TAP Part 1 – Setting up Tanzu Application Platform v0.4 on an EKS Cluster

Tanzu Application Platform (TAP) is a packaged set of components that helps developers and operators build, deploy, and manage apps on Kubernetes.

In this series of blog post, I will help you with setting up TAP, deploying and debugging applications. In this Part 1 post, we will know the process of setting up TAP (Beta-4) using profile-based installation. I will be using “Full” profile in this demonstration, but if you are planning to setup “Dev” based profile, feel free to go with that too.

If you are planning to explore the features available in different profiles, you can go through it here https://mappslearning.com/2021/11/19/available-profiles-in-tanzu-application-platform-tap/

Pre-requirements for setting up TAP

– Kubernetes Cluster v 1.20 or later is up and running

– Download Cluster Essential for VMware Tanzu, you can find the binaries here https://network.tanzu.vmware.com/products/tanzu-cluster-essentials/

– If you are planning to use pivnet, run the following command
$ pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.0.0' --product-file-id=1105818
2021/12/24 14:58:16 Downloading 'tanzu-cluster-essentials-linux-amd64-1.0.0.tgz' to 'tanzu-cluster-essentials-linux-amd64-1.0.0.tgz'
 44.01 MiB / 44.01 MiB [============================================] 100.00% 1s
2021/12/24 14:58:18 Verifying SHA256
2021/12/24 14:58:18 Successfully verified SHA256

– Extract the tar downloaded tar file

$ tar -xzvf tanzu-cluster-essentials-linux-amd64-1.0.0.tgz 
install.sh

imgpkg
kbld
kapp
ytt

– Export the below environment variable

$ export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:82dfaf70656b54dcba0d4def85ccae1578ff27054e7533d08320244af7fb0343
$ export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com
$ export INSTALL_REGISTRY_USERNAME=dinesh.tripathi30@gmail.com
$ export INSTALL_REGISTRY_PASSWORD=<your tanzu net password here>

– Run the installation of Cluster Essential packages

$ ./install.sh 
## Creating namespace tanzu-cluster-essentials
namespace/tanzu-cluster-essentials created
## Pulling bundle from registry.tanzu.vmware.com (username: dinesh.tripathi30@gmail.com)
Pulling bundle 'registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:82dfaf70656b54dcba0d4def85ccae1578ff27054e7533d08320244af7fb0343'
  Extracting layer 'sha256:145f7570038b43f5a84ad43908dd6162f00e45210f172b9f27374d7f4f063005' (1/1)

Locating image lock file images...
The bundle repo (registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle) is hosting every image specified in the bundle's Images Lock file (.imgpkg/images.yml)

Succeeded
## Deploying kapp-controller
resolve | final: ghcr.io/vmware-tanzu/carvel-kapp-controller@sha256:46f9c4e78d80a322ae3159cb97069350b445b974664f4aead0ab4ad593d79f45 -> registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:e4cfadd453f7d452654c6074878ad454d3dbff4e4a9ab537b461fedf46c62672
Target cluster 'https://B769DD88729A64136C8DFB5AE4DE3B2E.gr7.us-east-2.eks.amazonaws.com' (nodes: ip-10-0-69-150.us-east-2.compute.internal, 1+)

Changes

Namespace        Name                                                    Kind                      Conds.  Age  Op      Op st.  Wait to    Rs  Ri  
(cluster)        apps.kappctrl.k14s.io                                   CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                internalpackagemetadatas.internal.packaging.carvel.dev  CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                internalpackages.internal.packaging.carvel.dev          CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                kapp-controller                                         Namespace                 -       -    create  -       reconcile  -   -  
^                kapp-controller-cluster-role                            ClusterRole               -       -    create  -       reconcile  -   -  
^                kapp-controller-cluster-role-binding                    ClusterRoleBinding        -       -    create  -       reconcile  -   -  
^                packageinstalls.packaging.carvel.dev                    CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                packagerepositories.packaging.carvel.dev                CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                pkg-apiserver:system:auth-delegator                     ClusterRoleBinding        -       -    create  -       reconcile  -   -  
^                tanzu-package-repo-global                               Namespace                 -       -    create  -       reconcile  -   -  
^                v1alpha1.data.packaging.carvel.dev                      APIService                -       -    create  -       reconcile  -   -  
kapp-controller  kapp-controller                                         Deployment                -       -    create  -       reconcile  -   -  
^                kapp-controller-config                                  ConfigMap                 -       -    create  -       reconcile  -   -  
^                kapp-controller-registry-creds                          Secret                    -       -    create  -       reconcile  -   -  
^                kapp-controller-sa                                      ServiceAccount            -       -    create  -       reconcile  -   -  
^                packaging-api                                           Service                   -       -    create  -       reconcile  -   -  
kube-system      pkgserver-auth-reader                                   RoleBinding               -       -    create  -       reconcile  -   -  

Op:      17 create, 0 delete, 0 update, 0 noop
Wait to: 17 reconcile, 0 delete, 0 noop

3:17:40PM: ---- applying 12 changes [0/17 done] ----
3:17:40PM: create rolebinding/pkgserver-auth-reader (rbac.authorization.k8s.io/v1) namespace: kube-system
3:17:40PM: create namespace/kapp-controller (v1) cluster
3:17:40PM: create namespace/tanzu-package-repo-global (v1) cluster
3:17:40PM: create clusterrole/kapp-controller-cluster-role (rbac.authorization.k8s.io/v1) cluster
3:17:41PM: create customresourcedefinition/internalpackagemetadatas.internal.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:41PM: create apiservice/v1alpha1.data.packaging.carvel.dev (apiregistration.k8s.io/v1) cluster
3:17:41PM: create clusterrolebinding/pkg-apiserver:system:auth-delegator (rbac.authorization.k8s.io/v1) cluster
3:17:42PM: create clusterrolebinding/kapp-controller-cluster-role-binding (rbac.authorization.k8s.io/v1) cluster
3:17:42PM: create customresourcedefinition/apps.kappctrl.k14s.io (apiextensions.k8s.io/v1) cluster
3:17:42PM: create customresourcedefinition/packageinstalls.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:42PM: create customresourcedefinition/internalpackages.internal.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:42PM: create customresourcedefinition/packagerepositories.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:42PM: ---- waiting on 12 changes [0/17 done] ----
3:17:42PM: ok: reconcile rolebinding/pkgserver-auth-reader (rbac.authorization.k8s.io/v1) namespace: kube-system
3:17:42PM: ok: reconcile namespace/kapp-controller (v1) cluster
3:17:42PM: ok: reconcile clusterrole/kapp-controller-cluster-role (rbac.authorization.k8s.io/v1) cluster
3:17:42PM: ok: reconcile customresourcedefinition/packagerepositories.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:42PM: ok: reconcile namespace/tanzu-package-repo-global (v1) cluster
3:17:42PM: ok: reconcile customresourcedefinition/internalpackagemetadatas.internal.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:42PM: ok: reconcile clusterrolebinding/pkg-apiserver:system:auth-delegator (rbac.authorization.k8s.io/v1) cluster
3:17:42PM: ongoing: reconcile apiservice/v1alpha1.data.packaging.carvel.dev (apiregistration.k8s.io/v1) cluster
3:17:42PM:  ^ Condition Available is not True (False)
3:17:42PM: ok: reconcile customresourcedefinition/apps.kappctrl.k14s.io (apiextensions.k8s.io/v1) cluster
3:17:42PM: ok: reconcile customresourcedefinition/packageinstalls.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:42PM: ok: reconcile clusterrolebinding/kapp-controller-cluster-role-binding (rbac.authorization.k8s.io/v1) cluster
3:17:42PM: ok: reconcile customresourcedefinition/internalpackages.internal.packaging.carvel.dev (apiextensions.k8s.io/v1) cluster
3:17:42PM: ---- applying 3 changes [12/17 done] ----
3:17:42PM: create secret/kapp-controller-registry-creds (v1) namespace: kapp-controller
3:17:42PM: create serviceaccount/kapp-controller-sa (v1) namespace: kapp-controller
3:17:42PM: create configmap/kapp-controller-config (v1) namespace: kapp-controller
3:17:42PM: ---- waiting on 4 changes [11/17 done] ----
3:17:43PM: ok: reconcile configmap/kapp-controller-config (v1) namespace: kapp-controller
3:17:43PM: ok: reconcile secret/kapp-controller-registry-creds (v1) namespace: kapp-controller
3:17:43PM: ok: reconcile serviceaccount/kapp-controller-sa (v1) namespace: kapp-controller
3:17:43PM: ---- applying 2 changes [15/17 done] ----
3:17:43PM: create deployment/kapp-controller (apps/v1) namespace: kapp-controller
3:17:43PM: create service/packaging-api (v1) namespace: kapp-controller
3:17:43PM: ---- waiting on 3 changes [14/17 done] ----
3:17:43PM: ok: reconcile service/packaging-api (v1) namespace: kapp-controller
3:17:43PM: ongoing: reconcile deployment/kapp-controller (apps/v1) namespace: kapp-controller
3:17:43PM:  ^ Waiting for generation 2 to be observed
3:17:43PM:  L ok: waiting on replicaset/kapp-controller-d65495fdb (apps/v1) namespace: kapp-controller
3:17:43PM: ---- waiting on 2 changes [15/17 done] ----
3:17:44PM: ongoing: reconcile deployment/kapp-controller (apps/v1) namespace: kapp-controller
3:17:44PM:  ^ Waiting for 1 unavailable replicas
3:17:44PM:  L ok: waiting on replicaset/kapp-controller-d65495fdb (apps/v1) namespace: kapp-controller
3:17:44PM:  L ongoing: waiting on pod/kapp-controller-d65495fdb-v2j4d (v1) namespace: kapp-controller
3:17:44PM:     ^ Pending: ContainerCreating
3:18:00PM: ok: reconcile deployment/kapp-controller (apps/v1) namespace: kapp-controller
3:18:00PM: ---- waiting on 1 changes [16/17 done] ----
3:18:05PM: ok: reconcile apiservice/v1alpha1.data.packaging.carvel.dev (apiregistration.k8s.io/v1) cluster
3:18:05PM: ---- applying complete [17/17 done] ----
3:18:05PM: ---- waiting complete [17/17 done] ----

Succeeded
## Deploying secretgen-controller
resolve | final: ghcr.io/vmware-tanzu/carvel-secretgen-controller@sha256:883d6312b37597b6b65cf6ec7f2e70137a17f0c8e27211b60f3f3c3764ee7a3d -> registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:509874b6b3d40a61144a54d5a3fb40603257a6297dcc9ac8f47e24c665b3e20d
Target cluster 'https://B769DD88729A64136C8DFB5AE4DE3B2E.gr7.us-east-2.eks.amazonaws.com' (nodes: ip-10-0-69-150.us-east-2.compute.internal, 1+)

Changes

Namespace             Name                                       Kind                      Conds.  Age  Op      Op st.  Wait to    Rs  Ri  
(cluster)             certificates.secretgen.k14s.io             CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                     passwords.secretgen.k14s.io                CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                     rsakeys.secretgen.k14s.io                  CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                     secretexports.secretgen.carvel.dev         CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                     secretgen-controller                       Namespace                 -       -    create  -       reconcile  -   -  
^                     secretgen-controller-cluster-role          ClusterRole               -       -    create  -       reconcile  -   -  
^                     secretgen-controller-cluster-role-binding  ClusterRoleBinding        -       -    create  -       reconcile  -   -  
^                     secretimports.secretgen.carvel.dev         CustomResourceDefinition  -       -    create  -       reconcile  -   -  
^                     sshkeys.secretgen.k14s.io                  CustomResourceDefinition  -       -    create  -       reconcile  -   -  
secretgen-controller  secretgen-controller                       Deployment                -       -    create  -       reconcile  -   -  
^                     secretgen-controller-registry-creds        Secret                    -       -    create  -       reconcile  -   -  
^                     secretgen-controller-sa                    ServiceAccount            -       -    create  -       reconcile  -   -  

Op:      12 create, 0 delete, 0 update, 0 noop
Wait to: 12 reconcile, 0 delete, 0 noop

3:18:06PM: ---- applying 9 changes [0/12 done] ----
3:18:06PM: create clusterrolebinding/secretgen-controller-cluster-role-binding (rbac.authorization.k8s.io/v1) cluster
3:18:06PM: create customresourcedefinition/sshkeys.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:06PM: create customresourcedefinition/rsakeys.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:06PM: create namespace/secretgen-controller (v1) cluster
3:18:06PM: create clusterrole/secretgen-controller-cluster-role (rbac.authorization.k8s.io/v1) cluster
3:18:07PM: create customresourcedefinition/secretexports.secretgen.carvel.dev (apiextensions.k8s.io/v1) cluster
3:18:07PM: create customresourcedefinition/certificates.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:07PM: create customresourcedefinition/passwords.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:07PM: create customresourcedefinition/secretimports.secretgen.carvel.dev (apiextensions.k8s.io/v1) cluster
3:18:07PM: ---- waiting on 9 changes [0/12 done] ----
3:18:07PM: ok: reconcile clusterrolebinding/secretgen-controller-cluster-role-binding (rbac.authorization.k8s.io/v1) cluster
3:18:07PM: ok: reconcile namespace/secretgen-controller (v1) cluster
3:18:07PM: ok: reconcile customresourcedefinition/secretimports.secretgen.carvel.dev (apiextensions.k8s.io/v1) cluster
3:18:07PM: ok: reconcile customresourcedefinition/rsakeys.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:07PM: ok: reconcile customresourcedefinition/sshkeys.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:07PM: ok: reconcile clusterrole/secretgen-controller-cluster-role (rbac.authorization.k8s.io/v1) cluster
3:18:07PM: ok: reconcile customresourcedefinition/certificates.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:07PM: ok: reconcile customresourcedefinition/passwords.secretgen.k14s.io (apiextensions.k8s.io/v1) cluster
3:18:07PM: ok: reconcile customresourcedefinition/secretexports.secretgen.carvel.dev (apiextensions.k8s.io/v1) cluster
3:18:07PM: ---- applying 2 changes [9/12 done] ----
3:18:07PM: create serviceaccount/secretgen-controller-sa (v1) namespace: secretgen-controller
3:18:07PM: create secret/secretgen-controller-registry-creds (v1) namespace: secretgen-controller
3:18:07PM: ---- waiting on 2 changes [9/12 done] ----
3:18:07PM: ok: reconcile secret/secretgen-controller-registry-creds (v1) namespace: secretgen-controller
3:18:07PM: ok: reconcile serviceaccount/secretgen-controller-sa (v1) namespace: secretgen-controller
3:18:07PM: ---- applying 1 changes [11/12 done] ----
3:18:07PM: create deployment/secretgen-controller (apps/v1) namespace: secretgen-controller
3:18:07PM: ---- waiting on 1 changes [11/12 done] ----
3:18:08PM: ongoing: reconcile deployment/secretgen-controller (apps/v1) namespace: secretgen-controller
3:18:08PM:  ^ Waiting for generation 2 to be observed
3:18:08PM:  L ok: waiting on replicaset/secretgen-controller-764f4dc5bc (apps/v1) namespace: secretgen-controller
3:18:09PM: ongoing: reconcile deployment/secretgen-controller (apps/v1) namespace: secretgen-controller
3:18:09PM:  ^ Waiting for 1 unavailable replicas
3:18:09PM:  L ok: waiting on replicaset/secretgen-controller-764f4dc5bc (apps/v1) namespace: secretgen-controller
3:18:09PM:  L ongoing: waiting on pod/secretgen-controller-764f4dc5bc-dk8vw (v1) namespace: secretgen-controller
3:18:09PM:     ^ Pending: ContainerCreating
3:18:14PM: ok: reconcile deployment/secretgen-controller (apps/v1) namespace: secretgen-controller
3:18:14PM: ---- applying complete [12/12 done] ----
3:18:14PM: ---- waiting complete [12/12 done] ----

Succeeded

– Validate the newly installed packages

$ k get ns
NAME                        STATUS   AGE
default                     Active   16m
kapp-controller             Active   110s
kube-node-lease             Active   16m
kube-public                 Active   16m
kube-system                 Active   16m
secretgen-controller        Active   84s
tanzu-cluster-essentials    Active   2m4s
tanzu-package-repo-global   Active   110s
$ k get po -A
NAMESPACE              NAME                                    READY   STATUS    RESTARTS   AGE
kapp-controller        kapp-controller-d65495fdb-v2j4d         1/1     Running   0          2m11s
kube-system            aws-node-4n9qb                          1/1     Running   0          5m36s
kube-system            aws-node-zh6rt                          1/1     Running   0          5m36s
kube-system            coredns-56b458df85-mk7vt                1/1     Running   0          16m
kube-system            coredns-56b458df85-t2lkg                1/1     Running   0          16m
kube-system            kube-proxy-7mvpt                        1/1     Running   0          5m36s
kube-system            kube-proxy-r8pbh                        1/1     Running   0          5m36s
secretgen-controller   secretgen-controller-764f4dc5bc-dk8vw   1/1     Running   0          106s

– Download, extract and copy the kapp binary on a local bin folder

$ cp kapp /usr/local/bin/kapp
$ kapp version
kapp version 0.42.0

Succeeded

Download Tanzu CLI

– You can navigate to the following link to download Tanzu cli command line

https://network.tanzu.vmware.com/products/tanzu-application-platform/

– If you are using pivnet, run the following command.

$ pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='0.4.0' --product-file-id=1100110
2021/12/24 15:04:36 Downloading 'tanzu-framework-linux-amd64.tar' to 'tanzu-framework-linux-amd64.tar'
 784.54 MiB / 784.54 MiB [==========================================] 100.00% 3s
2021/12/24 15:04:40 Verifying SHA256
2021/12/24 15:04:42 Successfully verified SHA256

– Extract the downloaded tanzu tar file

$ tar -xvf tanzu-framework-linux-amd64.tar
cli/
cli/login/
cli/login/v0.12.0/
cli/login/v0.12.0/tanzu-login-linux_amd64
cli/login/plugin.yaml
cli/core/
cli/core/v0.12.0/
cli/core/v0.12.0/tanzu-core-linux_amd64
cli/core/plugin.yaml
cli/accelerator/
cli/accelerator/v0.5.0/
cli/accelerator/v0.5.0/tanzu-accelerator-linux_amd64
cli/accelerator/plugin.yaml
cli/package/
cli/package/v0.12.0/
cli/package/v0.12.0/tanzu-package-linux_amd64
cli/package/plugin.yaml
cli/manifest.yaml
cli/apps/
cli/apps/plugin.yaml
cli/apps/v0.3.0/
cli/apps/v0.3.0/tanzu-apps-linux_amd64
cli/management-cluster/
cli/management-cluster/v0.12.0/
cli/management-cluster/v0.12.0/tanzu-management-cluster-linux_amd64
cli/management-cluster/plugin.yaml
cli/secret/
cli/secret/v0.12.0/
cli/secret/v0.12.0/tanzu-secret-linux_amd64
cli/secret/plugin.yaml
cli/cluster/
cli/cluster/v0.12.0/
cli/cluster/v0.12.0/tanzu-cluster-linux_amd64
cli/cluster/plugin.yaml
cli/kubernetes-release/
cli/kubernetes-release/v0.12.0/
cli/kubernetes-release/v0.12.0/tanzu-kubernetes-release-linux_amd64
cli/kubernetes-release/plugin.yaml
cli/services/
cli/services/v0.1.0/
cli/services/v0.1.0/tanzu-services-linux_amd64
cli/services/plugin.yaml
cli/pinniped-auth/
cli/pinniped-auth/v0.12.0/
cli/pinniped-auth/v0.12.0/tanzu-pinniped-auth-linux_amd64
cli/pinniped-auth/plugin.yaml

– Install the CLI and plugins

$ sudo install cli/core/v0.12.0/tanzu-core-linux_amd64 /usr/local/bin/tanzu
$ tanzu version
version: v0.12.0
buildDate: 2021-11-25
sha: ff02d464



$ tanzu config set features.global.context-aware-cli-for-plugins false
$ tanzu plugin install --local cli all

– Validate the tanzu installed plugins

$ tanzu plugin list
  NAME                LATEST VERSION  DESCRIPTION                                                                                                                                         REPOSITORY  VERSION  STATUS             
  accelerator                         Manage accelerators in a Kubernetes cluster                                                                                                                     v0.5.0   installed          
  apps                                Applications on Kubernetes                                                                                                                                      v0.3.0   installed          
  cluster             v0.13.1         Kubernetes cluster operations                                                                                                                       core        v0.12.0  upgrade available  
  imagepullsecret                     Manage image pull secret operations. Image pull secrets enable the package and package repository consumers to authenticate to private registries.              v0.5.0   installed          
  kubernetes-release  v0.13.1         Kubernetes release operations                                                                                                                       core        v0.12.0  upgrade available  
  login               v0.13.1         Login to the platform                                                                                                                               core        v0.12.0  upgrade available  
  management-cluster  v0.13.1         Kubernetes management cluster operations                                                                                                            core        v0.12.0  upgrade available  
  package             v0.13.1         Tanzu package management                                                                                                                            core        v0.12.0  upgrade available  
  pinniped-auth       v0.13.1         Pinniped authentication operations (usually not directly invoked)                                                                                   core        v0.12.0  upgrade available  
  secret              v0.13.1         Tanzu secret management                                                                                                                             core        v0.12.0  upgrade available  
  services                            Discover Service Types and manage Service Instances (ALPHA)                                                                                                     v0.1.0   installed          

Installing TAP

– Add the Tanzu Application Platform package repository

$ export INSTALL_REGISTRY_USERNAME=TANZU-NET-USER
$ export INSTALL_REGISTRY_PASSWORD=TANZU-NET-PASSWORD
$ export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com

– Create a namespace

$ kubectl create ns tap-install

namespace/tap-install created

– Create a registry secret

$ tanzu secret registry add tap-registry \
>   --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} \
>   --server ${INSTALL_REGISTRY_HOSTNAME} \
>   --export-to-all-namespaces --yes --namespace tap-install
Warning: By choosing --export-to-all-namespaces, given secret contents will be available to ALL users in ALL namespaces. Please ensure that included registry credentials allow only read-only access to the registry with minimal necessary scope.


| Adding registry secret 'tap-registry'... 
 Added registry secret 'tap-registry' into namespace 'tap-install'
 Exported registry secret 'tap-registry' to all namespaces

– Add a TAP repository

$ tanzu package repository add tanzu-tap-repository \
>   --url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:0.4.0 \
>   --namespace tap-install
/ Adding package repository 'tanzu-tap-repository' 
\ Adding package repository 'tanzu-tap-repository' 
| Validating provided settings for the package repository 
| Creating package repository resource 
- Waiting for 'PackageRepository' reconciliation for 'tanzu-tap-repository' 
\ 'PackageRepository' resource install status: Reconciling 

Added package repository 'tanzu-tap-repository' in namespace 'tap-install'

– List the package

$ tanzu package repository get tanzu-tap-repository --namespace tap-install
| Retrieving repository tanzu-tap-repository... 
\ Retrieving repository tanzu-tap-repository... 
NAME:          tanzu-tap-repository
VERSION:       4122
REPOSITORY:    registry.tanzu.vmware.com/tanzu-application-platform/tap-packages
TAG:           0.4.0
STATUS:        Reconcile succeeded
REASON:        

– List available packages in a newly added TAP repository

$ tanzu package available list --namespace tap-install
| Retrieving available packages... 
- Retrieving available packages... 
  NAME                                                 DISPLAY-NAME                                                              SHORT-DESCRIPTION                                                                                                                                              LATEST-VERSION  
  accelerator.apps.tanzu.vmware.com                    Application Accelerator for VMware Tanzu                                  Used to create new projects and configurations.                                                                                                                0.5.1           
  api-portal.tanzu.vmware.com                          API portal                                                                A unified user interface to enable search, discovery and try-out of API endpoints at ease.                                                                     1.0.6           
  build.appliveview.tanzu.vmware.com                   Application Live View Conventions for VMware Tanzu                        Application Live View convention server                                                                                                                        1.0.0           
  buildservice.tanzu.vmware.com                        Tanzu Build Service                                                       Tanzu Build Service enables the building and automation of containerized software workflows securely and at scale.                                             1.4.0-build.1   
  cartographer.tanzu.vmware.com                        Cartographer                                                              Kubernetes native Supply Chain Choreographer.                                                                                                                  0.0.8-rc.7      
  cnrs.tanzu.vmware.com                                Cloud Native Runtimes                                                     Cloud Native Runtimes is a serverless runtime based on Knative                                                                                                 1.1.0           
  controller.conventions.apps.tanzu.vmware.com         Convention Service for VMware Tanzu                                       Convention Service enables app operators to consistently apply desired runtime configurations to fleets of workloads.                                          0.4.2           
  controller.source.apps.tanzu.vmware.com              Tanzu Source Controller                                                   Tanzu Source Controller enables workload create/update from source code.                                                                                       0.2.0           
  developer-conventions.tanzu.vmware.com               Tanzu App Platform Developer Conventions                                  Developer Conventions                                                                                                                                          0.4.0-build1    
  fluxcd.source.controller.tanzu.vmware.com            Flux Source Controller                                                    The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, Helm repositories and S3 buckets.      0.16.0          
  image-policy-webhook.signing.run.tanzu.vmware.com    Image Policy Webhook                                                      Image Policy Webhook enables defining of a policy to restrict unsigned container images.                                                                       1.0.0-beta.2    
  learningcenter.tanzu.vmware.com                      Learning Center for Tanzu Application Platform                            Guided technical workshops                                                                                                                                     0.1.0-build.6   
  ootb-delivery-basic.tanzu.vmware.com                 Tanzu App Platform Out of The Box Delivery Basic                          Out of The Box Delivery Basic.                                                                                                                                 0.4.0-build.2   
  ootb-supply-chain-basic.tanzu.vmware.com             Tanzu App Platform Out of The Box Supply Chain Basic                      Out of The Box Supply Chain Basic.                                                                                                                             0.4.0-build.2   
  ootb-supply-chain-testing-scanning.tanzu.vmware.com  Tanzu App Platform Out of The Box Supply Chain with Testing and Scanning  Out of The Box Supply Chain with Testing and Scanning.                                                                                                         0.4.0-build.2   
  ootb-supply-chain-testing.tanzu.vmware.com           Tanzu App Platform Out of The Box Supply Chain with Testing               Out of The Box Supply Chain with Testing.                                                                                                                      0.4.0-build.2   
  ootb-templates.tanzu.vmware.com                      Tanzu App Platform Out of The Box Templates                               Out of The Box Templates.                                                                                                                                      0.4.0-build.2   
  run.appliveview.tanzu.vmware.com                     Application Live View for VMware Tanzu                                    App for monitoring and troubleshooting running apps                                                                                                            1.0.0           
  scst-grype.apps.tanzu.vmware.com                     Grype for Supply Chain Security Tools - Scan                              Default scan templates using Anchore Grype                                                                                                                     1.0.0           
  scst-scan.apps.tanzu.vmware.com                      Supply Chain Security Tools - Scan                                        Scan for vulnerabilities and enforce policies directly within Kubernetes native Supply Chains.                                                                 1.0.0           
  scst-store.tanzu.vmware.com                          Supply Chain Security Tools - Store                                       Post SBoMs and query for image, package, and vulnerability metadata.                                                                                           1.0.0-beta.2    
  service-bindings.labs.vmware.com                     Service Bindings for Kubernetes                                           Service Bindings for Kubernetes implements the Service Binding Specification.                                                                                  0.6.0           
  services-toolkit.tanzu.vmware.com                    Services Toolkit                                                          The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.).  0.5.0-rc.3      
  spring-boot-conventions.tanzu.vmware.com             Tanzu Spring Boot Conventions Server                                      Default Spring Boot convention server.                                                                                                                         0.2.0           
  tap-gui.tanzu.vmware.com                             Tanzu Application Platform GUI                                            web app graphical user interface for Tanzu Application Platform                                                                                                1.0.0-rc.72     
  tap-telemetry.tanzu.vmware.com                       Telemetry Collector for Tanzu Application Platform                        Tanzu Application Plaform Telemetry                                                                                                                            0.1.1           
  tap.tanzu.vmware.com                                 Tanzu Application Platform                                                Package to install a set of TAP components to get you started based on your use case.                                                                          0.4.0           
  tekton.tanzu.vmware.com                              Tekton Pipelines                                                          Tekton Pipelines is a framework for creating CI/CD systems.                                                                                                    0.30.0          
  workshops.learningcenter.tanzu.vmware.com            Workshop Building Tutorial                                                Workshop Building Tutorial                                                                                                                                     0.1.0-build.7   

– Create a tap-values.yml file, update the values. Below is the detail of full profile.

profile: full
ceip_policy_disclosed: true # Installation fails if this is set to 'false'
buildservice:
  kp_default_repository: "registry name"
  kp_default_repository_username: "username"
  kp_default_repository_password: "container registry password"
  tanzunet_username: "dinesh.tripathi30@gmail.com"
  tanzunet_password: "your tanzu net password"

supply_chain: basic

ootb_supply_chain_basic:
  registry:
    server: "registry server"
    repository: "registryserver/build-service"

learningcenter:
  ingressDomain: "demo.com"

tap_gui:
  service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer

metadata_store:
  app_service_type: LoadBalancer # (optional) Defaults to LoadBalancer. Change to NodePort for distributions that don't support LoadBalancer

grype:
  namespace: "default" # (optional) Defaults to default namespace.
  targetImagePullSecret: "tap-registry"

Modify the values accordingly,

  • KP-DEFAULT-REPO is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
    • Harbor has the form kp_default_repository: "my-harbor.io/my-project/build-service"
    • Dockerhub has the form kp_default_repository: "my-dockerhub-user/build-service" or kp_default_repository: "index.docker.io/my-user/build-service"
    • Google Cloud Registry has the form kp_default_repository: "gcr.io/my-project/build-service"
  • KP-DEFAULT-REPO-USERNAME is the username that can write to KP-DEFAULT-REPO. You should be able to docker push to this location with this credential.
    • For Google Cloud Registry, use kp_default_repository_username: _json_key
  • KP-DEFAULT-REPO-PASSWORD is the password for the user that can write to KP-DEFAULT-REPO. You can docker push to this location with these credentials.
    • For Google Cloud Registry, use the contents of the service account JSON key.
  • SERVER-NAME is the hostname of the registry server. Examples:
    • Harbor has the form server: "my-harbor.io"
    • Dockerhub has the form server: "index.docker.io"
    • Google Cloud Registry has the form server: "gcr.io"
  • REPO-NAME is where workload images are stored in the registry. Images are written to SERVER-NAME/REPO-NAME/workload-name. Examples:
    • Harbor has the form repository: "my-project/supply-chain"
    • Dockerhub has the form repository: "my-dockerhub-user"
    • Google Cloud Registry has the form repository: "my-project/supply-chain"
  • DOMAIN-NAME has a value such as learningcenter.example.com.
  • MY-DEV-NAMESPACE is the namespace where you want the ScanTemplates to be deployed to. This is the namespace where the scanning feature is going to run.
  • REGISTRY-CREDENTIALS-SECRET is the name of the secret that contains the credentials to pull the scanner image from the registry.

– Install the package

$ tanzu package install tap -p tap.tanzu.vmware.com -v 0.4.0 --values-file tap-values.yml -n tap-install
| Installing package 'tap.tanzu.vmware.com' 
| Installing package 'tap.tanzu.vmware.com' 
| Getting package metadata for 'tap.tanzu.vmware.com' 
| Creating service account 'tap-tap-install-sa' 
| Creating cluster admin role 'tap-tap-install-cluster-role' 
| Creating cluster role binding 'tap-tap-install-cluster-rolebinding' 
| Creating secret 'tap-tap-install-values' 
| Creating package resource 
- Waiting for 'PackageInstall' reconciliation for 'tap' 
\ 'PackageInstall' resource install status: Reconciling 



 Added installed package 'tap'

TAP Validation

– See the newly created namespace

$ k get ns --sort-by .metadata.creationTimestamp
NAME                        STATUS   AGE
kube-system                 Active   38m
kube-public                 Active   38m
kube-node-lease             Active   38m
default                     Active   38m
tanzu-cluster-essentials    Active   7m49s
kapp-controller             Active   7m39s
tanzu-package-repo-global   Active   7m39s
tap-install                 Active   7m18s
secretgen-controller        Active   7m14s
api-portal                  Active   6m4s
tekton-pipelines            Active   6m2s
scan-link-system            Active   6m1s
service-bindings            Active   5m57s
source-system               Active   5m57s
tap-telemetry               Active   5m56s
flux-system                 Active   5m56s
services-toolkit            Active   5m55s
cert-manager                Active   5m51s
stacks-operator-system      Active   5m26s
kpack                       Active   5m26s
build-service               Active   5m26s
image-policy-system         Active   4m56s
metadata-store              Active   4m56s
cartographer-system         Active   4m53s
conventions-system          Active   4m53s
tanzu-system-ingress        Active   4m42s
developer-conventions       Active   3m31s
spring-boot-convention      Active   3m30s
app-live-view               Active   3m28s
alv-convention              Active   3m28s
tap-gui                     Active   2m55s
accelerator-system          Active   2m55s
learningcenter              Active   2m54s
knative-serving             Active   2m54s
knative-eventing            Active   2m52s
knative-sources             Active   2m48s
vmware-sources              Active   2m47s
triggermesh                 Active   2m46s
learning-center-guided-ui   Active   49s

– Validate the pod’s status

$ kubectl get po  -A
NAMESPACE                   NAME                                                   READY   STATUS    RESTARTS   AGE
accelerator-system          acc-engine-df4f54c55-z5625                             1/1     Running   0          3m16s
accelerator-system          acc-server-79fbd56465-rf9t9                            1/1     Running   0          3m15s
accelerator-system          accelerator-controller-manager-84b5f8fcb8-l67ml        1/1     Running   0          3m16s
alv-convention              appliveview-webhook-7b89c5784-zswv6                    1/1     Running   0          3m49s
api-portal                  api-portal-server-d8b64f8f6-csznx                      1/1     Running   0          6m27s
app-live-view               application-live-view-connector-qbhls                  1/1     Running   0          3m50s
app-live-view               application-live-view-connector-xqkzh                  1/1     Running   0          3m50s
app-live-view               application-live-view-server-5fcb88bc44-54j2d          1/1     Running   0          3m50s
build-service               build-pod-image-fetcher-qzkfw                          5/5     Running   0          5m42s
build-service               build-pod-image-fetcher-vnd2f                          5/5     Running   0          5m43s
build-service               cert-injection-webhook-678cf86cbd-j6rlv                1/1     Running   0          5m44s
build-service               dependency-updater-controller-5b9cdb68b8-fzqw7         1/1     Running   0          5m44s
build-service               secret-syncer-controller-6d9d7b7579-nn9nd              1/1     Running   0          5m43s
build-service               smart-warmer-image-fetcher-pr499                       2/2     Running   0          4m13s
build-service               smart-warmer-image-fetcher-x7nwk                       2/2     Running   0          4m17s
build-service               warmer-controller-69d468c4f8-hvntm                     1/1     Running   0          5m44s
cartographer-system         cartographer-controller-68f744dfd5-zh48l               1/1     Running   0          4m47s
cert-manager                cert-manager-cainjector-78788d5ccb-vtdmf               1/1     Running   0          6m7s
cert-manager                cert-manager-f7b5c749b-t8d9c                           1/1     Running   0          6m7s
cert-manager                cert-manager-webhook-778b55cc55-tbzfd                  1/1     Running   0          6m7s
conventions-system          conventions-controller-manager-5cb8d85974-h7g46        1/1     Running   0          4m48s
developer-conventions       webhook-7fd549bcc6-8wvq7                               1/1     Running   0          3m54s
flux-system                 source-controller-7cd6575d49-wr4sg                     1/1     Running   0          6m16s
image-policy-system         image-policy-controller-manager-b55cf67d4-8spsp        2/2     Running   0          5m10s
kapp-controller             kapp-controller-69f6849f4-r6lz9                        1/1     Running   0          8m
knative-eventing            eventing-controller-78c8c54b47-vts95                   1/1     Running   0          2m59s
knative-eventing            eventing-webhook-7b768db87-m2759                       1/1     Running   0          2m58s
knative-eventing            eventing-webhook-7b768db87-mbtpq                       1/1     Running   0          2m44s
knative-eventing            imc-controller-66b76b69dc-sc7fv                        1/1     Running   0          2m58s
knative-eventing            imc-dispatcher-6b955c746f-drjlw                        1/1     Running   0          2m57s
knative-eventing            mt-broker-controller-8648d6b67b-l52ms                  1/1     Running   0          2m57s
knative-eventing            mt-broker-filter-654b666c9b-dk5zp                      1/1     Running   0          2m57s
knative-eventing            mt-broker-ingress-8b65987c5-h5xqq                      1/1     Running   0          2m57s
knative-eventing            rabbitmq-broker-controller-6596bc6747-9754q            1/1     Running   0          2m57s
knative-eventing            rabbitmq-broker-webhook-7d8c4596-fftwx                 1/1     Running   0          2m56s
knative-eventing            sugar-controller-7d85d8d4f9-zjclq                      1/1     Running   0          2m55s
knative-serving             activator-6d8dbbcd98-ljmnf                             1/1     Running   0          2m45s
knative-serving             activator-6d8dbbcd98-pff6t                             1/1     Running   0          3m
knative-serving             activator-6d8dbbcd98-tx922                             1/1     Running   0          2m45s
knative-serving             autoscaler-67b6c85895-8k65l                            1/1     Running   0          3m
knative-serving             autoscaler-hpa-74cf95c66b-tfxlv                        1/1     Running   0          2m59s
knative-serving             controller-984f94756-865c9                             1/1     Running   0          3m
knative-serving             domain-mapping-f97c47b9c-4sqsb                         1/1     Running   0          3m
knative-serving             domainmapping-webhook-6d6b89c8bb-swjrg                 1/1     Running   0          2m59s
knative-serving             net-certmanager-controller-7764ff74d7-84984            1/1     Running   0          2m55s
knative-serving             net-certmanager-webhook-59db89bdc6-s44lf               1/1     Running   0          2m55s
knative-serving             net-contour-controller-546fff7656-dp945                1/1     Running   0          2m59s
knative-serving             webhook-6b5cf4b457-dln8d                               1/1     Running   0          2m44s
knative-serving             webhook-6b5cf4b457-kp7f5                               1/1     Running   0          2m59s
knative-sources             rabbitmq-controller-manager-7b785685cc-8z9m7           1/1     Running   0          2m55s
knative-sources             rabbitmq-webhook-6d97d46cf7-kmmxv                      1/1     Running   0          2m55s
kpack                       kpack-controller-584fbb6bf7-jvk9p                      1/1     Running   0          5m43s
kpack                       kpack-webhook-7b7979b5d7-4cqpl                         1/1     Running   0          5m44s
kube-system                 aws-node-459pl                                         1/1     Running   0          26m
kube-system                 aws-node-rs7km                                         1/1     Running   0          26m
kube-system                 coredns-5c778788f4-bcrf2                               1/1     Running   0          38m
kube-system                 coredns-5c778788f4-kd6zv                               1/1     Running   0          38m
kube-system                 kube-proxy-642p8                                       1/1     Running   0          26m
kube-system                 kube-proxy-8fb7f                                       1/1     Running   0          26m
learning-center-guided-ui   learningcenter-portal-5f94dc9c69-cf5nc                 1/1     Running   0          71s
learningcenter              learningcenter-operator-d948b57c8-6sfrz                1/1     Running   0          3m13s
learningcenter              learningcenter-prepull-cg2wb                           1/1     Running   0          3m13s
learningcenter              learningcenter-prepull-lqpjr                           1/1     Running   0          3m13s
metadata-store              metadata-store-app-f59dbcd7f-ql2pc                     2/2     Running   1          4m47s
metadata-store              metadata-store-db-6f8c79bc98-cftsb                     1/1     Running   0          4m47s
scan-link-system            scan-link-controller-manager-7645cd96cb-p6zqz          2/2     Running   0          6m18s
secretgen-controller        secretgen-controller-6bbb9949bf-d9nzr                  1/1     Running   0          7m35s
service-bindings            manager-775c9cd45f-wt8zz                               1/1     Running   0          6m16s
services-toolkit            services-toolkit-controller-manager-5d56565f8c-svtxp   1/1     Running   0          6m16s
source-system               source-controller-manager-5d8bb557b8-ds62c             1/1     Running   0          6m16s
spring-boot-convention      spring-boot-webhook-7c688567b8-cp5j7                   1/1     Running   0          3m52s
stacks-operator-system      controller-manager-546ff686d4-q5xsv                    1/1     Running   0          5m44s
tanzu-system-ingress        contour-74fb8d5db5-bv77z                               1/1     Running   0          4m47s
tanzu-system-ingress        contour-74fb8d5db5-hx6fw                               1/1     Running   0          4m48s
tanzu-system-ingress        envoy-bphg4                                            2/2     Running   0          4m47s
tanzu-system-ingress        envoy-pr4j5                                            2/2     Running   0          4m48s
tap-gui                     server-7d47b7d6bd-rp7d6                                1/1     Running   0          3m16s
tap-telemetry               tap-telemetry-controller-d5c8ff4df-2p4rh               1/1     Running   0          6m17s
tekton-pipelines            tekton-pipelines-controller-765bf4b755-n5pc9           1/1     Running   0          6m20s
tekton-pipelines            tekton-pipelines-webhook-778f9df57d-vr5qn              1/1     Running   0          6m20s
triggermesh                 aws-event-sources-controller-58c59896f9-pcn9p          1/1     Running   0          3m
vmware-sources              webhook-d8854d84c-gwtgh                                1/1     Running   0          2m55s

– Validate the services

$ kubectl get svc -A
NAMESPACE                   NAME                                              TYPE           CLUSTER-IP       EXTERNAL-IP                                                               PORT(S)                              AGE
accelerator-system          acc-engine                                        ClusterIP      172.20.4.76      <none>                                                                    80/TCP                               3m42s
accelerator-system          acc-server                                        LoadBalancer   172.20.128.136   a5024d173f9d44eb2a36985e8649e8d8-1994162405.us-east-2.elb.amazonaws.com   80:30110/TCP                         3m42s
alv-convention              appliveview-webhook                               ClusterIP      172.20.33.19     <none>                                                                    443/TCP                              4m17s
api-portal                  api-portal-server                                 ClusterIP      172.20.13.23     <none>                                                                    8080/TCP                             6m54s
app-live-view               application-live-view-5112                        ClusterIP      172.20.253.167   <none>                                                                    80/TCP                               4m17s
app-live-view               application-live-view-7000                        ClusterIP      172.20.155.174   <none>                                                                    7000/TCP                             4m17s
build-service               cert-injection-webhook                            ClusterIP      172.20.177.121   <none>                                                                    443/TCP                              6m11s
cartographer-system         cartographer-webhook                              ClusterIP      172.20.225.16    <none>                                                                    443/TCP                              5m40s
cert-manager                cert-manager                                      ClusterIP      172.20.89.96     <none>                                                                    9402/TCP                             6m34s
cert-manager                cert-manager-webhook                              ClusterIP      172.20.231.225   <none>                                                                    443/TCP                              6m34s
conventions-system          conventions-controller-manager-metrics-service    ClusterIP      172.20.8.129     <none>                                                                    8443/TCP                             5m35s
conventions-system          conventions-webhook-service                       ClusterIP      172.20.132.201   <none>                                                                    443/TCP                              5m35s
default                     kubernetes                                        ClusterIP      172.20.0.1       <none>                                                                    443/TCP                              39m
developer-conventions       webhook                                           ClusterIP      172.20.251.114   <none>                                                                    443/TCP                              4m21s
flux-system                 source-controller                                 ClusterIP      172.20.153.53    <none>                                                                    80/TCP                               6m43s
image-policy-system         image-policy-controller-manager-metrics-service   ClusterIP      172.20.247.8     <none>                                                                    8443/TCP                             5m37s
image-policy-system         image-policy-webhook-service                      ClusterIP      172.20.202.123   <none>                                                                    443/TCP                              5m37s
kapp-controller             packaging-api                                     ClusterIP      172.20.5.3       <none>                                                                    443/TCP                              8m27s
knative-eventing            broker-filter                                     ClusterIP      172.20.146.52    <none>                                                                    80/TCP,9092/TCP                      3m25s
knative-eventing            broker-ingress                                    ClusterIP      172.20.15.200    <none>                                                                    80/TCP,9092/TCP                      3m25s
knative-eventing            eventing-webhook                                  ClusterIP      172.20.98.225    <none>                                                                    443/TCP                              3m26s
knative-eventing            imc-dispatcher                                    ClusterIP      172.20.33.215    <none>                                                                    80/TCP,9090/TCP                      3m26s
knative-eventing            inmemorychannel-webhook                           ClusterIP      172.20.143.189   <none>                                                                    443/TCP,9090/TCP,8008/TCP            3m26s
knative-eventing            rabbitmq-broker-webhook                           ClusterIP      172.20.226.80    <none>                                                                    443/TCP                              3m25s
knative-serving             activator-service                                 ClusterIP      172.20.63.229    <none>                                                                    9090/TCP,8008/TCP,80/TCP,81/TCP      3m27s
knative-serving             autoscaler                                        ClusterIP      172.20.224.109   <none>                                                                    9090/TCP,8008/TCP,8080/TCP           3m27s
knative-serving             autoscaler-bucket-00-of-01                        ClusterIP      172.20.244.146   <none>                                                                    8080/TCP                             2m34s
knative-serving             autoscaler-hpa                                    ClusterIP      172.20.75.52     <none>                                                                    9090/TCP,8008/TCP                    3m26s
knative-serving             controller                                        ClusterIP      172.20.88.97     <none>                                                                    9090/TCP,8008/TCP                    3m27s
knative-serving             domainmapping-webhook                             ClusterIP      172.20.68.252    <none>                                                                    9090/TCP,8008/TCP,443/TCP            3m27s
knative-serving             net-certmanager-controller                        ClusterIP      172.20.39.51     <none>                                                                    9090/TCP,8008/TCP                    3m24s
knative-serving             net-certmanager-webhook                           ClusterIP      172.20.162.165   <none>                                                                    9090/TCP,8008/TCP,443/TCP            3m24s
knative-serving             webhook                                           ClusterIP      172.20.1.211     <none>                                                                    9090/TCP,8008/TCP,443/TCP            3m26s
knative-sources             rabbitmq-controller                               ClusterIP      172.20.93.35     <none>                                                                    443/TCP                              3m25s
knative-sources             rabbitmq-webhook                                  ClusterIP      172.20.116.161   <none>                                                                    443/TCP                              3m25s
kpack                       kpack-webhook                                     ClusterIP      172.20.103.214   <none>                                                                    443/TCP                              6m11s
kube-system                 kube-dns                                          ClusterIP      172.20.0.10      <none>                                                                    53/UDP,53/TCP                        39m
learning-center-guided-ui   learningcenter-portal                             ClusterIP      172.20.216.58    <none>                                                                    8080/TCP                             98s
metadata-store              metadata-store-app                                LoadBalancer   172.20.92.246    a1f8b030b65a94810a596e4de88ea96f-1547981846.us-east-2.elb.amazonaws.com   8443:30871/TCP                       5m43s
metadata-store              metadata-store-db                                 ClusterIP      172.20.102.147   <none>                                                                    5432/TCP                             5m43s
scan-link-system            scan-link-controller-manager-metrics-service      ClusterIP      172.20.234.202   <none>                                                                    8443/TCP                             6m45s
service-bindings            webhook                                           ClusterIP      172.20.200.45    <none>                                                                    443/TCP                              6m43s
source-system               source-controller-manager-artifact-service        ClusterIP      172.20.110.3     <none>                                                                    80/TCP                               6m43s
source-system               source-controller-manager-metrics-service         ClusterIP      172.20.195.63    <none>                                                                    8443/TCP                             6m43s
spring-boot-convention      spring-boot-webhook                               ClusterIP      172.20.218.131   <none>                                                                    443/TCP                              4m19s
stacks-operator-system      controller-manager-metrics-service                ClusterIP      172.20.63.183    <none>                                                                    8443/TCP                             6m11s
tanzu-system-ingress        contour                                           ClusterIP      172.20.144.140   <none>                                                                    8001/TCP                             5m27s
tanzu-system-ingress        envoy                                             NodePort       172.20.191.127   <none>                                                                    80:30855/TCP,443:31251/TCP           5m27s
tap-gui                     server                                            LoadBalancer   172.20.225.181   ab1f6e07232bf4e5d84dba69d7104828-784328296.us-east-2.elb.amazonaws.com    7000:31735/TCP                       3m44s
tekton-pipelines            tekton-pipelines-controller                       ClusterIP      172.20.215.214   <none>                                                                    9090/TCP,8008/TCP,8080/TCP           6m47s
tekton-pipelines            tekton-pipelines-webhook                          ClusterIP      172.20.121.38    <none>                                                                    9090/TCP,8008/TCP,443/TCP,8080/TCP   6m48s
vmware-sources              webhook                                           ClusterIP      172.20.242.238   <none>                                                                    443/TCP                              3m24s

Configuring TAP GUI

– Download the Blank Catalog binary from the Tanzu Network

– If you are using pivnet, you can run the following command.

$ pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='0.4.0' --product-file-id=1099786
2021/12/25 21:05:00 Downloading 'tap-gui-blank-catalog.tgz' to 'tap-gui-blank-catalog.tgz'
 25.50 KiB / 25.50 KiB [============================================] 100.00% 0s
2021/12/25 21:05:01 Verifying SHA256
2021/12/25 21:05:01 Successfully verified SHA256

– Extract the binary

$ tar -xzvf tap-gui-blank-catalog.tgz         
x ./blank/README.md
x ./blank/catalog-info.yaml
x ./blank/components/
x ./blank/components/mkdocs.yml
x ./blank/components/docs/
x ./blank/components/tap-gui.yaml
x ./blank/components/docs/index.md
x ./blank/components/docs/add-docs.md
x ./blank/docs/
x ./blank/docs/index.md
x ./blank/docs/add-docs.md
x ./blank/domains/
x ./blank/domains/mkdocs.yml
x ./blank/domains/tap-gui-domain.yaml
x ./blank/domains/docs/
x ./blank/domains/docs/index.md
x ./blank/domains/docs/add-docs.md
x ./blank/groups/
x ./blank/groups/default-team.yaml
x ./blank/groups/guest-user.yaml
x ./blank/groups/default-org.yaml
x ./blank/mkdocs.yml
x ./blank/systems/
x ./blank/systems/mkdocs.yml
x ./blank/systems/docs/
x ./blank/systems/tap-gui-system.yaml
x ./blank/systems/docs/index.md
x ./blank/systems/docs/add-docs.md

– Modify the tap-values.yml in the “tap_gui” section

tap_gui:
  service_type: LoadBalancer # NodePort for distributions that don't support LoadBalancer
  app_config:
    app:
      baseUrl: http://tapguiexternalip:7000
    integrations:
      github: # Other integrations available see NOTE below
        - host: github.com
          token: <githubsecret>
    catalog:
      locations:
        - type: url
          target: https://github.com/dineshtripathi30/tanzuapp/blob/main/blank/catalog-info.yaml
    backend:
        baseUrl: http://tapguiexternalip:7000
        cors:
          origin: http://tapguiexternalip:7000

– Update the TAP package

$ tanzu package installed update tap \
>  --package-name tap.tanzu.vmware.com \
>  --version 0.4.0 -n tap-install \
>  -f tap-values.yml
| Updating installed package 'tap' 
- Getting package install for 'tap' I1225 15:43:57.685897   30224 request.go:665] Waited for 1.046553047s due to client-side throttling, not priority and fairness, request: GET:https://9CFF52E2CC2900806D6CC4D79A47DF7B.gr7.us-east-2.eks.amazonaws.com/apis/rbac.authorization.k8s.io/v1?timeout=32s
- Getting package install for 'tap' 
| Getting package metadata for 'tap.tanzu.vmware.com' 
| Updating secret 'tap-tap-install-values' 
| Updating package install for 'tap' 
- Waiting for 'PackageInstall' reconciliation for 'tap' 

Updated installed package 'tap' in namespace 'tap-install'

– Validate the installed packages

$ k get apps -A
NAMESPACE     NAME                       DESCRIPTION           SINCE-DEPLOY   AGE
tap-install   accelerator                Reconcile succeeded   4m57s          57m
tap-install   api-portal                 Reconcile succeeded   8m51s          60m
tap-install   appliveview                Reconcile succeeded   6m14s          58m
tap-install   appliveview-conventions    Reconcile succeeded   6m26s          58m
tap-install   buildservice               Reconcile succeeded   4m30s          60m
tap-install   cartographer               Reconcile succeeded   7m30s          59m
tap-install   cert-manager               Reconcile succeeded   7m23s          60m
tap-install   cnrs                       Reconcile succeeded   3m57s          57m
tap-install   contour                    Reconcile succeeded   5m38s          59m
tap-install   conventions-controller     Reconcile succeeded   7m2s           59m
tap-install   developer-conventions      Reconcile succeeded   6m54s          58m
tap-install   fluxcd-source-controller   Reconcile succeeded   9m1s           60m
tap-install   grype                      Reconcile succeeded   7m25s          58m
tap-install   image-policy-webhook       Reconcile succeeded   8m6s           59m
tap-install   learningcenter             Reconcile succeeded   4m37s          57m
tap-install   learningcenter-workshops   Reconcile succeeded   4m24s          55m
tap-install   ootb-delivery-basic        Reconcile succeeded   6m39s          57m
tap-install   ootb-supply-chain-basic    Reconcile succeeded   6m41s          57m
tap-install   ootb-templates             Reconcile succeeded   7m3s           58m
tap-install   scanning                   Reconcile succeeded   7m49s          60m
tap-install   scst-store                 Reconcile succeeded   6m42s          59m
tap-install   service-bindings           Reconcile succeeded   9m10s          60m
tap-install   services-toolkit           Reconcile succeeded   8m58s          60m
tap-install   source-controller          Reconcile succeeded   9m7s           60m
tap-install   spring-boot-conventions    Reconcile succeeded   6m40s          58m
tap-install   tap                        Reconcile succeeded   4m36s          60m
tap-install   tap-gui                    Reconcile succeeded   5m11s          57m
tap-install   tap-telemetry              Reconcile succeeded   9m7s           60m
tap-install   tekton-pipelines           Reconcile succeeded   9m9s           60m

– Access the GUI, Get external IP address and append the port number, by default it’s 7000

– Click on Enter

For more detail, You can refer VMware TAP official documentation

https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/0.4/tap/GUID-install.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s