- What is Tanzu Application Platform - TAP
- Components
- Prerequisites
- Instructions
- Additional information
- Clean
Tanzu Application Platform - https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.5/tap/overview.html is according to VMWare a modular, application-aware platform that provides a rich set of developer tooling and a prepaved path to production to build and deploy software quickly and securely on any compliant public cloud or on-premises Kubernetes cluster.
The first TAP version (1.0.0) has been released in January 2022.
Note: The full list of the releases and their EOL support is available from the releases page.
By supporting the Supply Chain choreograph pattern, TAP allows to decouple the path (build, deploy, scan, test, ...) to move a microservice to different kubernetes environments from the development lifecycle process followed by the developers.
TAP rely on the following components which are installed as versioned packages from OCI bundles.
Note: You can get more information about the packages (version, description) from this page:
CNCF Buildpacks
builder images able to convert your source code into a secure, efficient, production ready container imageCNCF Knative
serving and eventing,kpack
controller able to build images usingBuildpacks
,CNCF Contour
to route the traffic internally or externally usingIngress
kapp
controller to install/uninstall k8s resources using templates (ytt, ...)Application Live & Application Accelerator
to guide the Architects/Developers to design/deploy/monitor applications on k8s.Tekton pipelines
andFluxCD
to fetch the sources (git, ...)Convention
controller able to change theWorkloads
according to METADATA (framework, runtime, ...)Service Binding & Toolkit
able to manage locally the services,Cartographer
which allowsApp Operators
to create pre-approved paths to production by integrating Kubernetes resources with the elements of toolchains (e.g. Jenkins, CI/CD,...).CNCF Crossplane
control plane which dynamically deploy service instances (e.g. AWS RDS) with Services Toolkit and the pre-installed Bitnami Services.Bitnami service
Helm charts supported by TAP (MySQL, PostgreSQL, RabbitMQ and Redis)Application Configuration Service
component provides a Kubernetes-native experience to enable the runtime configuration of existing Spring applications (instead of using Spring Cloud config server)Spring Cloud Gateway
component able to route internal or external API requests to application services that expose APIs.
The following installation guide explains what the prerequisites are.
TL&DR; It is needed to:
- Have a Tanzu account on
https://network.tanzu.vmware.com/
to download the software or to access the registryregistry.tanzu.vmware.com
, - Accept the needed EULA
- Have a kind cluster >= 1.24 installed with a private docker registry. Use this script
- Have a Linux VM machine with at least 8 CPUs, 8 GB of RAM and 100Gb (if you plan to use locally a container registry)
- Private container registry such as docker registry
The instructions of the official guide have been followed to install the release 1.5.0.
To simplify your life, we have designed a bash script which allows to install the different bits in a VM:
-
Tanzu client and plugins (package, application, secret, etc)
-
- Carvel tools: ytt, imgpkg, kbld, kapp
- Kapp controller,
- Secretgen controller
-
TAP Repository
A repository is an image bundle containing different k8s manifests, templates, files able to install/configure the TAP packages. Such a repository is managed using the Tanzu command
tanzu package repository ...
-
TAP Packages
The packages are the building blocks or components part of the TAP platform. Each of them will install a specific feature such as Knative, cartographer, contour, cnrs, ... They are managed using the following command
tanzu package available | tanzu package installed ...
NOTE: Some additional kubernetes tools which are very helpful (e.g: k9s, helm, krew) can be installed using the command
./scripts/tap.sh kube-tools
To install TAP, create first a kind cluster and secured container registry using this script:
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | \
bash -s install \
--secure-registry \
--skip-ingress-installation \
--registry-user admin \
--registry-password snowdrop \
--server-ip <VM_IP>
Tip: Use the
-h
of the kind.sh script to see the others options !
Warning: If you deploy TAP on a remote VM, then it is mandatory to specify the option
--server-ip
to expose the kubernetes API server to access it remotely !
Next, execute the tap.sh bash script locally and configure the following parameters:
- LOCAL_REGISTRY: Boolean used to tell if we will use a local registry. Default: false
- INSTALL_TANZU_CLI: Boolean used to install the Tanzu tools: pivnet and Tanzu client. Default: true
- REGISTRY_SERVER: registry DNS name (docker.io, ghcr.io, quay.io, registry.harbor.<VM_IP>.nip.io:)
- REGISTRY_OWNER: docker user account, ghcr.io ORG owner, container project (e.g: tap -
registry.harbor.<VM_IP>.nip.io:<PORT>/tap
) - REGISTRY_USERNAME: username to be used to log on to the registry
- REGISTRY_PASSWORD: password to be used to log on to the registry
- REGISTRY_CA_PATH: Path of the CA certificate used your container registry (optional)
- TANZU_REG_SERVER: Tanzu registry from where packages, images can be pulled (e.g: registry.tanzu.vmware.com)
- TANZU_REG_USERNAME: user to be used to be authenticated against the Tanzu registry
- TANZU_REG_PASSWORD: password to be used to be authenticated against the Tanzu registry
Warning: As the script will download different
products
from https://network.tanzu.vmware.com/ using pivnet, then it is mandatory to configure the following parameter and to have a Tanzu network account like an API account:
- TANZU_PIVNET_LEGACY_API_TOKEN: Token used by pivnet CLI to login to the Tanzu products website
Finally, define the home directory and IP address of the VM hosting TAP and the kubernetes cluster:
- REMOTE_HOME_DIR: home directory where files will be installed within the VM. Default: $HOME
- VM_IP: IP address of the VM where the cluster is running
IMPORTANT: We recommend to relocate the TAP repository images to your registry from the Tanzu registry before to perform the installation to speed the process if you re-install it.
In this case, set the COPY_PACKAGES
parameter to TRUE
the first time you will install TAP as the images will be copied using imgpkg tool
.
Tip: Use the
-h
of the ./scripts/tap.sh script to see the others options we currently support !
Example of installation
VM_IP=<VM_IP>
LOCAL_REGISTRY="true"
REGISTRY_SERVER=<REGISTRY_SERVER>
REGISTRY_OWNER=<REGISTRY_OWNER>
REGISTRY_USERNAME=<REGISTRY_USERNAME>
REGISTRY_PASSWORD=<REGISTRY_PASSWORD>
REGISTRY_CA_PATH=<REGISTRY_CA_PATH>
TANZU_REG_SERVER=<TANZU_REG_SERVER>
TANZU_REG_USERNAME=<TANZU_REG_USERNAME>
TANZU_REG_PASSWORD=<TANZU_REG_PASSWORD>
TANZU_PIVNET_LEGACY_API_TOKEN=<TANZU_PIVNET_LEGACY_API_TOKEN>
COPY_PACKAGES="false"
INSTALL_TANZU_CLI="true"
./scripts/tap.sh
or
ssh -i ~/.ssh/id_server_private_key [email protected] -p 22 \
REMOTE_HOME_DIR="/home/snowdrop" \
VM_IP="10.0.77.176" \
LOCAL_REGISTRY="true" \
REGISTRY_SERVER="10.0.77.176.nip.io:5000" \
REGISTRY_OWNER="tap" \
REGISTRY_USERNAME="admin" \
REGISTRY_PASSWORD="snowdrop" \
REGISTRY_CA_PATH="/home/snowdrop/.registry/certs/kind-registry/client.crt" \
TANZU_REG_SERVER="registry.tanzu.vmware.com" \
TANZU_REG_USERNAME="<TANZU_REG_USERNAME>" \
TANZU_REG_PASSWORD="<TANZU_REG_USERNAME" \
TANZU_PIVNET_LEGACY_API_TOKEN="<TANZU_PIVNET_LEGACY_API_TOKEN>" \
COPY_PACKAGES="false" \
INSTALL_TANZU_CLI="true" \
"bash -s" -- < ./scripts/tap.sh
Wait till you will see the list of the packages installed:
##################################################
## Wait till TAP installation is over
##################################################
TAP installation status: Reconcile failed
TAP installation status: Reconciling
...
##################################################
## List the TAP packages installed
##################################################
NAME DISPLAY-NAME
accelerator.apps.tanzu.vmware.com Application Accelerator for VMware Tanzu
api-portal.tanzu.vmware.com API portal
...
NOTE: If the imgpkg
client is already installed on the machine, you can also copy the images to a tar file and next upload
them to the private docker registry using this command:
./scripts/tap.sh relocateImages
Create first a namespace using the command
./scripts/tap.sh populateUserNamespace demo0
or
ssh -i ${SSH_KEY} ${USER}@${IP} -p ${PORT} \
"bash -s" -- < ./scripts/tap.sh populateUserNamespace demo0
Next deploy a Web Application using the tanzu client and a workload
tanzu apps workload create tanzu-java-web-app \
--git-repo https://github.com/vmware-tanzu/application-accelerator-samples\
--sub-path tanzu-java-web-app \
--git-branch main \
--type web \
--label app.kubernetes.io/part-of=tanzu-java-web-app \
--yes \
--namespace demo0
Follow the build/deployment and access the service when finished
tanzu apps workload tail tanzu-java-web-app --namespace demo0 --timestamp --since 1h
tanzu apps workload get tanzu-java-web-app --namespace demo0
Look to the URL of the service to open it within your browser:
🚢 Knative Services
NAME READY URL
tanzu-java-web-app Ready http://tanzu-java-web-app.demo0.10.0.77.164.sslip.io
Note: See our demo page here which covers more examples.
As mentioned within the previous section, when we plan to use a private local registry such as Harbor, docker registry, etc some additional steps are required such as:
-
Get the CA certificate file from the registry and set the parameter
REGISTRY_CA_PATH
for the bash script -
Get the TAP packages and push them to the private registry
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.5.0 --to-tar packages.tar
imgpkg copy --tar packages.tar --to-repo <REGISTRY_HOST>/tap/tap-packages
- Define the TAP
shared
key within thetap-values.yaml
file to pass theca_cert_data
(see doc)
shared:
ca_cert_data: |
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIRAJqAGNrteyM97HLF2i1OhpQwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAxMJaGFyYm9yLWNhMB4XDTIyMDYwMzEwMDc1M1oXDTIzMDYwMzEw
...
H1H7yyFbxeaRK33ctKxXq2FzEYePYQ0BdTw36O8/R5CXwTMYvbG+kRMmNlRNHhD7
82elfYZx4DxrWcap2uqrvrR8A8jnV5oa/sBoqcY6U1rIXG2mkVXvuvihOjIm8wHy
8dHt3pESuqbOo2aDt9uP77sBIjho0JBT
-----END CERTIFICATE-----
...
NOTE: The steps 2 and 3 are managed by the
install.sh
script !
Tip: You can set up a docker registry using our kind secured script :-)
FYI: The install.sh
bash script installs the Tanzu client as described hereafter like the carvel tools: imgpkg, kapp, kbld, pivnet !
The Tanzu client can be installed locally on a machine having access to the k8s cluster running TAP using the pivnet tool.
According to the TAP release that you would like to install, select the appropriate product-file-id
and release-version
from the
download page of the Tanzu Application Platform product/release - https://network.tanzu.vmware.com/products/tanzu-application-platform.
Next, install the tool using by example the following instructions on a Mac machine.
Note: The instructions are equivalent on Linux except the TAR file to be downloaded !
pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.5.0' --product-file-id=1212837
tar -vxf tanzu-framework-darwin-amd64.tar
install cli/core/v0.11.4/tanzu-core-darwin_amd64 /usr/local/bin/tanzu
export TANZU_CLI_NO_INIT=true
tanzu plugin install --local cli all
tanzu plugin list
- Check the status of the TAP packages installed and if all the packages are well deployed
tanzu package installed list -n tap-install
/ Retrieving installed packages...
NAME PACKAGE-NAME PACKAGE-VERSION STATUS
accelerator accelerator.apps.tanzu.vmware.com 1.0.0 Reconcile succeeded
appliveview run.appliveview.tanzu.vmware.com 1.0.1 Reconcile succeeded
appliveview-conventions build.appliveview.tanzu.vmware.com 1.0.1 Reconcile succeeded
buildservice buildservice.tanzu.vmware.com 1.4.2 Reconcile succeeded
cartographer cartographer.tanzu.vmware.com 0.1.0 Reconcile succeeded
cert-manager cert-manager.tanzu.vmware.com 1.5.3+tap.1 Reconcile succeeded
cnrs cnrs.tanzu.vmware.com 1.0.0 Reconcile succeeded
contour contour.tanzu.vmware.com 1.08.2+tap.1 Reconcile succeeded
conventions-controller controller.conventions.apps.tanzu.vmware.com 0.5.0 Reconcile succeeded
developer-conventions developer-conventions.tanzu.vmware.com 0.5.0-build.1 Reconcile succeeded
fluxcd-source-controller fluxcd.source.controller.tanzu.vmware.com 0.16.0 Reconcile succeeded
ootb-delivery-basic ootb-delivery-basic.tanzu.vmware.com 0.5.1 Reconcile succeeded
ootb-supply-chain-basic ootb-supply-chain-basic.tanzu.vmware.com 0.5.1 Reconcile succeeded
ootb-templates ootb-templates.tanzu.vmware.com 0.5.1 Reconcile succeeded
service-bindings service-bindings.labs.vmware.com 0.6.0 Reconcile succeeded
services-toolkit services-toolkit.tanzu.vmware.com 0.5.0 Reconcile succeeded
source-controller controller.source.apps.tanzu.vmware.com 0.2.0 Reconcile succeeded
spring-boot-conventions spring-boot-conventions.tanzu.vmware.com 0.3.0 Reconcile succeeded
tap tap.tanzu.vmware.com 1.0.0 Reconcile succeeded
tap-gui tap-gui.tanzu.vmware.com 1.0.1 Reconcile succeeded
tap-telemetry tap-telemetry.tanzu.vmware.com 0.1.2 Reconcile succeeded
tekton-pipelines tekton.tanzu.vmware.com 0.30.0 Reconcile succeeded
# or individually
tanzu package installed get -n tap-install <package_name>
- If some parameters should be changed, you can first check the list of the available values for a package:
tanzu package available get ootb-supply-chain-basic.tanzu.vmware.com/0.5.1 -n tap-install --values-schema
- Next edit and change the
tap-values.yaml
file created - Update finally the TAP package using the following command:
tanzu package installed update tap -p tap.tanzu.vmware.com -v 1.0.0 --values-file tap-values.yml -n tap-install
- To install a package individually, use the following documentation page
To uninstall the TAP repository and the packages, execute this command ./scripts/tap.sh remove
.
Tip: If you want to clean everything (e.g demo namespaces), then create a new kind kubernetes cluster ;-)
That's all !