Tanzu Application Platform 快速部署

  VMware Tanzu Application Platform ( 简称TAP ) 1.0 的在1月份正式GA,作为Tanzu 家族的新一代 PaaS 平台。TAP 是一个模块化的应用感知平台,它提供了一组丰富的开发人员工具和一条预先配置好可装配的生产流水线,在任何认证公共云或本地的 Kubernetes 集群上更快速、更安全地构建和部署软件。

开局照例一张图,清晰展现 TAP 详细技术架构,详细介绍参考拙文 新一代 PaaS 平台 Tanzu Application Platform初探

7f4cde299dd963cd9fcd15f54b78e470.png

上一篇 TAP 介绍文章之后,我们需要介绍如何部署 TAP,体会卓越的开发者体验,由于本公众号重心是 Tanzu 的解决方案,不介绍 TAP 在其他认证的 K8s 部署(可以参考官方文档,比TKGm需要多安装配置一个环境设置包 tanzu-cluster-essentials-darwin-amd64)。TKGm1.5.1 和 TAP 1.0.1 近期已经发布了,TAP 1.0.1 支持部署在 TKGm 1.5.1 上。

1

测试环境

0b138567d57049ccaa41b09476a4f3d7.png
角色版本备注
vcenter7.0.3c支持6.7U3 和7.x
ESX7.0.3c支持6.7U3 和7.x
AVI (NSX Advanced Load Balancer)20.1.6 2p9负载均衡和服务发布
bootstrapUbuntu 18.04.6 LTS登陆管理tkgm集群、vscode
DHCP/DNS/NTPwindows 2012
harborv2.4.1-c4b06d79本次测试harbor域名:harbor.xxxx.cn
Tkgm1.5.1目前Tap1.0.1官方支持 Tkgm 1.5.1
TAP1.0.1目前Tap1.0.1官方支持 Tkgm 1.5.1
githubhttps://github.com/目前使用公网github

2

部署流程

cdce6c5cdc6194a4afc154548117ef7a.png

先决条件

  • 注册Tanzu network 账户

注册 Tanzu network 账户,登陆以下网址:  https://network.tanzu.vmware.com/ 进行注册,此账户用来下载安装 TAP 相关组件。

  • 设置容器镜像仓库

设置容器镜像仓库,例如 Harbor 或 Docker Hub,至少有 10 GB 的可用存储空间,用于 TBS、应用程序镜像、基础镜像和运行时依赖项。需要有使用具有推送和写入访问权限的的账户,并创建项目目录。本次测试使用的是Harbor

d7ec3149fc64cb39a1ecc242bf90c4f5.png
  • 注册Github账户

      登陆 https://github.com/ 注册 Github 账户

  • 确保 TAP 使用的网络可以访问 https://registry.tanzu.vmware.com

  • 下载安装 pivnet 工具

  pivnet 用来访问 https://network.tanzu.vmware.com/,进行软件下载、EULA注册

  1. 在 bootstrap上下载 pivnet 工具

root@tanzu-virtual-machine:/home/tanzu/101# wget https://github.com/pivotal-cf/pivnet-cli/releases/download/v3.0.1/pivnet-linux-amd64-3.0.1
--2022-02-19 15:16:58--  https://github.com/pivotal-cf/pivnet-cli/releases/download/v3.0.1/pivnet-linux-amd64-3.0.1
Resolving github.com (github.com)... 140.82.112.3
Connecting to github.com (github.com)|140.82.112.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/71143994/96043e80-7841-11eb-946c-46c46f3be773?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220219T071904Z&X-Amz-Expires=300&X-Amz-Signature=88bb3373840a32cc9a70f08a276940df3b5fd333999ffe45da56f9b4af0ad0fe&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=71143994&response-content-disposition=attachment%3B%20filename%3Dpivnet-linux-amd64-3.0.1&response-content-type=application%2Foctet-stream [following]
--2022-02-19 15:16:59--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/71143994/96043e80-7841-11eb-946c-46c46f3be773?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220219T071904Z&X-Amz-Expires=300&X-Amz-Signature=88bb3373840a32cc9a70f08a276940df3b5fd333999ffe45da56f9b4af0ad0fe&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=71143994&response-content-disposition=attachment%3B%20filename%3Dpivnet-linux-amd64-3.0.1&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.110.133, 185.199.111.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11127122 (11M) [application/octet-stream]
Saving to: ‘pivnet-linux-amd64-3.0.1’

pivnet-linux-amd64-3.0.1                        100%[=====================================================================================================>]  10.61M  5.74MB/s    in 1.8s

2022-02-19 15:17:01 (5.74 MB/s) - ‘pivnet-linux-amd64-3.0.1’ saved [11127122/11127122]
  1. 在 bootstrap 上安装 pivnet 工具

root@tanzu-virtual-machine:/home/tanzu/101# ls
pivnet-linux-amd64-3.0.1
root@tanzu-virtual-machine:/home/tanzu/101# chmod +x pivnet-linux-amd64-3.0.1
root@tanzu-virtual-machine:/home/tanzu/101# cp pivnet-linux-amd64-3.0.1 /usr/local/bin/pivnet
root@tanzu-virtual-machine:/home/tanzu/101# pivnet version
3.0.1
  1. 获取 tanzu network 获取 token

网页方式登陆 https://network.tanzu.vmware.com/ 创建 token,并拷贝 token

7a8dc79e33c0f3db21bf6301920f62e6.png 6b21ee53905c224c201951d69ef1662f.png 510a6e2d4c735c2377e23ee72bb9e650.png
  1. bootstrap 上用 pivnet 登陆 Tanzu network 账户

root@tanzu-virtual-machine:/home/tanzu/# pivnet login --api-token=f55682095b954a00a1fe630e3c883xxx
Logged-in successfully
  • bootstrap 下载安装 jq 工具

root@tanzu-virtual-machine:~/.kube# apt install jq
Reading package lists... Done
Building dependency tree
Reading state information... Done
jq is already the newest version (1.5+dfsg-2).
The following packages were automatically installed and are no longer required:
  efibootmgr libegl1-mesa libfwup1 libllvm9 libwayland-egl1-mesa linux-hwe-5.4-headers-5.4.0-96 linux-hwe-5.4-headers-5.4.0-97
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
  • TKGm 1.5.1 工作负载集群初始安装完成

TKGm 1.5.1 工作负载集群初始安装配置完成

TKGm 详细安装配置参考拙文 Tanzu学习系列之TKGm 1.4  for  vSphere 快速部署

备注:如果 TKGm1.5.1 使用 AVI 21.1.x 版本,参考 kb 文章进行设置https://kb.vmware.com/s/article/87640

root@tanzu-virtual-machine:~/.kube# tanzu cluster list tapn
  NAME  NAMESPACE  STATUS   CONTROLPLANE  WORKERS  KUBERNETES        ROLES   PLAN
  tapn  default    running  1/1           3/3      v1.21.2+vmware.1  <none>  prod

TKGm资源需求:

8 CPUs for i9 (or equivalent) available to Tanzu Application Platform components

12 CPUs for i7 (or equivalent) available to Tanzu Application Platform components

8 GB of RAM across all nodes available to Tanzu Application Platform

12 GB of RAM is available to build and deploy applications, including Minikube. VMware recommends 16 GB of RAM for an optimal experience.

70 GB of disk space available per nod

本次测试 TKGm 工作负载集群配置文件如下,以供参考

AVI_CONTROL_PLANE_HA_PROVIDER: "true"
CLUSTER_NAME: tapn
CLUSTER_PLAN: prod
INFRASTRUCTURE_PROVIDER: vsphere
OS_ARCH: amd64
OS_NAME: photon
OS_VERSION: "3"
CONTROL_PLANE_MACHINE_COUNT: 1
WORKER_MACHINE_COUNT: 2
VSPHERE_CONTROL_PLANE_NUM_CPUS: 3
VSPHERE_CONTROL_PLANE_DISK_GIB: 80
VSPHERE_CONTROL_PLANE_MEM_MIB: 16384
VSPHERE_WORKER_NUM_CPUS: 5
VSPHERE_WORKER_DISK_GIB: 80
VSPHERE_WORKER_MEM_MIB: 16384
VSPHERE_CONTROL_PLANE_DISK_GIB: "80"
VSPHERE_CONTROL_PLANE_MEM_MIB: 16384
VSPHERE_CONTROL_PLANE_NUM_CPUS: "4"
VSPHERE_CONTROL_PLANE_ENDPOINT: ""
VSPHERE_DATACENTER: /tanzu
VSPHERE_DATASTORE: /tanzu/datastore/localesx03a
VSPHERE_FOLDER: /tanzu/vm
VSPHERE_NETWORK: /tanzu/network/mgmt
VSPHERE_PASSWORD: <encoded:Vk13YXJlMSE=>
VSPHERE_RESOURCE_POOL: /tanzu/host/tkg/Resources
VSPHERE_SERVER: 192.168.110.22
VSPHERE_SSH_AUTHORIZED_KEY: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYETM7b/1OogJzesR3JgNBYw+gay48ixtgtIIkou0T8d6Tac3E3D/CRmlTUqvmrUJxbwP2vFgl6h/NL8GiC+glDEJKSCP6biorrrdokMV+Zn3pVQldcr7tCHpj4u737PDuH1DRB72bK//XgxNijQgeWkcJIttUcosMSwOr0kSw/R60eRR7cIl8v5RW+6E6OWCahOVoiyP6gO71o3psSrbyONgZ9XL2h3X22Z/tdJNGRFwWuSgaWPrCWo8ZpjDVEFV9cdCssFygwBgWOFgnMzaJmJYYrfb00ypnKBy5tcCueKDo2MjIw2HaN3x6SJDokxz4+wdFE0Ng9ReuYPx2+Vst2AJinZOQI8hb8553LD71lNvCirS02Kk3vZ8t83cEugt3Yk4zOdeYGpO7QSvY3U6EfyXlBqUqqX0OV1tLF8vba/uwmW7WZQGNgJ6db3x+5aomzduHoOZdUepMtvR4nUREdQbWWgKLIBQ0/f/b5KdtidEB1EEoP9yLOBqfcaExq+tqEMeh+UtLTTUxeEOYpBK834uEgGp4SObNP8lduqzW9wGwfTvAREiyWxU1RyxLi3CsLgaLqGutf79C+UF4LYWHPcjgIUV7J9S6v+Pa+7UmP8eaaBZgV7sa9+reVckO5d39az/CRGg+mO2PUlFq40DRggtRS8cC8/a2n2GrtkS0lQ== tkg@vcf.com
VSPHERE_TLS_THUMBPRINT: 23:89:0C:0F:5F:29:B1:58:B1:7C:13:DB:4C:2A:36:BD:B0:A7:C4:96
VSPHERE_USERNAME: administrator@vsphere.local

Tanzu Netowrk 相关产品组件EULA

EULA 是 End-User License Agreement 缩写,通过以下脚本,对 TAP 及相关组件进行EULA:

for p in $(pivnet products | grep 'tanzu-.*-buildpack' | awk '{print $4}');do
  echo $p
  pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
  echo
done
for p in $(pivnet products | grep 'tanzu-.*-stack' | awk '{print $4}');do
  echo $p
  pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
  echo
done
for p in build-service tbs-dependencies tanzu-application-platform api-portal;do
  echo $p
  pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
  echo
done

EULA 执行过程:

root@tanzu-virtual-machine:/home/tanzu/101# for p in $(pivnet products | grep 'tanzu-.*-buildpack' | awk '{print $4}');do
>   echo $p
>   pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
>   echo
> done
tanzu-luna-security-provider-buildpack

{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-dotnetframework-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-procfile-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-java-azure-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-01"}
tanzu-go-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-dotnet-core-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-nodejs-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-appdynamics-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-aspectj-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-checkmarx-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-java-native-image-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-01"}
tanzu-contrast-security-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-java-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-01"}
tanzu-dynatrace-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-elastic-apm-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-jacoco-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-jprofiler-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-python-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-new-relic-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-overops-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-01"}
tanzu-snyk-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-synopsys-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-yourkit-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-jrebel-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-apache-skywalking-buildpack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
root@tanzu-virtual-machine:/home/tanzu/101# for p in $(pivnet products | grep 'tanzu-.*-stack' | awk '{print $4}');do
>   echo $p
>   pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
>   echo
> done
tanzu-dotnetframework-servercore-stack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/200"}},"accepted_at":"2022-02-01"}
tanzu-tiny-bionic-stack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
tanzu-full-bionic-stack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-01"}
tanzu-base-bionic-stack
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-01"}
root@tanzu-virtual-machine:/home/tanzu/101# for p in build-service tbs-dependencies tanzu-application-platform api-portal;do
>   echo $p
>   pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
>   echo
> done
build-service
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/200"}},"accepted_at":"2021-07-30"}
tbs-dependencies
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-01"}
tanzu-application-platform
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/206"}},"accepted_at":"2022-02-19"}
api-portal
{"_links":{"eula":{"href":"https://network.tanzu.vmware.com/api/v2/eulas/200"}},"accepted_at":"2022-02-01"}

查看当前 Tanzu network 账户 EULA 的产品:

root@tanzu-virtual-machine:~/.kube#  pivnet eulas
+-----+---------------------------------------------------+--------------------------------+--------------------------+
| ID  |                       SLUG                        |              NAME              |       ARCHIVED AT        |
+-----+---------------------------------------------------+--------------------------------+--------------------------+
|  39 | pivotal_gpdb_eula                                 | Pivotal GPDB EULA              |                          |
|  40 | pivotal_geode_eula                                | Pivotal Geode EULA             |                          |
|  42 | free_non-production_eula                          | Pivotal Free Non-Production    |                          |
|     |                                                   | EULA                           |                          |
|  55 | stayup_io_eula                                    | StayUp io EULA                 |                          |
|  56 | iss_knowtify_eula                                 | ISS Knowtify EULA              |                          |
|  58 | gitlab_eula                                       | Gitlab EULA                    |                          |
|  59 | cloudbees_jenkins_eula                            | CloudBees Jenkins EULA         |                          |
|  62 | appdynamics_eula                                  | AppDynamics EULA               |                          |
|  69 | jfrog_eula                                        | JFrog EULA                     |                          |
|  71 | dynatrace_eula                                    | Dynatrace EULA                 |                          |
|  76 | vmware_photon_eula                                | VMware Photon Platform EULA    |                          |
| 206 | vmware_eula                                       | VMware Software EULA           |                          |
| 153 | altoros-eula                                      | Altoros EULA                   |                          |
|  73 | redis_labs_eula                                   | Redis Labs Enterprise Cluster  |                          |
|     |                                                   | EULA                           |                          |
| 155 | gluon-eula                                        | Gluon EULA                     |                          |
| 156 | pivotal_customer_0_eula                           | Pivotal Customer [0] EULA      |                          |
|  84 | vmware_esxi_eula                                  | VMware ESXi EULA               |                          |
| 157 | test                                              | TEST                           |                          |
|  86 | dingo-postgresql-eula                             | Dingo PostgreSQL EULA          |                          |
|  87 | alpine-eula                                       | Alpine EULA                    |                          |
| 122 | microsoft-azure-service-broker-eula               | Microsoft Azure Service Broker |                          |
|     |                                                   | EULA                           |                          |
| 158 | microsoft-azure-log-analytics-nozzle-eula         | Microsoft Azure Log Analytics  |                          |
|     |                                                   | Nozzle EULA                    |                          |
|  93 | iss-knowtify-ga-eula                              | ISS Knowtify GA EULA           |                          |
|  95 | cloudsoft-trial-eula                              | Cloudsoft Trial Software EULA  |                          |
|  96 | guardtime_federal_eula                            | Guardtime Federal EULA         |                          |
|  98 | pivotal-sdk-eula                                  | Pivotal SDK EULA               |                          |
|  99 | aerospike-eula                                    | Aerospike EULA                 |                          |
| 103 | tibco-eula                                        | TIBCO EULA – License Type:     |                          |
|     |                                                   | Evaluation – Term: 90 Days     |                          |
| 104 | azuqua-eula                                       | Azuqua EULA                    |                          |
| 105 | anynines-eula                                     | Anynines EULA                  |                          |
| 106 | first-data-eula                                   | First Data EULA                |                          |
| 109 | solace-eula                                       | Solace EULA                    |                          |
| 110 | mulesoft-beta-eula                                | Mulesoft Beta EULA             |                          |
| 111 | apache_2_eula                                     | Apache 2.0 EULA                |                          |
| 112 | forgerock-eula                                    | ForgeRock EULA                 |                          |
| 113 | wombatoam-eula                                    | WombatOAM EULA                 |                          |
| 114 | blue-medora-eula                                  | Blue Medora EULA               |                          |
| 115 | oracle-bcl                                        | Oracle Binary Code License     |                          |
|     |                                                   | Agreement                      |                          |
| 119 | crunchy-eval-eula                                 | Crunchy Evaluation Agreement   |                          |
| 121 | signal-sciences-tos                               | Signal Sciences Terms of       |                          |
|     |                                                   | Service                        |                          |
| 128 | hazelcast-eula                                    | Hazelcast EULA                 |                          |
| 129 | edge-installer-eula                               | Edge Installer EULA            |                          |
| 130 | dyadic-eula                                       | Dyadic EULA                    |                          |
| 132 | datometry-eula                                    | Datometry EULA                 |                          |
| 137 | mulesoft-eula                                     | MuleSoft EULA                  |                          |
| 142 | cloudflare-eula                                   | Cloudflare EULA                |                          |
| 146 | contrast-security-eula                            | Contrast Security EULA         |                          |
| 159 | dse-beta-eula                                     | DataStax Enterprise BETA EULA  |                          |
| 160 | pega-eula                                         | Pega EULA                      |                          |
| 185 | evolven-eula                                      | Evolven EULA                   |                          |
| 163 | starkandwayne-eula                                | Stark and Wayne EULA           |                          |
| 164 | ecs-service-broker-eula                           | ECS Service Broker EULA        |                          |
| 117 | splunk-beta-eula                                  | Splunk Beta EULA               |                          |
| 161 | altoros-heartbeat-eula-beta                       | Altoros Heartbeat EULA (BETA)  |                          |
| 166 | altoros-heartbeat-eula                            | Altoros Heartbeat EULA         |                          |
| 167 | on-demand                                         | Pivotal On-Demand Agreement    |                          |
| 168 | pivotal-container-service-eula                    | Pivotal PKS EULA               |                          |
| 170 | aquasec-eula                                      | Aqua Security EULA             |                          |
| 171 | smb-volume-service-eula                           | Microsoft SMB Volume Service   |                          |
|     |                                                   | EULA                           |                          |
| 172 | sentry-service-broker-eula                        | Sentry EULA                    |                          |
| 173 | azure-open-service-broker-pcf-eula                | Azure Open Service Broker for  |                          |
|     |                                                   | PCF EULA                       |                          |
| 174 | riverbed-appinternals-eula                        | Riverbed EULA                  |                          |
| 175 | minio-eula                                        | Minio EULA                     |                          |
| 176 | zettaset-xcrypt-eula                              | Zettaset Xcrypt EULA           |                          |
| 177 | snyk-eula                                         | Snyk EULA                      |                          |
| 178 | vormetric-transparent-encryption-eula             | Thales Vormetric EULA          |                          |
| 179 | yugabyte-eula                                     | YugaByte EULA                  |                          |
| 162 | boomi-data-services-eula                          | Dell Boomi Data Services EULA  |                          |
| 180 | telemetry-eula                                    | Pivotal Telemetry Opt-in &     |                          |
|     |                                                   | Collector End User License     |                          |
|     |                                                   | Agreement                      |                          |
| 181 | ibm-websphere-liberty-buildpack-eula              | IBM WebSphere Liberty          |                          |
|     |                                                   | Buildpack EULA                 |                          |
| 200 | vmware_eula_21                                    | VMware Software EULA 2021      |                          |
| 182 | twistlock-eula                                    | Twistlock EULA                 |                          |
| 186 | synopsys-eula                                     | Synopsys EULA                  |                          |
| 183 | cloudbees-core-eula                               | CloudBees Core EULA            |                          |
| 184 | heimdall-database-proxy-eula                      | Heimdall Data EULA             |                          |
| 187 | snappydata-eula                                   | SnappyData EULA                |                          |
| 188 | eulastest                                         | eula test                      |                          |
| 189 | egnineerbetter-control-tower-eula                 | EngineerBetter Control Tower   |                          |
|     |                                                   | EULA                           |                          |
| 190 | bitdefender-endpoint-eula                         | Bitdefender Endpoint EULA      |                          |
| 201 | qualys-eula                                       | Qualys-MCSA                    |                          |
| 120 | pivotal_software_eula                             | Pivotal Software EULA          | 2020-11-17T15:03:38.162Z |
| 202 | aws-service-broker-eula                           | AWS Service Broker EULA        |                          |
| 191 | telemetry-eula-v2                                 | Pivotal Telemetry Opt-In and   |                          |
|     |                                                   | Collector End User License     |                          |
|     |                                                   | Agreement v2                   |                          |
| 165 | splunk-eula                                       | Splunk EULA                    |                          |
| 204 | vmware-prerelease-eula                            | VMware Pre-Release EULA        |                          |
| 193 | instana-microservices-application-monitoring-eula | Instana EULA                   |                          |
| 194 | ibm-mq-eula                                       | IBM MQ Advanced for Developers |                          |
|     |                                                   | EULA                           |                          |
| 195 | overops                                           | OverOps EULA                   |                          |
| 196 | neo4j-enterprise                                  | Neo4j EULA                     |                          |
| 197 | dx-apm                                            | CA Technologies EULA           |                          |
|  22 | datastax_enterprise_eula                          | DataStax Enterprise EULA       |                          |
| 198 | axway-apim-service-broker                         | Axway EULA                     |                          |
| 192 | wso2-eula                                         | WSO2 EULA                      |                          |
| 131 | pivotal_beta_eula                                 | Pivotal Pre-Release EULA       | 2020-11-17T15:04:10.047Z |
| 199 | new-relic-eula                                    | New Relic EULA                 |                          |
| 169 | vmware-eula                                       | VMware Partnership EULA (Pre   | 2020-11-10T19:29:48.872Z |
|     |                                                   | Acquisition)                   |                          |
| 203 | vmware_beta_eula                                  | VMware Beta EULA               | 2020-11-17T15:04:34.131Z |
| 205 | vmware-tap-prerelease-eula                        | VMware Pre-Release EULA for    |                          |
|     |                                                   | Tanzu Application Platform     |                          |
+-----+---------------------------------------------------+--------------------------------+--------------------------+

下载安装Tanzu CLI、插件

在 bootstrap 上使用 pivnet 下载 Tanzu CLI 插件

备注:TKGm 1.5.1 与TAP1.0.1 使用的 Tanzu CLI 是相同的版本

  • 下载 Tanzu CLI

root@tanzu-virtual-machine:/home/tanzu/101# pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.0.1' --product-file-id=1156163
2022/02/19 16:11:51 Downloading 'tanzu-framework-linux-amd64.tar' to 'tanzu-framework-linux-amd64.tar'
 172.86 MiB / 172.86 MiB [==========================================] 100.00% 3s
2022/02/19 16:11:56 Verifying SHA256
2022/02/19 16:11:57 Successfully verified SHA256
  • 安装Tanzu CLI 和插件

root@tanzu-virtual-machine:/home/tanzu/101# tar xvf tanzu-framework-linux-amd64.tar
cli/
cli/core/
cli/core/v0.11.1/
cli/core/v0.11.1/tanzu-core-linux_amd64
cli/core/plugin.yaml
cli/accelerator/
cli/accelerator/v1.0.1/
cli/accelerator/v1.0.1/tanzu-accelerator-linux_amd64
cli/accelerator/v1.0.1/tanzu-accelerator-linux_386
cli/accelerator/plugin.yaml
cli/package/
cli/package/v0.11.1/
cli/package/v0.11.1/tanzu-package-linux_amd64
cli/package/plugin.yaml
cli/manifest.yaml
cli/apps/
cli/apps/v0.4.1/
cli/apps/v0.4.1/tanzu-apps-linux_386
cli/apps/v0.4.1/tanzu-apps-linux_amd64
cli/apps/plugin.yaml
cli/secret/
cli/secret/v0.11.1/
cli/secret/v0.11.1/tanzu-secret-linux_amd64
cli/secret/plugin.yaml
cli/services/
cli/services/plugin.yaml
cli/services/v0.1.1/
cli/services/v0.1.1/tanzu-services-linux_386
cli/services/v0.1.1/tanzu-services-linux_amd64

root@tanzu-virtual-machine:/home/tanzu/101# install cli/core/v0.11.1/tanzu-core-linux_amd64 /usr/local/bin/tanzu
root@tanzu-virtual-machine:/home/tanzu/101# tanzu version
version: v0.11.1
buildDate: 2022-02-14
sha: 4d578570

root@tanzu-virtual-machine:/home/tanzu/101# tanzu plugin clean
root@tanzu-virtual-machine:/home/tanzu/101# ls
cli  pivnet-linux-amd64-3.0.1  tanzu-framework-linux-amd64.tar
root@tanzu-virtual-machine:/home/tanzu/101# tanzu plugin install --local cli all
Installing plugin 'package:v0.11.1'
Installing plugin 'secret:v0.11.1'
Installing plugin 'apps:v0.4.1'
Installing plugin 'accelerator:v1.0.1'
Installing plugin 'services:v0.1.1'
✔  successfully installed 'all' plugin
root@tanzu-virtual-machine:/home/tanzu/101# tanzu plugin list
  NAME                DESCRIPTION                                                        SCOPE       DISCOVERY  VERSION  STATUS
  login               Login to the platform                                              Standalone  default    v0.11.1  not installed
  management-cluster  Kubernetes management-cluster operations                           Standalone  default    v0.11.1  not installed
  package             Tanzu package management                                           Standalone  default    v0.11.1  installed
  pinniped-auth       Pinniped authentication operations (usually not directly invoked)  Standalone  default    v0.11.1  not installed
  secret              Tanzu secret management                                            Standalone  default    v0.11.1  installed
  accelerator         Manage accelerators in a Kubernetes cluster                        Standalone             v1.0.1   installed
  apps                Applications on Kubernetes                                         Standalone             v0.4.1   installed
  services            Discover Service Types and manage Service Instances (ALPHA)        Standalone             v0.1.1   installed
root@tanzu-virtual-machine:/home/tanzu/101# tanzu init
Checking for required plugins...
Installing plugin 'login:v0.11.1'
Installing plugin 'management-cluster:v0.11.1'
Installing plugin 'pinniped-auth:v0.11.1'
Successfully installed all required plugins
✔  successfully initialized CLI
root@tanzu-virtual-machine:/home/tanzu/101# tanzu plugin list
  NAME                DESCRIPTION                                                        SCOPE       DISCOVERY  VERSION  STATUS
  login               Login to the platform                                              Standalone  default    v0.11.1  installed
  management-cluster  Kubernetes management-cluster operations                           Standalone  default    v0.11.1  installed
  package             Tanzu package management                                           Standalone  default    v0.11.1  installed
  pinniped-auth       Pinniped authentication operations (usually not directly invoked)  Standalone  default    v0.11.1  installed
  secret              Tanzu secret management                                            Standalone  default    v0.11.1  installed
  services            Discover Service Types and manage Service Instances (ALPHA)        Standalone             v0.1.1   installed
  accelerator         Manage accelerators in a Kubernetes cluster                        Standalone             v1.0.1   installed
  apps                Applications on Kubernetes

增加 TAP package 仓库

  • 登陆工作负载集群创建 Tanzu Network secret

# 设置Tanzu Network 账户、密码、REGISTRY环境变量
 root@tanzu-virtual-machine:~/.kube# export INSTALL_REGISTRY_USERNAME=yanglu@vmware.com
 root@tanzu-virtual-machine:~/.kube# export INSTALL_REGISTRY_PASSWORD=xxxx
 root@tanzu-virtual-machine:~/.kube# export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com
#创建命名空间tap-install
 root@tanzu-virtual-machine:~/.kube# kubectl create ns tap-install
namespace/tap-install created
#创建tap-registry 
 root@tanzu-virtual-machine:~/.kube#  tanzu secret registry add tap-registry  --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD}  --server ${INSTALL_REGISTRY_HOSTNAME} --export-to-all-namespaces --yes --namespace tap-install
I0219 16:43:46.206467   18940 request.go:665] Waited for 1.038784888s due to client-side throttling, not priority and fairness, request: GET:https://192.168.110.15:6443/apis/stats.antrea.io/v1alpha1?timeout=32s
Warning: By choosing --export-to-all-namespaces, given secret contents will be available to ALL users in ALL namespaces. Please ensure that included registry credentials allow only read-only access to the registry with minimal necessary scope.

/ Adding registry secret 'tap-registry'...
 Added registry secret 'tap-registry' into namespace 'tap-install'
 Exported registry secret 'tap-registry' to all namespaces
  • 增加TAP package仓库

root@tanzu-virtual-machine:~/.kube# tanzu package repository add tanzu-tap-repository    --url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.0.1 --namespace tap-install
- Adding package repository 'tanzu-tap-repository' I0219 16:44:51.594500   18982 request.go:665] Waited for 1.027877524s due to client-side throttling, not priority and fairness, request: GET:https://192.168.110.15:6443/apis/data.packaging.carvel.dev/v1alpha1?timeout=32s
- Adding package repository 'tanzu-tap-repository'
| Validating provided settings for the package repository
| Creating package repository resource
/ Waiting for 'PackageRepository' reconciliation for 'tanzu-tap-repository'
- 'PackageRepository' resource install status: Reconciling


Added package repository 'tanzu-tap-repository' in namespace 'tap-install'

#确认增加的仓库版本
 root@tanzu-virtual-machine:~/.kube# tanzu package repository get tanzu-tap-repository --namespace tap-install
- Retrieving repository tanzu-tap-repository... I0219 16:47:12.954389   19165 request.go:665] Waited for 1.027390511s due to client-side throttling, not priority and fairness, request: GET:https://192.168.110.15:6443/apis/node.k8s.io/v1?timeout=32s
/ Retrieving repository tanzu-tap-repository...
NAME:          tanzu-tap-repository
VERSION:       24238
REPOSITORY:    registry.tanzu.vmware.com/tanzu-application-platform/tap-packages
TAG:           1.0.1
STATUS:        Reconcile succeeded
REASON:

准备TAP profile文件

tap.tanzu.vmware.com package 会根据 profile 配置文件设置安装预定义的软件包集。当前支持 Full Profile 和 Light Profile 两种配置文件,本次测试采用 Full Profile参考

root@tanzu-virtual-machine:~/.kube# cat tap-values.yml.bak3
profile: full
ceip_policy_disclosed: true # Installation fails if this is set to 'false'
buildservice:
  kp_default_repository: harbor.xxxx.cn/tbs/test 
  kp_default_repository_username: admin
  kp_default_repository_password: Harbor12345
  tanzunet_username: yanglu@vmware.com
  tanzunet_password: xxxx
supply_chain: basic
ootb_supply_chain_basic:
  service_account: default
  registry:
    server: harbor.huaruicloud.cn
    repository: tbs/test
  gitops:
    ssh_secret: ""
ootb_supply_chain_testing:
  service_account: default
  registry:
    server: harbor.huaruicloud.cn
    repository: tbs/test
ootb_supply_chain_testing_scanning:
  service_account: default
  registry:
    server: harbor.huaruicloud.cn
    repository: tbs/test
  gitops:
    ssh_secret: ""
  cluster_builder: default
grype:
  namespace: "tap-install"
  targetImagePullSecret: "registry-credentials"
learningcenter:
  ingressDomain: localhost

tap_gui:
  service_type: LoadBalancer
  # Existing tap-values.yml above
  app_config:
    app:
      baseUrl: http://localhost:7000
    integrations:
      github: # Other integrations available see NOTE below
        - host: github.com
          token: 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
    catalog:
      locations:
      - type: url
        target: https://github.com/284946040/tanzuapp/blob/main/catalog-info.yaml
    backend:
      baseUrl: http://localhost:7000
      cors:
        origin: http://localhost:7000
contour:
  envoy:
    service:
      type: LoadBalancer

full profile备注:

  1. Harbor相关信息

   kp_default_repository: harbor.xxxx.cn/tbs/test

   kp_default_repository_username: admin

   kp_default_repository_password: Harbor12345

  1. Tanzu network信息

   tanzunet_username: yanglu@vmware.com

   tanzunet_password: xxxx

  1. Github相关信息,登陆 Github 获取 token

05fd36c7dafe76f4a4affaa21a82c67b.png
github: # Other integrations available see NOTE below
        - host: github.com
          token: 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

TAP 1.0.1 安装

  • 本次测试 Full Profile 为tap-values.yml.bak3,执行安装

root@tanzu-virtual-machine:~/.kube# tanzu package install tap -p tap.tanzu.vmware.com -v 1.0.1 --values-file tap-values.yml.bak3 -n tap-install
- Installing package 'tap.tanzu.vmware.com' I0223 10:57:02.182699   22520 request.go:665] Waited for 1.030847213s due to client-side throttling, not priority and fairness, request: GET:https://192.168.110.44:6443/apis/discovery.k8s.io/v1?timeout=32s
/ Installing package 'tap.tanzu.vmware.com'
/ Getting package metadata for 'tap.tanzu.vmware.com'
| Creating service account 'tap-tap-install-sa'
| Creating cluster admin role 'tap-tap-install-cluster-role'
| Creating cluster role binding 'tap-tap-install-cluster-rolebinding'
| Creating secret 'tap-tap-install-values'
| Creating package resource
/ Waiting for 'PackageInstall' reconciliation for 'tap'
- 'PackageInstall' resource install status: Reconciling

Please consider using 'tanzu package installed update' to update the installed package with correct settings
\ 'PackageInstall' resource install status: Reconciling

Error: timed out waiting for the condition
Error: exit status 1

✖  exit status 1

备注:由于 TKGm 集群系统部署环境性能缘故,可能超时退出,可以直接等待安装成功

  • 查看是否安装成功 DESCRIPTION 显示成功即组件安装成功

root@tanzu-virtual-machine:~/.kube# kubectl get app -A
NAMESPACE     NAME                                DESCRIPTION           SINCE-DEPLOY   AGE
tap-install   accelerator                         Reconcile succeeded   16m            16m
tap-install   api-portal                          Reconcile succeeded   22s            23m
tap-install   appliveview                         Reconcile succeeded   4m37s          17m
tap-install   appliveview-conventions             Reconcile succeeded   4m34s          17m
tap-install   buildservice                        Reconcile succeeded   3m38s          23m
tap-install   cartographer                        Reconcile succeeded   7m44s          20m
tap-install   cert-manager                        Reconcile succeeded   9m34s          23m
tap-install   cnrs                                Reconcile succeeded   3m55s          16m
tap-install   contour                             Reconcile succeeded   6m11s          20m
tap-install   conventions-controller              Reconcile succeeded   7m14s          20m
tap-install   developer-conventions               Reconcile succeeded   4m19s          17m
tap-install   fluxcd-source-controller            Reconcile succeeded   68s            23m
tap-install   grype                               Reconcile succeeded   7m46s          18m
tap-install   image-policy-webhook                Reconcile succeeded   8m33s          20m
tap-install   learningcenter                      Reconcile succeeded   16m            16m
tap-install   learningcenter-workshops            Reconcile succeeded   3m27s          3m41s
tap-install   metadata-store                      Reconcile succeeded   5m53s          20m
tap-install   ootb-delivery-basic                 Reconcile succeeded   6m14s          17m
tap-install   ootb-supply-chain-basic             Reconcile succeeded   6m29s          17m
tap-install   ootb-templates                      Reconcile succeeded   7m13s          18m
tap-install   scanning                            Reconcile succeeded   8m44s          23m
tap-install   service-bindings                    Reconcile succeeded   79s            23m
tap-install   services-toolkit                    Reconcile succeeded   7s             23m
tap-install   source-controller                   Reconcile succeeded   68s            23m
tap-install   spring-boot-conventions             Reconcile succeeded   6m16s          17m
tap-install   tap                                 Reconcile succeeded   3m21s          24m
tap-install   tap-gui                             Reconcile succeeded   16m            16m
tap-install   tap-telemetry                       Reconcile succeeded   79s            23m
tap-install   tekton-pipelines                    Reconcile succeeded   16s            23m
tkg-system    antrea                              Reconcile succeeded   5m29s          41m
tkg-system    load-balancer-and-ingress-service   Reconcile succeeded   81s            41m
tkg-system    metrics-server                      Reconcile succeeded   79s            41m
tkg-system    vsphere-cpi                         Reconcile succeeded   84s            41m
tkg-system    vsphere-csi                         Reconcile succeeded   76s            41m
  • 查看 tap-gui server 真实的LoadBalancer IP,用来web访问

查看 tap-gui server 真实的LoadBalancer IP 为192.168.110.228

#  kubectl get svc -n tap-gui
NAME     TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)          AGE
server   LoadBalancer   100.68.18.227   192.168.110.228   7000:30624/TCP   5h6m
  • 更新Full Profile tap-values.yml.bak3文件的baseUrl信息

更新http://localhost 为tap-gui server真实的LoadBalancer IP为192.168.110.228

tap_gui:
  service_type: LoadBalancer
  # Existing tap-values.yml above
  app_config:
    app:
      baseUrl: http://192.168.110.228:7000
    integrations:
      github: # Other integrations available see NOTE below
        - host: github.com
          token: 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
    catalog:
      locations:
      - type: url
        target: https://github.com/dineshtripathi30/tanzuapp/blob/main/blank/catalog-info.yaml
    backend:
      baseUrl: http://192.168.110.228:7000
      cors:
        origin: http://192.168.110.228:7000
  • 执行更新tap profle配置

root@tanzu-virtual-machine:~/.kube# tanzu package installed update tap -p tap.tanzu.vmware.com -v 1.0.1 --values-file tap-values.yml.bak3 -n tap-install

登陆配置 TAP Web图形用户界面

  • 使用 http://192.168.110.228:7000/ 登陆

ebaeffcd5535f6b79c2c360d3c91cf3c.png 0d4a688663f3b30a8c5e8a87c24eacf0.png 8554e042637f88ef773fd97222cf1cc8.png 0e24a719ebd65b22f4b3073640b13ed6.png 903a6263582dfa3f74b72207f1d8e266.png

设置 vscode IDE

当前版本支持 vscode IDE工具

  • 配置IDE Github插件并授权登陆到 Github

acf342a0c0f42a67772d51a95d3275e0.png 29e1de431c9eaa7e8fb221e6dbdccb65.png
  • 安装 Tanzu Developer Tools 插件(从 Tanzu netwrok 下载)

5dbef7739ccf8099a06923e94850b6ee.png 93e98b93262da3bb3408ec6a49cc62c3.png 6a433295233b2022f2c83a79f1016486.png

为开发者创建相关账户

在 TKGm 工作负载集群,为开发者创建相关账户

  • 工作负载集群增加 Harbor 仓库 secret

root@tanzu-virtual-machine:~/.kube# tanzu secret registry add registry-credentials --server harbor.xxx.cn --username admin --password Harbor12345  --namespace tap-install

kubectl get secrets tap-registry -o yaml 获得.dockerconfigjson

root@tanzu-virtual-machine:~/.kube# kubectl get secrets tap-registry -o yaml
apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS50YW56dS52bXdhcmUuY29tIjp7InVzZXJuYW1lIjoieWFuZ2x1QHZtd2FyZS5jb20iLCJwYXNzd29yZCI6IlBAc3N3ddJkIn19fQ==
kind: Secret
metadata:
  creationTimestamp: "2022-02-25T10:21:15Z"
  name: tap-registry
  namespace: tap-install
  resourceVersion: "5555"
  uid: c095690c-b96f-479f-95b2-58d49eb45c56
type: kubernetes.io/dockerconfigjson
  • 在tap-install命名空间为开发者创建账户

以下文件的 tap-registry 的 .dockerconfigjson: 来源 kubectl get secrets tap-registry -o yaml 获得.dockerconfigjson

root@tanzu-virtual-machine:~/.kube# cat <<EOF | kubectl -n tap-install apply -f -

apiVersion: v1
kind: Secret
metadata:
  name: tap-registry
  annotations:
    secretgen.carvel.dev/image-pull-secret: ""
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS50YW56dS52bXdhcmUuY29tIjp7InVzZXJuYW1lIjoieWFuZ2x1QHZtd2FyZS5jb20iLCJwYXNzd29yZCI6IlBAc3N3MddJkIn19fQ==

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
secrets:
  - name: registry-credentials
imagePullSecrets:
  - name: registry-credentials
  - name: tap-registry

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: default
rules:
- apiGroups: [source.toolkit.fluxcd.io]
  resources: [gitrepositories]
  verbs: ['*']
- apiGroups: [source.apps.tanzu.vmware.com]
  resources: [imagerepositories]
  verbs: ['*']
- apiGroups: [carto.run]
  resources: [deliverables, runnables]
  verbs: ['*']
- apiGroups: [kpack.io]
  resources: [images]
  verbs: ['*']
- apiGroups: [conventions.apps.tanzu.vmware.com]
  resources: [podintents]
  verbs: ['*']
- apiGroups: [""]
  resources: ['configmaps']
  verbs: ['*']
- apiGroups: [""]
  resources: ['pods']
  verbs: ['list']
- apiGroups: [tekton.dev]
  resources: [taskruns, pipelineruns]
  verbs: ['*']
- apiGroups: [tekton.dev]
  resources: [pipelines]
  verbs: ['list']
- apiGroups: [kappctrl.k14s.io]
  resources: [apps]
  verbs: ['*']
- apiGroups: [serving.knative.dev]
  resources: ['services']
  verbs: ['*']
- apiGroups: [servicebinding.io]
  resources: ['servicebindings']
  verbs: ['*']
- apiGroups: [services.apps.tanzu.vmware.com]
  resources: ['resourceclaims']
  verbs: ['*']
- apiGroups: [scanning.apps.tanzu.vmware.com]
  resources: ['imagescans', 'sourcescans']
  verbs: ['*']

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: default
subjects:
  - kind: ServiceAccount
    name: default

EOF

部署一个简单的web应用

  • 登陆 TAP Web 界面,使用加速器生成一个应用模版

06a56102765efc514421ec6f362edb6b.png 1c0f262060b09924f53d13fd7504ff11.png a70b937cb7faa7af9ce95ed976e71109.png 6101766eb17ae5fefc768338b8b78790.png b978b9bf28e3da5af3e24332e0f02a54.png
  • 下载到应用模版 bootstrap 解压

[tapn-admin@tapn|tap-install] root@tanzu-virtual-machine:/home/tanzu/tanzu-java-web-app# ls
accelerator.yaml  catalog  config  LICENSE  mvnw  mvnw.cmd  pom.xml  README.md  src  target  test  Tiltfil
  • 推送项目到 Github

6fccce114aaa68a5425c54bfa9787b41.png
  • 使用 vscode IDE 修改 web 应用,并提交到 https://github.com/284946040/tanzu-java-web-app

6f619da9d73feb8219c83e4cd5436406.png
  • 通过创建workload 可以自动完成cicd的实现从代码到容器运行的全流程

root@tanzu-virtual-machine:~/.kube# tanzu apps workload create tanzu-java-web-app --git-repo https://github.com/284946040/tanzu-java-web-app --git-branch main --type web --label app.kubernetes.io/part-of=tanzu-java-web-app --yes
Create workload:
      1 + |---
      2 + |apiVersion: carto.run/v1alpha1
      3 + |kind: Workload
      4 + |metadata:
      5 + |  labels:
      6 + |    app.kubernetes.io/part-of: tanzu-java-web-app
      7 + |    apps.tanzu.vmware.com/workload-type: web
      8 + |  name: tanzu-java-web-app
      9 + |  namespace: tap-install
     10 + |spec:
     11 + |  source:
     12 + |    git:
     13 + |      ref:
     14 + |        branch: main
     15 + |      url: https://github.com/284946040/tanzu-java-web-app

Created workload "tanzu-java-web-app"
  • 自动户触发 CICD 流水线

[tapn-admin@tapn|tap-install] root@tanzu-virtual-machine:/home/tanzu# tanzu apps workload tail tanzu-java-web-app
+ tanzu-java-web-app-build-1-build-pod › prepare
+ tanzu-java-web-app-build-1-build-pod › restore
+ tanzu-java-web-app-build-1-build-pod › detect
+ tanzu-java-web-app-build-1-build-pod › analyze
+ tanzu-java-web-app-build-1-build-pod › build
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-autoconfigure/2.5.8/spring-boot-autoconfigure-2.5.8.jar (1.6 MB at 459 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/xmlunit/xmlunit-core/2.8.4/xmlunit-core-2.8.4.jar (170 kB at 47 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-devtools/2.5.8/spring-boot-devtools-2.5.8.jar (232 kB at 63 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO]
tanzu-java-web-app-build-1-build-pod[build]       [INFO] --- spring-boot-maven-plugin:2.5.8:build-info (default) @ demo ---
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-buildpack-platform/2.5.8/spring-boot-buildpack-platform-2.5.8.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-buildpack-platform/2.5.8/spring-boot-buildpack-platform-2.5.8.pom (3.4 kB at 18 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/net/java/dev/jna/jna-platform/5.7.0/jna-platform-5.7.0.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/net/java/dev/jna/jna-platform/5.7.0/jna-platform-5.7.0.pom (1.8 kB at 9.7 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/net/java/dev/jna/jna/5.7.0/jna-5.7.0.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/net/java/dev/jna/jna/5.7.0/jna-5.7.0.pom (1.6 kB at 8.5 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 105 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 415 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.pom (6.6 kB at 36 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-client/4.5.13/httpcomponents-client-4.5.13.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-client/4.5.13/httpcomponents-client-4.5.13.pom (16 kB at 89 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-parent/11/httpcomponents-parent-11.pom (35 kB at 185 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.pom
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.pom (5.0 kB at 27 kB/s)
tanzu-java-web-app-build-1-build-pod[build]       [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/httpcomponents/httpcomponents-core/4.4.13/httpcomponents-core-4.4.13.pom
  • CICD 流水线完成源代码编译、打包、镜像、部署

[tapn-admin@tapn|tap-install] root@tanzu-virtual-machine:/home/tanzu# tanzu apps workload get tanzu-java-web-app
# tanzu-java-web-app: Ready
---
lastTransitionTime: "2022-02-25T16:12:40Z"
message: ""
reason: Ready
status: "True"
type: Ready

Workload pods
NAME                                                 STATUS      RESTARTS   AGE
tanzu-java-web-app-00001-deployment-998b8c55-grrvn   Running     0          34s
tanzu-java-web-app-build-1-build-pod                 Succeeded   0          6m2s
tanzu-java-web-app-config-writer-mkz7v-pod           Succeeded   0          2m46s

Workload Knative Services
NAME                 READY   URL
tanzu-java-web-app   Ready   http://tanzu-java-web-app.tap-install.example.com

[tapn-admin@tapn|tap-install] root@tanzu-virtual-machine:/home/tanzu#  kubectl get pod,gitrepo,imgs,build,podintent,taskrun,imagerepository,ksvc,certificate -n tap-install -owide

NAME                                                     READY   STATUS        RESTARTS   AGE     IP            NODE                         NOMINATED NODE   READINESS GATES
pod/tanzu-java-web-app-00001-deployment-998b8c55-grrvn   1/2     Terminating   0          104s    100.96.3.49   tapn-md-0-5cd4d468f5-twwjl   <none>           <none>
pod/tanzu-java-web-app-build-1-build-pod                 0/1     Completed     0          7m12s   100.96.2.66   tapn-md-0-5cd4d468f5-5zt25   <none>           <none>
pod/tanzu-java-web-app-config-writer-mkz7v-pod           0/1     Completed     0          3m56s   100.96.2.67   tapn-md-0-5cd4d468f5-5zt25   <none>           <none>

NAME                                                        URL                                               READY   STATUS                                                            AGE
gitrepository.source.toolkit.fluxcd.io/tanzu-java-web-app   https://github.com/284946040/tanzu-java-web-app   True    Fetched revision: main/2a5e4981d03226a91a0b3dd6dee45c546ee58166   7m17s

NAME                                LATESTIMAGE                                                                                                                             READY
image.kpack.io/tanzu-java-web-app   harbor.huaruicloud.cn/tbs/test/tanzu-java-web-app-tap-install@sha256:79d45c12ff61ad87191bd082595e215db75c93f365add93fdde05658d097c973   True

NAME                                        IMAGE                                                                                                                                   SUCCEEDED
build.kpack.io/tanzu-java-web-app-build-1   harbor.huaruicloud.cn/tbs/test/tanzu-java-web-app-tap-install@sha256:79d45c12ff61ad87191bd082595e215db75c93f365add93fdde05658d097c973   True

NAME                                                             READY   REASON   AGE
podintent.conventions.apps.tanzu.vmware.com/tanzu-java-web-app   True             4m12s

NAME                                                        SUCCEEDED   REASON      STARTTIME   COMPLETIONTIME
taskrun.tekton.dev/tanzu-java-web-app-config-writer-mkz7v   True        Succeeded   3m56s       2m56s

NAME                                                                       IMAGE                                                                                                       URL                                                                                                                                                                                                                  READY   REASON   AGE
imagerepository.source.apps.tanzu.vmware.com/tanzu-java-web-app-delivery   harbor.huaruicloud.cn/tbs/test/tanzu-java-web-app-tap-install-bundle:4383ca7b-fb81-4c31-8392-81ce94d1dcc8   http://source-controller-manager-artifact-service.source-system.svc.cluster.local./imagerepository/tap-install/tanzu-java-web-app-delivery/a84ed682c64a20c19034b9e1f109e10a4c056949ac232418fcb0d4b2f142a093.tar.gz   True             7m9s

NAME                                             URL                                                 LATESTCREATED              LATESTREADY                READY   REASON
service.serving.knative.dev/tanzu-java-web-app   http://tanzu-java-web-app.tap-install.example.com   tanzu-java-web-app-00001   tanzu-java-web-app-00001   True
[tapn-admin@tapn|tap-install] root@tanzu-virtual-machine:/home/tanzu#
[tapn-admin@tapn|tap-install] root@tanzu-virtual-machine:/home/tanzu#
  • 访问应用地址 http://tanzu-java-web-app.tap-install.example.com

备注:查看 envoy  地址,在访问机器上或者 dns 添加相应的解析 (后续可以使用自动更新 dns extenddns )

[tapn-admin@tapn|tap-install] root@tanzu-virtual-machine:/home/tanzu# kubectl get svc -n tanzu-system-ingress
NAME      TYPE           CLUSTER-IP       EXTERNAL-IP       PORT(S)                      AGE
contour   ClusterIP      100.69.152.147   <none>            8001/TCP                     5h52m
envoy     LoadBalancer   100.69.89.150    192.168.110.227   80:32644/TCP,443:30002/TCP   5h52m
  • Web 浏览器访问部署完成的应用

0a8be11956b992cd9dcb40f91aba5920.png

TAP 快速安装本文介绍完成,后续会重点介绍软件供应链编排实现 DevSecOps 等功能。


要想了解云原生、机器学习和区块链等技术原理,请立即长按以下二维码,关注本公众号亨利笔记 ( henglibiji ),以免错过更新。

0a56b46c4348d13542a427a66f1b6430.png

  • 0
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值