Deploying Tanzu Application Platform 1.2 on Amazon EKS using AWS QuickStart

This Quick Start reference deployment guide provides step-by-step instructions for deploying the Tanzu Application Platform 1.2 within an Amazon Elastic Kubernetes Service (Amazon EKS) clusters. Following are the two deployment options supported:

  • TAP Deployment in a new VPC

https://aws-quickstart.s3.amazonaws.com/quickstart-vmware-tanzu-application-platform/templates/aws-tap-entrypoint-new-vpc.template.yaml

  • TAP Deployment with an existing VPC

https://aws-quickstart.s3.amazonaws.com/quickstart-vmware-tanzu-application-platform/templates/aws-tap-entrypoint-existing-vpc.template.yaml

Depending on which method you opt for deployment, download the cloudformation template using above links. In this blog post, I am using first option (TAP Deployment in a new VPC).

Deployment Architecture

Deploying this Quick Start with default parameters builds the following Tanzu Application Platform environment in the AWS Cloud.

Ref: https://aws-quickstart.github.io/quickstart-vmware-tanzu-application-platform/#_architecture

Pre-requirements

  • EC2 Key Pair
  • Resource Quota (Listed here)
  • VMware Tanzu Network Account (You can follow the instructions here)
  • Accept EULA’s (Here is the list of EULA you need to accept)
  • Remote access CIDR range (This is needed to access Windows and Linux Jumpboxes that will deployed during install process.

Deployment Steps

  • Login to an AWS environment and go to CloudFormation service
  • Click Create Stack option to deploy a quick start template
  • Select the highlighted options. You need to select the cloudformation template you downloaded earlier in above section. Click Next.
  • You need to fill up very minimal set of information. e.g. Stack Name, Remote Access CIDR, Tanzu network username, password, refresh token and EKS cluster name. To know more about parameters, you can refer the instructions here.
  • Click Next
  • Click Next
  • Select the checkboxes and click on the Create Stack option.
  • Deployment process takes around ~2 hours if we have selected to relocate images. If not, then it will take around ~1 hour but this is not a recommended approach from VMware side.
  • Once completed successfully, you can see the status of stack as below.
  • Deployment is completed successfully.

Validate Outputs

Once the deployment completed successfully, click on the deployed stack and navigate to the Outputs tab. You will notice that there are 12 parameters with the values listed. Note down the values as you will need them for other validations.

Validate TAP GUI

  • Login to Windows Jumpbox and access the TAP GUI url listed in output tab in the above section. Remember, you can not access this url from your own laptop as there is private hosted zone created by quick start deployment under Route 53.

Validate TAP Deployment on an EKS Cluster

  • Login to the Linux machine and list the installed tanzu packages
$ tanzu package installed list -A

  NAME                       PACKAGE-NAME                                        PACKAGE-VERSION  STATUS               NAMESPACE    
  accelerator                accelerator.apps.tanzu.vmware.com                   1.2.1            Reconcile succeeded  tap-install  
  api-portal                 api-portal.tanzu.vmware.com                         1.0.21           Reconcile succeeded  tap-install  
  appliveview                backend.appliveview.tanzu.vmware.com                1.2.0            Reconcile succeeded  tap-install  
  appliveview-connector      connector.appliveview.tanzu.vmware.com              1.2.0            Reconcile succeeded  tap-install  
  appliveview-conventions    conventions.appliveview.tanzu.vmware.com            1.2.0            Reconcile succeeded  tap-install  
  appsso                     sso.apps.tanzu.vmware.com                           1.0.0            Reconcile succeeded  tap-install  
  buildservice               buildservice.tanzu.vmware.com                       1.6.0            Reconcile succeeded  tap-install  
  cartographer               cartographer.tanzu.vmware.com                       0.4.2            Reconcile succeeded  tap-install  
  cert-manager               cert-manager.tanzu.vmware.com                       1.5.3+tap.2      Reconcile succeeded  tap-install  
  cnrs                       cnrs.tanzu.vmware.com                               1.3.0            Reconcile succeeded  tap-install  
  contour                    contour.tanzu.vmware.com                            1.18.2+tap.2     Reconcile succeeded  tap-install  
  conventions-controller     controller.conventions.apps.tanzu.vmware.com        0.7.0            Reconcile succeeded  tap-install  
  developer-conventions      developer-conventions.tanzu.vmware.com              0.7.0            Reconcile succeeded  tap-install  
  fluxcd-source-controller   fluxcd.source.controller.tanzu.vmware.com           0.16.4           Reconcile succeeded  tap-install  
  grype                      grype.scanning.apps.tanzu.vmware.com                1.2.2            Reconcile succeeded  tap-install  
  image-policy-webhook       image-policy-webhook.signing.apps.tanzu.vmware.com  1.1.3            Reconcile succeeded  tap-install  
  learningcenter             learningcenter.tanzu.vmware.com                     0.2.1            Reconcile succeeded  tap-install  
  learningcenter-workshops   workshops.learningcenter.tanzu.vmware.com           0.2.1            Reconcile succeeded  tap-install  
  metadata-store             metadata-store.apps.tanzu.vmware.com                1.2.2            Reconcile succeeded  tap-install  
  ootb-delivery-basic        ootb-delivery-basic.tanzu.vmware.com                0.8.0-build.4    Reconcile succeeded  tap-install  
  ootb-supply-chain-testing  ootb-supply-chain-testing.tanzu.vmware.com          0.8.0-build.4    Reconcile succeeded  tap-install  
  ootb-templates             ootb-templates.tanzu.vmware.com                     0.8.0-build.4    Reconcile succeeded  tap-install  
  policy-controller          policy.apps.tanzu.vmware.com                        1.0.1            Reconcile succeeded  tap-install  
  scanning                   scanning.apps.tanzu.vmware.com                      1.2.2            Reconcile succeeded  tap-install  
  service-bindings           service-bindings.labs.vmware.com                    0.7.2            Reconcile succeeded  tap-install  
  services-toolkit           services-toolkit.tanzu.vmware.com                   0.7.1            Reconcile succeeded  tap-install  
  source-controller          controller.source.apps.tanzu.vmware.com             0.4.1            Reconcile succeeded  tap-install  
  spring-boot-conventions    spring-boot-conventions.tanzu.vmware.com            0.4.1            Reconcile succeeded  tap-install  
  tap                        tap.tanzu.vmware.com                                1.2.0            Reconcile succeeded  tap-install  
  tap-auth                   tap-auth.tanzu.vmware.com                           1.0.1            Reconcile succeeded  tap-install  
  tap-gui                    tap-gui.tanzu.vmware.com                            1.2.3            Reconcile succeeded  tap-install  
  tap-telemetry              tap-telemetry.tanzu.vmware.com                      0.2.0            Reconcile succeeded  tap-install  
  tekton-pipelines           tekton.tanzu.vmware.com                             0.33.5           Reconcile succeeded  tap-install  

  • List Worker Nodes
$ kubectl get nodes
NAME                          STATUS   ROLES    AGE   VERSION
ip-10-0-23-69.ec2.internal    Ready    <none>   39m   v1.21.12-eks-5308cf7
ip-10-0-29-236.ec2.internal   Ready    <none>   39m   v1.21.12-eks-5308cf7
ip-10-0-57-184.ec2.internal   Ready    <none>   39m   v1.21.12-eks-5308cf7
ip-10-0-86-228.ec2.internal   Ready    <none>   39m   v1.21.12-eks-5308cf7

Troubleshooting Tips

During deployment, I faced one issue and it was due to my mistake.

  • Error #1 : failed to create: [LinuxBastionSshIngressRule, WindowsBastionRdpIngressRule, EKSQSStack]
  • Resolution: Remote access CIDR should not be blank. Provide a CIDR range that you want to configure for remote access. Just for a quick deployment, you can also try out 0.0.0.0/0. Remember this is not a best practise.

Documentation

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s