanzu Java Web App accelerator by running the tanzu apps workload create command:
$ tanzu apps workload create tanzu-java-web-app --git-repo https://github.com/Eknathreddy09/tanzu-java-web-app.git --git-branch main --type web --label app.kubernetes.io/part-of=tanzu-java-web-app --yes -n tap-install

# View the build and runtime logs for your app by running the tail command:

tanzu apps workload tail tanzu-java-web-app --since 10m --timestamp -n tap-install
$ tanzu apps workload get tanzu-java-web-app -n tap-install
# tanzu-java-web-app: Ready
---
lastTransitionTime: "2022-01-06T17:20:08Z"
message: ""
reason: Ready
status: "True"
type: Ready

Workload pods
NAME                                                  STATE       AGE
tanzu-java-web-app-00001-deployment-8b678756f-4t9pf   Running     54s
tanzu-java-web-app-build-1-build-pod                  Succeeded   8m8s
tanzu-java-web-app-config-writer-77xk7-pod            Succeeded   3m3s

Workload Knative Services
NAME                 READY   URL
tanzu-java-web-app   Ready   http://tanzu-java-web-app.tap-install.example.com
  • Collect the External IP of Envoy service in name space: tanzu-system-ingress
kubectl get svc envoy -n tanzu-system-ingress
NAME    TYPE           CLUSTER-IP      EXTERNAL-IP                                                                PORT(S)                      AGE
envoy   LoadBalancer   10.100.159.57   a028285fd0f964d43b870910819eabde-1598769042.ap-south-1.elb.amazonaws.com   80:30333/TCP,443:31873/TCP   69m
  • Navigate to AWS Management console > EC2 > Load Balancers > Copy the name of load balancer for above collected External IP (In this case its Load balancer DNS Name)

 

  • Navigate to AWS Management console > EC2 > Network and Security > Network Interfaces > Search with above collected load balancer name
  • Collect the Public IPv4 address

  • Add an entry in your local machine /etc/hosts with the IP collected above pointing to hostname: tanzu-java-web-app.tap-install.example.com

  • Access the url tanzu-java-web-app.tap-install.example.com and you should see result as below: