VMware/TAP
Jump to navigation
Jump to search
Setup VS Code
In CMD:
pscp [email protected]:/root/.kube/config . kubectl port-forward service/acc-server -n accelerator-system 8877:80
Install Tanzu Application Platform
Set Environment Variables
export IMGPKG_REGISTRY_HOSTNAME=harbor.dersllc.com export IMGPKG_REGISTRY_USERNAME=admin export IMGPKG_REGISTRY_PASSWORD=<PASSWORD> export TAP_VERSION=1.3.0 export REGISTRY_CA_PATH=/root/ders-ca.crt
Export and Import the Package Repo for Air-Gapped Environments
Setup the TAP Repository
kubectl config use-context tap-admin@tap
#tanzu package repository delete -n tap-install tanzu-tap-repository --yes
kubectl create ns tap-install
tanzu secret registry add tap-registry \
--server $IMGPKG_REGISTRY_HOSTNAME \
--username $IMGPKG_REGISTRY_USERNAME \
--password $IMGPKG_REGISTRY_PASSWORD \
--namespace tap-install \
--export-to-all-namespaces \
--yes
kubectl create secret docker-registry registry-credentials \
--docker-server=${IMGPKG_REGISTRY_HOSTNAME} \
--docker-username=${IMGPKG_REGISTRY_USERNAME} \
--docker-password=${IMGPKG_REGISTRY_PASSWORD} \
-n tap-install
tanzu package repository add tanzu-tap-repository \
--url $IMGPKG_REGISTRY_HOSTNAME/tap-$TAP_VERSION/tap-packages:$TAP_VERSION \
--namespace tap-install
tanzu package repository get tanzu-tap-repository --namespace tap-install
Prep for Grype Scanner
kubectl create configmap grype-ca -n default --from-file=ca.crt=/data/certs/ca.crt curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/grype-db/grype-airgap-secret.yaml > grype-airgap-secret.yaml kubectl apply -f grype-airgap-secret.yaml -n tap-install curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/grype-db/grype-ca-overlay.yaml > grype-ca-overlay.yaml kubectl apply -f grype-ca-overlay.yaml -n tap-install
Install TAP
curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/tap-values-FULL.yaml > tap-values.yaml #vi tap-values.yaml tanzu package install tap -p tap.tanzu.vmware.com -v $TAP_VERSION --values-file tap-values.yaml -n tap-install kubectl get packageinstall -n tap-install
Install Full Build Service Dependancies Package
tanzu package available list buildservice.tanzu.vmware.com --namespace tap-install
export TBS_VERSION='1.7.2'
#####Export and Import Full Dep Containers
#imgpkg copy -b registry.tanzu.vmware.com/tanzu-application-platform/full-tbs-deps-package-repo:$TBS_VERSION \
--to-tar=tbs-full-deps.tar
#imgpkg copy --tar tbs-full-deps.tar \
--to-repo=${IMGPKG_REGISTRY_HOSTNAME}/tbs-$TBS_VERSION/tbs-full-deps
tanzu package repository add tbs-full-deps-repository \
--url ${IMGPKG_REGISTRY_HOSTNAME}/tbs-$TBS_VERSION/tbs-full-deps:$TBS_VERSION \
--namespace tap-install
tanzu package install full-tbs-deps -p full-tbs-deps.tanzu.vmware.com -v $TBS_VERSION -n tap-install
Install OOTB Testing and Scanning Package
#curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/grype-db/scan-values.yaml > scan-values.yaml curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/ootb-supply-chain-testing-scanning-values.yaml > scan-values.yaml tanzu package install ootb-supply-chain-testing-scanning -p ootb-supply-chain-testing-scanning.tanzu.vmware.com -v 0.10.2 -n tap-install --values-file scan-values.yaml
Fix the Metadata Service
kubectl get secret $(kubectl get sa -n metadata-store metadata-store-read-write-client -o json | jq -r '.metadata.name') -n metadata-store -o json | jq -r '.data.token' | base64 -d
#add the following to the tap-values.yaml
tap_gui:
service_type: ClusterIP
ingressEnabled: "true"
app_config:
#auth:
#environment: development
#providers:
#gitlab:
#development:
#clientId: "22b23986fb7218abd7914d2ac2f03e6be740f59cdd7c4c73fc34179efa5a5cd3"
#clientSecret: "01888711c86de528a8a90b38259dd346d74601e1351d35b8b7bdb07200cceee4"
#audience: "https://ders-gitlab.dersllc.com"
proxy:
/metadata-store:
target: https://metadata-store-app.metadata-store:8443/api/v1
changeOrigin: true
secure: false
headers:
Authorization: "Bearer <TOKEN FROM PREVIOUS STEP>"
X-Custom-Source: project-star
tanzu package install tap -p tap.tanzu.vmware.com -v $TAP_VERSION --values-file tap-values.yaml -n tap-install
Install the Apps Plug-in for the Tanzu CLI
wget https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/tanzu-apps-plugin-linux-amd64-v0.11.1.tar.gz tar -zxvf tanzu-apps-plugin-linux-amd64-v0.11.1.tar.gz -C tap-cli/ tanzu plugin install apps -l tap-cli
Deploy Workloads
Tanzu Java Web App (Basic Supply Chain)
Prepare Namespace
curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/prep-cluster.yaml > prep-cluster.yaml kubectl apply -f prep-cluster.yaml curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/prep-default-ns.yaml > prep-default-ns.yaml kubectl apply -f prep-default-ns.yaml curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt > /data/ders-ca.crt curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer >> /data/ders-ca.crt kubectl create configmap grype-ca -n default --from-file=ca.crt=/data/ders-ca.crt
Create Workload in TAP
#Download Workload File curl --insecure https://ders-gitlab.dersllc.com/ders/tanzu-java-web-app/-/raw/main/config/workload.yaml > tanzu-java-web-app-workload.yaml #Delete Workload tanzu apps workload delete tanzu-java-web-app --yes #Create Workload tanzu apps workload create -f tanzu-java-web-app-workload.yaml --yes #Continuously View Workload watch tanzu apps workload get tanzu-java-web-app
Tanzu Java Web App (Test / Scan Supply Chain)
Prepare Namespace
curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/prep-cluster.yaml > prep-cluster.yaml k apply -f prep-cluster.yaml curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/prep-default-ns.yaml > prep-default-ns.yaml k apply -f prep-default-ns.yaml curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt > /data/ders-ca.crt curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer >> /data/ders-ca.crt kubectl create configmap grype-ca -n default --from-file=ca.crt=/data/ders-ca.crt
Create Workload in TAP
#Download Workload File curl --insecure https://ders-gitlab.dersllc.com/ders/tanzu-java-web-app/-/raw/scan-branch/config/workload-scan.yaml > tanzu-java-web-app-workload-scan.yaml #Delete Workload tanzu apps workload delete tanzu-java-web-app-scan --yes #Create Workload tanzu apps workload create -f tanzu-java-web-app-workload-scan.yaml --yes #Continuously View Workload watch tanzu apps workload get tanzu-java-web-app-scan
Hungryman (Where for Dinner)
Prepare Namespace
curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/prep-cluster.yaml > prep-cluster.yaml k apply -f prep-cluster.yaml curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TAP/prep-workloads-ns.yaml > prep-workloads-ns.yaml k apply -f prep-workloads-ns.yaml curl https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt > /data/ders-ca.crt curl https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer >> /data/ders-ca.crt kubectl create configmap grype-ca -n workloads --from-file=ca.crt=/data/ders-ca.crt
Create Workloads in TAP
#Download Workload Files curl --insecure https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/raw/main/where-for-dinner-api-gateway/config/workload.yaml > where-for-dinner-api-gateway-workload.yaml curl --insecure https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/raw/main/where-for-dinner-availability/config/workload.yaml > where-for-dinner-availability-workload.yaml curl --insecure https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/raw/main/where-for-dinner-crawler/config/workload.yaml > where-for-dinner-crawler-workload.yaml curl --insecure https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/raw/main/where-for-dinner-notify/config/workload.yaml > where-for-dinner-notify-workload.yaml curl --insecure https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/raw/main/where-for-dinner-search-proc/config/workload.yaml > where-for-dinner-search-proc-workload.yaml curl --insecure https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/raw/main/where-for-dinner-search/config/workload.yaml > where-for-dinner-search-workload.yaml curl --insecure https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/raw/main/where-for-dinner-ui/config/workload.yaml > where-for-dinner-ui-workload.yaml #Delete Workloads tanzu apps workload delete -n workloads where-for-dinner --yes tanzu apps workload delete -n workloads where-for-dinner-availability --yes tanzu apps workload delete -n workloads where-for-dinner-crawler --yes tanzu apps workload delete -n workloads where-for-dinner-notify --yes tanzu apps workload delete -n workloads where-for-dinner-search-proc --yes tanzu apps workload delete -n workloads where-for-dinner-search --yes tanzu apps workload delete -n workloads where-for-dinner-ui --yes #Create Workloads tanzu apps workload create -f where-for-dinner-api-gateway-workload.yaml --yes tanzu apps workload create -f where-for-dinner-availability-workload.yaml --yes tanzu apps workload create -f where-for-dinner-crawler-workload.yaml --yes tanzu apps workload create -f where-for-dinner-notify-workload.yaml --yes tanzu apps workload create -f where-for-dinner-search-proc-workload.yaml --yes tanzu apps workload create -f where-for-dinner-search-workload.yaml --yes tanzu apps workload create -f where-for-dinner-ui-workload.yaml --yes #View Workloads tanzu apps workload get -n workloads where-for-dinner tanzu apps workload get -n workloads where-for-dinner-availability tanzu apps workload get -n workloads where-for-dinner-crawler tanzu apps workload get -n workloads where-for-dinner-notify tanzu apps workload get -n workloads where-for-dinner-search-proc tanzu apps workload get -n workloads where-for-dinner-search tanzu apps workload get -n workloads where-for-dinner-ui
Register Repos with TAP
Tanzu Java Web App
https://ders-gitlab.dersllc.com/ders/tanzu-java-web-app/-/blob/main/catalog/catalog-info.yaml
Hungryman (Where for Dinner)
https://ders-gitlab.dersllc.com/ders/where-for-dinner/-/blob/main/catalog/catalog-info.yaml
Other Commands
IDE
= Setup Demo ENV
pscp [email protected]:/root/.kube/config C:\Users\ders\.kube\
Accelerator URL Setup (Port-Forward)
kubectl port-forward service/acc-server -n accelerator-system 8877:80
References
Supply Chain
GitOps vs. RegistryOps (Config Writer)
https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.3/tap/GUID-scc-gitops-vs-regops.html
ERRORS
Supply-Chain Image Scanner Step
error: scan job failed. logs: Error: Get "https://harbor.dersllc.com/v2/": x509: certificate signed by unknown authority
Make sure the grype-ca ConfigMap is in the desired namespace. Make sure the grype-ca-overlay secret is created. Make sure the grype-ca-overlay is referenced in the tap-values.yaml