🟨

Tanzu Application Platform

Tanzu DevOps Platform

TAP ENV

# AWS
export AWS_PROFILE=Altair
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
export AWS_DEFAULT_REGION=ap-southeast-1
export AWS_REGION=ap-southeast-1

# TKG
export TKG_CUSTOM_IMAGE_REPOSITORY="registry.altair-lab.com/tkg"
export TKG_IMAGE_REPO="projects.registry.vmware.com/tkg"
# export TKG_CUSTOM_IMAGE_REPOSITORY_CA_CERTIFICATE=""
export TKG_CUSTOM_IMAGE_REPOSITORY_CA_CERTIFICATE=""
export TKG_CUSTOM_IMAGE_REPOSITORY_SKIP_TLS_VERIFY=false
export TKG_BOM_IMAGE_TAG="v2.1.0"
#export TKG_BOM_IMAGE_TAG="v1.6.4"

# TAP
#export IMGPKG_REGISTRY_HOSTNAME=
#export IMGPKG_REGISTRY_USERNAME=
#export IMGPKG_REGISTRY_PASSWORD=
export IMGPKG_REGISTRY_HOSTNAME=
export IMGPKG_REGISTRY_USERNAME=admin
export IMGPKG_REGISTRY_PASSWORD=

export INSTALL_REGISTRY_HOSTNAME=
export INSTALL_REPO=tap
export INSTALL_REGISTRY_USERNAME=admin
export INSTALL_REGISTRY_PASSWORD=
export TAP_VERSION=1.4.0
export REGISTRY_CA_PATH=/root/ca.crt
export VERSION=1.9.0
Shell
복사

TAP deploy

## 개발자 네임스페이스 시크릿
# 크리덴셜 추가
tanzu secret registry add registry-credentials --server $INSTALL_REGISTRY_HOSTNAME --username $INSTALL_REGISTRY_USERNAME --password $INSTALL_REGISTRY_PASSWORD --namespace default
# 에러시
kubectl create secret docker-registry registry-credentials --docker-server=$INSTALL_REGISTRY_HOSTNAME --docker-username=$INSTALL_REGISTRY_USERNAME --docker-password=$INSTALL_REGISTRY_PASSWORD --namespace default
# 적용
kubectl -n YOUR-NAMESPACE apply -f set-up-ns.yaml

# 설치 가능한 패키지 조회
imgpkg tag list -i registry.tanzu.vmware.com/tanzu-application-platform/tap-packages | grep -v sha | sort -V

# 패키지 tar로 받아오기
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:${TAP_VERSION} --to-tar tap-packages-${TAP_VERSION}.tar --include-non-distributable-layers
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/full-tbs-deps-package-repo:${VERSION} --to-tar tbs-full-deps-${VERSION}.tar

# 패키지 tar로 넣기
imgpkg copy --tar tap-packages-${TAP_VERSION}.tar --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tap-packages --include-non-distributable-layers --registry-verify-certs=false
imgpkg copy --tar tbs-full-deps-${VERSION}.tar --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tbs-full-deps --registry-verify-certs=false

# 패키지 바로넣기
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:${TAP_VERSION} --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tap-packages
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/full-tbs-deps-package-repo:${VERSION} --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tbs-full-deps

# 네임스페이스 생성
kubectl create ns tap-install
kubectl create ns build-service

tanzu secret registry add tap-registry \
    --server   $INSTALL_REGISTRY_HOSTNAME \
    --username $INSTALL_REGISTRY_USERNAME \
    --password $INSTALL_REGISTRY_PASSWORD \
    --namespace tap-install \
    --export-to-all-namespaces \
    --yes

# 레지스트리 시크릿 추가
tanzu secret registry add tap-registry --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace tap-install
tanzu secret registry add tbs-full-deps-repository --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace tap-install
tanzu secret registry add tbs-full-deps-repository --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace build-service

# 패키지 레지스트리 추가
tanzu package repository add tap-repository --url ${INSTALL_REGISTRY_HOSTNAME}/tap/tap-packages:${TAP_VERSION} --namespace tap-install
tanzu package repository add tbs-full-deps-repository --url ${INSTALL_REGISTRY_HOSTNAME}/tap/tbs-full-deps:${VERSION} --namespace tap-install

# 패키지 레지스트리 삭제
tanzu package repository delete tanzu-tap-repository --namespace tap-install
tanzu package repository delete tbs-full-deps-repository --namespace tap-install

# 패키지 레지스트리 확인
tanzu package repository get tanzu-tap-repository --namespace tap-install
tanzu package repository get tbs-full-deps-repository --namespace tap-install

# 설치 가능한 패키지 확인
tanzu package available list --namespace tap-install

# 패키지 설치
tanzu package install tap -p tap.tanzu.vmware.com -v ${TAP_VERSION} -n tap-install --values-file tap-values.yaml 
tanzu package install full-tbs-deps -p full-tbs-deps.tanzu.vmware.com -v ${VERSION} -n tap-install

# 패키지 업데이트
tanzu package installed update tap -p tap.tanzu.vmware.com -v ${TAP_VERSION} --values-file tap-values.yaml -n tap-install
tanzu package installed update full-tbs-deps -p full-tbs-deps.tanzu.vmware.com -v ${VERSION} -n tap-install

# 패키지 삭제
tanzu package installed delete tap -n tap-install
tanzu package installed delete tbs-full-deps -n tap-install

# 설치한 패키지 확인
tanzu package installed list -n tap
Bash
복사

set-up-ns.yaml

apiVersion: v1
kind: Secret
metadata:
  name: tap-registry
  annotations:
    secretgen.carvel.dev/image-pull-secret: ""
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: e30K
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
secrets:
  - name: registry-credentials
imagePullSecrets:
  - name: registry-credentials
  - name: tap-registry
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default-permit-deliverable
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: deliverable
subjects:
  - kind: ServiceAccount
    name: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default-permit-workload
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: workload
subjects:
  - kind: ServiceAccount
    name: default
Bash
복사

•

tanzu app

# Workload 배포 / source는 깃
tanzu apps workload create tanzu-java-web-app \
--git-repo https://github.com/kshong05311129/tanzu-java-web-app-tap-hol \
--git-branch main \
--type web \
--label app.kubernetes.io/part-of=tanzu-java-web-app \
--yes \
--namespace default


# Workload 리스트 조회
tanzu apps workload list

# Workload app 조회
tanzu apps workload get tanzu-java-web-app

# kubectl 과 비교
kubectl get pod -n default



Shell
복사

서플라이 체인지의 초그래피로 개발자, 운영자 중간 사이의 sec의 명확한
분리를 제공한다
개발자는 코드 개발에 집중을 하고,
운영자는 서플라이 체인을 정의하기 위해 집중하고, 생산경로를 자동화 한다.
개발자들이 로컬환경에서 디버그를 하고 커밋을하는 순간 서플라이 체인이
정의 될 때다 운영팀에서

kubectl get workload,gitrepository,pipelinerun,images.kpack,podintent,app,services.serving
Bash
복사

TAP standalone Deploy

# Install kapp-controller (v0.29.0+)
kapp deploy -y -a kc -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/download/v0.29.0/release.yml

# Install secretgen-controller (v0.6.0+)
kapp deploy -y -a sg -f https://github.com/vmware-tanzu/carvel-secretgen-controller/releases/download/v0.6.0/release.yml

# Install cert manager
kapp deploy -y -a cm -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml


JavaScript
복사

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kapp-controller-sa
  namespace: kapp-controller-packaging-global
EOF

# Note: This is a very open ClusterRole at present, we are aiming to refine the permissions in an upcoming release.
cat <<EOF | kubectl apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kapp-controller-services-toolkit
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
EOF

cat <<EOF | kubectl apply -f -
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kapp-controller-services-toolkit
subjects:
- kind: ServiceAccount
  name: kapp-controller-sa
  namespace: kapp-controller-packaging-global
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kapp-controller-services-toolkit
EOF
JavaScript
복사

kubectl create secret docker-registry tap-registry \
  --namespace=kapp-controller-packaging-global \
  --docker-username='${INSTALL_REGISTRY_USERNAME}' \
  --docker-password='${INSTALL_REGISTRY_PASSWORD}' \
  --docker-server='${INSTALL_REGISTRY_HOSTNAME}' \
  --dry-run=client -oyaml \
  | kubectl apply -f -

cat <<EOF | kubectl apply -f -
---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretExport
metadata:
  name: tap-registry
  namespace: kapp-controller-packaging-global
spec:
  toNamespaces:
  - "*"
EOF
JavaScript
복사

cat <<EOF | kubectl apply -f -
---
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: PackageMetadata
metadata:
  name: services-toolkit.tanzu.vmware.com
  namespace: kapp-controller-packaging-global
spec:
  categories:
  - services
  displayName: Services Toolkit
  longDescription: |
    The Services Toolkit comprises a number of Kubernetes native components which support the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.) on Kubernetes. These components are:
    * Service Offering
    * Service Resource Claims
    * Service API Projection (Experimental)
    * Service Resource Replication (Experimental)
  maintainers:
  - name: The Services Control Plane team
  providerName: VMware
  shortDescription: The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.).
  supportDescription: https://tanzu.vmware.com/support
EOF

cat <<EOF | kubectl apply -f -
---
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
  name: services-toolkit.tanzu.vmware.com.0.5.1
  namespace: kapp-controller-packaging-global
spec:
  refName: services-toolkit.tanzu.vmware.com
  version: "0.5.1"
  template:
    spec:
      fetch:
      - imgpkgBundle:
          image: ${INSTALL_REGISTRY_HOSTNAME}/tap-packages@sha256:9f739406ada507ee3b0590301633666357371581897d44a95db1f7b8b5c6926d
      template:
      - ytt:
          paths:
          - "config/"
      - kbld:
          paths:
          - "-"
          - "kbld.yaml"
          - ".imgpkg/images.yml"
      deploy:
      - kapp: {}
EOF
JavaScript
복사