Tanzu DevOps Platform
TAP ENV
# AWS
export AWS_PROFILE=Altair
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
export AWS_DEFAULT_REGION=ap-southeast-1
export AWS_REGION=ap-southeast-1
# TKG
export TKG_CUSTOM_IMAGE_REPOSITORY="registry.altair-lab.com/tkg"
export TKG_IMAGE_REPO="projects.registry.vmware.com/tkg"
# export TKG_CUSTOM_IMAGE_REPOSITORY_CA_CERTIFICATE=""
export TKG_CUSTOM_IMAGE_REPOSITORY_CA_CERTIFICATE=""
export TKG_CUSTOM_IMAGE_REPOSITORY_SKIP_TLS_VERIFY=false
export TKG_BOM_IMAGE_TAG="v2.1.0"
#export TKG_BOM_IMAGE_TAG="v1.6.4"
# TAP
#export IMGPKG_REGISTRY_HOSTNAME=
#export IMGPKG_REGISTRY_USERNAME=
#export IMGPKG_REGISTRY_PASSWORD=
export IMGPKG_REGISTRY_HOSTNAME=
export IMGPKG_REGISTRY_USERNAME=admin
export IMGPKG_REGISTRY_PASSWORD=
export INSTALL_REGISTRY_HOSTNAME=
export INSTALL_REPO=tap
export INSTALL_REGISTRY_USERNAME=admin
export INSTALL_REGISTRY_PASSWORD=
export TAP_VERSION=1.4.0
export REGISTRY_CA_PATH=/root/ca.crt
export VERSION=1.9.0
Shell
๋ณต์ฌ
TAP deploy
## ๊ฐ๋ฐ์ ๋ค์์คํ์ด์ค ์ํฌ๋ฆฟ
# ํฌ๋ฆฌ๋ด์
์ถ๊ฐ
tanzu secret registry add registry-credentials --server $INSTALL_REGISTRY_HOSTNAME --username $INSTALL_REGISTRY_USERNAME --password $INSTALL_REGISTRY_PASSWORD --namespace default
# ์๋ฌ์
kubectl create secret docker-registry registry-credentials --docker-server=$INSTALL_REGISTRY_HOSTNAME --docker-username=$INSTALL_REGISTRY_USERNAME --docker-password=$INSTALL_REGISTRY_PASSWORD --namespace default
# ์ ์ฉ
kubectl -n YOUR-NAMESPACE apply -f set-up-ns.yaml
# ์ค์น ๊ฐ๋ฅํ ํจํค์ง ์กฐํ
imgpkg tag list -i registry.tanzu.vmware.com/tanzu-application-platform/tap-packages | grep -v sha | sort -V
# ํจํค์ง tar๋ก ๋ฐ์์ค๊ธฐ
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:${TAP_VERSION} --to-tar tap-packages-${TAP_VERSION}.tar --include-non-distributable-layers
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/full-tbs-deps-package-repo:${VERSION} --to-tar tbs-full-deps-${VERSION}.tar
# ํจํค์ง tar๋ก ๋ฃ๊ธฐ
imgpkg copy --tar tap-packages-${TAP_VERSION}.tar --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tap-packages --include-non-distributable-layers --registry-verify-certs=false
imgpkg copy --tar tbs-full-deps-${VERSION}.tar --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tbs-full-deps --registry-verify-certs=false
# ํจํค์ง ๋ฐ๋ก๋ฃ๊ธฐ
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:${TAP_VERSION} --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tap-packages
imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/full-tbs-deps-package-repo:${VERSION} --to-repo ${INSTALL_REGISTRY_HOSTNAME}/tap/tbs-full-deps
# ๋ค์์คํ์ด์ค ์์ฑ
kubectl create ns tap-install
kubectl create ns build-service
tanzu secret registry add tap-registry \
--server $INSTALL_REGISTRY_HOSTNAME \
--username $INSTALL_REGISTRY_USERNAME \
--password $INSTALL_REGISTRY_PASSWORD \
--namespace tap-install \
--export-to-all-namespaces \
--yes
# ๋ ์ง์คํธ๋ฆฌ ์ํฌ๋ฆฟ ์ถ๊ฐ
tanzu secret registry add tap-registry --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace tap-install
tanzu secret registry add tbs-full-deps-repository --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace tap-install
tanzu secret registry add tbs-full-deps-repository --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace build-service
# ํจํค์ง ๋ ์ง์คํธ๋ฆฌ ์ถ๊ฐ
tanzu package repository add tap-repository --url ${INSTALL_REGISTRY_HOSTNAME}/tap/tap-packages:${TAP_VERSION} --namespace tap-install
tanzu package repository add tbs-full-deps-repository --url ${INSTALL_REGISTRY_HOSTNAME}/tap/tbs-full-deps:${VERSION} --namespace tap-install
# ํจํค์ง ๋ ์ง์คํธ๋ฆฌ ์ญ์
tanzu package repository delete tanzu-tap-repository --namespace tap-install
tanzu package repository delete tbs-full-deps-repository --namespace tap-install
# ํจํค์ง ๋ ์ง์คํธ๋ฆฌ ํ์ธ
tanzu package repository get tanzu-tap-repository --namespace tap-install
tanzu package repository get tbs-full-deps-repository --namespace tap-install
# ์ค์น ๊ฐ๋ฅํ ํจํค์ง ํ์ธ
tanzu package available list --namespace tap-install
# ํจํค์ง ์ค์น
tanzu package install tap -p tap.tanzu.vmware.com -v ${TAP_VERSION} -n tap-install --values-file tap-values.yaml
tanzu package install full-tbs-deps -p full-tbs-deps.tanzu.vmware.com -v ${VERSION} -n tap-install
# ํจํค์ง ์
๋ฐ์ดํธ
tanzu package installed update tap -p tap.tanzu.vmware.com -v ${TAP_VERSION} --values-file tap-values.yaml -n tap-install
tanzu package installed update full-tbs-deps -p full-tbs-deps.tanzu.vmware.com -v ${VERSION} -n tap-install
# ํจํค์ง ์ญ์
tanzu package installed delete tap -n tap-install
tanzu package installed delete tbs-full-deps -n tap-install
# ์ค์นํ ํจํค์ง ํ์ธ
tanzu package installed list -n tap
Bash
๋ณต์ฌ
set-up-ns.yaml
apiVersion: v1
kind: Secret
metadata:
name: tap-registry
annotations:
secretgen.carvel.dev/image-pull-secret: ""
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30K
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
secrets:
- name: registry-credentials
imagePullSecrets:
- name: registry-credentials
- name: tap-registry
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: default-permit-deliverable
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: deliverable
subjects:
- kind: ServiceAccount
name: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: default-permit-workload
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: workload
subjects:
- kind: ServiceAccount
name: default
Bash
๋ณต์ฌ
โข
tanzu app
# Workload ๋ฐฐํฌ / source๋ ๊น
tanzu apps workload create tanzu-java-web-app \
--git-repo https://github.com/kshong05311129/tanzu-java-web-app-tap-hol \
--git-branch main \
--type web \
--label app.kubernetes.io/part-of=tanzu-java-web-app \
--yes \
--namespace default
# Workload ๋ฆฌ์คํธ ์กฐํ
tanzu apps workload list
# Workload app ์กฐํ
tanzu apps workload get tanzu-java-web-app
# kubectl ๊ณผ ๋น๊ต
kubectl get pod -n default
Shell
๋ณต์ฌ
์ํ๋ผ์ด ์ฒด์ธ์ง์ ์ด๊ทธ๋ํผ๋ก ๊ฐ๋ฐ์, ์ด์์ ์ค๊ฐ ์ฌ์ด์ sec์ ๋ช
ํํ
๋ถ๋ฆฌ๋ฅผ ์ ๊ณตํ๋ค
๊ฐ๋ฐ์๋ ์ฝ๋ ๊ฐ๋ฐ์ ์ง์ค์ ํ๊ณ ,
์ด์์๋ ์ํ๋ผ์ด ์ฒด์ธ์ ์ ์ํ๊ธฐ ์ํด ์ง์คํ๊ณ , ์์ฐ๊ฒฝ๋ก๋ฅผ ์๋ํ ํ๋ค.
๊ฐ๋ฐ์๋ค์ด ๋ก์ปฌํ๊ฒฝ์์ ๋๋ฒ๊ทธ๋ฅผ ํ๊ณ ์ปค๋ฐ์ํ๋ ์๊ฐ ์ํ๋ผ์ด ์ฒด์ธ์ด
์ ์ ๋ ๋๋ค ์ด์ํ์์
kubectl get workload,gitrepository,pipelinerun,images.kpack,podintent,app,services.serving
Bash
๋ณต์ฌ
TAP standalone Deploy
# Install kapp-controller (v0.29.0+)
kapp deploy -y -a kc -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/download/v0.29.0/release.yml
# Install secretgen-controller (v0.6.0+)
kapp deploy -y -a sg -f https://github.com/vmware-tanzu/carvel-secretgen-controller/releases/download/v0.6.0/release.yml
# Install cert manager
kapp deploy -y -a cm -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml
JavaScript
๋ณต์ฌ
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: kapp-controller-sa
namespace: kapp-controller-packaging-global
EOF
# Note: This is a very open ClusterRole at present, we are aiming to refine the permissions in an upcoming release.
cat <<EOF | kubectl apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kapp-controller-services-toolkit
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
EOF
cat <<EOF | kubectl apply -f -
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kapp-controller-services-toolkit
subjects:
- kind: ServiceAccount
name: kapp-controller-sa
namespace: kapp-controller-packaging-global
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kapp-controller-services-toolkit
EOF
JavaScript
๋ณต์ฌ
kubectl create secret docker-registry tap-registry \
--namespace=kapp-controller-packaging-global \
--docker-username='${INSTALL_REGISTRY_USERNAME}' \
--docker-password='${INSTALL_REGISTRY_PASSWORD}' \
--docker-server='${INSTALL_REGISTRY_HOSTNAME}' \
--dry-run=client -oyaml \
| kubectl apply -f -
cat <<EOF | kubectl apply -f -
---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretExport
metadata:
name: tap-registry
namespace: kapp-controller-packaging-global
spec:
toNamespaces:
- "*"
EOF
JavaScript
๋ณต์ฌ
cat <<EOF | kubectl apply -f -
---
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: PackageMetadata
metadata:
name: services-toolkit.tanzu.vmware.com
namespace: kapp-controller-packaging-global
spec:
categories:
- services
displayName: Services Toolkit
longDescription: |
The Services Toolkit comprises a number of Kubernetes native components which support the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.) on Kubernetes. These components are:
* Service Offering
* Service Resource Claims
* Service API Projection (Experimental)
* Service Resource Replication (Experimental)
maintainers:
- name: The Services Control Plane team
providerName: VMware
shortDescription: The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.).
supportDescription: https://tanzu.vmware.com/support
EOF
cat <<EOF | kubectl apply -f -
---
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
name: services-toolkit.tanzu.vmware.com.0.5.1
namespace: kapp-controller-packaging-global
spec:
refName: services-toolkit.tanzu.vmware.com
version: "0.5.1"
template:
spec:
fetch:
- imgpkgBundle:
image: ${INSTALL_REGISTRY_HOSTNAME}/tap-packages@sha256:9f739406ada507ee3b0590301633666357371581897d44a95db1f7b8b5c6926d
template:
- ytt:
paths:
- "config/"
- kbld:
paths:
- "-"
- "kbld.yaml"
- ".imgpkg/images.yml"
deploy:
- kapp: {}
EOF
JavaScript
๋ณต์ฌ