This repository contains scripts to install Tanzu Application Platform (TAP) on Docker Desktop Kubernetes. It enables a single-user TAP deployment for experimentation and educational purposes.
To complete the installation, you need to have the following ready:
-
Docker Desktop with Kubernetes turned on. You can probably use Minikube if you wish. Contributions documenting how to use the scripts in this repository with Minikube are welcome.
-
Username and password for the Tanzu Network that can be used to access the Tanzu container registry where all the container images for TAP are stored. You need to accept the EULA (see docs) otherwise, your container image pulls will fail.
-
A container registry where you can publish container images, such as GitHub Packages, Google Artifact Registry, Azure Container Registry, or Harbor.
-
A GitHub OAuth application configured to allow login to the TAP deployment. You will need the client ID and client secret.
-
A variety of common CLI tools installed. You probably have them. If not, you can easily install them.
00-validate-clis-are-installed.sh
script checks your system to see if it has the right CLIs installed. -
(Optional) A DNS domain that points to 127.0.0.1. You can use *.local.tanzu.ca if you don't have your own domain. By having a wildcard DNS entry that points back to localhost, we can end up with a domain name such as tap-gui.tap.local.tanzu.ca that works on the laptop running TAP on Docker Desktop. If you don't have a DNS server, you can just use local.tanzu.ca.
- Carvel Tools
- Tanzu CLI - Tanzu CLI tool
- kubectl - k8s CLI tool
- jq - JSON CLI processor (querying and parsing)
- socat - SOcket CAT, multipurpose relay
brew tap vmware-tanzu/carvel
brew install ytt kbld kapp kwt imgpkg vendir kctrl
brew install kubernetes-cli
brew install jq
brew install socat
brew tap vmware-tanzu/carvel
brew install tanzu-cli
tanzu plugin install --group vmware-tap/default
By default, TAP deploys the Contour ingress controller using a Kubernetes LoadBalancer service. To avoid problems with the LoadBalancer service on a dev machine running Docker Desktop or Minikube, we change the configuration of TAP to use a NodePort Service instead.
Once TAP is up and running, it will be exposed on two random port numbers selected by
Kubernetes. You can run the script 05-proxy-traffic.sh
, which maps ports 80 and 443
on your machine to the NodePort values selected by Kubernetes. The script uses
the socat
utility.
If you use the default tap.local.tanzu.ca
base domain, then you can find the TAP GUI
at https://tap-gui.tap.local.tanzu.ca.
The installation process is done via a series of scripts located at the root of the repository. The scripts are idempotent; you can run them multiple times, and they should pick up where they left off.
-
Run the script
00-validate-clis-are-installed.sh
to check that all the required CLIs are installed on your machine. -
Copy the
config/settings-template.sh
file toconfig/settings.sh
. -
Edit the
config/settings.sh
file with your own values. There are many comments insettings.sh
to guide you along. -
Run the script
01-validate-registry-access-and-credentials.sh
to check that the TAP registry and the workload registry can be accessed from your machine. -
Run the script
02-install-cluster-essentials.sh
to install kapp-controller and SecretGen controller on your cluster. -
Run the script
03-configure-tap-install-namespace.sh
to prepare the tap-install namespace. -
Run the script
04-install-tap.sh
to install all the TAP packages. This will take 5 to 15 minutes depending on your internet connection speed and the amount of resources available to your Docker Desktop Kubernetes. You can monitor progress by running the script20-debug-watch-package-installs.sh
. -
When all the TAP packages are reconciled, run the script
05-proxy-traffic.sh
to map ports 80 and 443 to the Contour ingress node ports. -
Optionally, install Spring Cloud Gateway using the scripts
06-install-spring-cloud-gateway.sh
and07-install-application-configuration-service.sh
.
-
Using your web browser, go to https://tap-gui.tap.local.tanzu.ca. If you picked a different base domain, use that. You will receive a warning from the browser because the installation is using a self-signed certificate; ignore those warnings.
-
Log in to the TAP GUI using your GitHub ID. If you have issues here, it is probably because the GitHub OAuth app is misconfigured, or you don't have the correct client ID and secret. Check those settings and try again.
-
The
dev
folder contains a namespace labeled for TAP namespace provisioner. Runkubectl apply -f dev/namespace.yaml
to create the namespace. -
To deploy a demo workload, open the file
dev/workload.yaml
and follow the instructions in the comments at the bottom of the file. The first time you deploy a workload, it will take more time while things are initialized and warmed up. -
When the deployment is done, you can register the software catalog entity for it using the URL
https://github.com/asaikali/tanzu-java-web-app/blob/main/catalog/catalog-info.yaml
or your own catalog entry. After registration, you can navigate to the app in the software catalog, and everything should work just fine, such as app live view, etc.
-
run the command
09-install-tas-adapter.sh
to install the TAS Adapter -
run the command
cf api api.tap.local.tanzu.ca --skip-ssl-validation
to point the cf cli at the TAS adapter -
run the command
cf login
and it will log you in -
create an org using the command
cf create-org test
-
target the org with
cf target -o test
-
create a dev space
cf create-space -o test dev
-
cf target -s dev
-
Clone the default cf sample app
git clone https://github.com/cloudfoundry-samples/spring-music
-
Compile the app with
./gradlew build
-
deploy the app with
cf push
There is a set of scripts starting in the 20 range that you can use to debug the state of the installation.
-
20-debug-watch-package-installs.sh
puts a watch on the package installs; you can use it to monitor the progress or deletion of a TAP cluster. -
21-debug-dump-all-kubernetes-objects.sh
prints out every Kubernetes object in the cluster other than events and objects in the system namespaces that start withkube
in their name. -
22-debug-dump-package-bundles.sh
will dump out all the Carvel packages that are part of the TAP package repository or any other package repository in thetap-install
namespace. The packages are written to theworkspace/packages
folder. When you run into issues during the install, inspecting the source code in the Carvel package can help you understand the root cause of the issue you are troubleshooting. -
23-debug-dump-cartographer-objects.sh
will dump out all the components of the supply chain configured on the TAP installation. You can also look at the source code of the supply chains in theworkspace/packages
folder by locating the packages of the supply chain you are interested in.
- You can delete the installation by running the script
30-delete-tap.sh
, or if you prefer, you can just reset the Kubernetes cluster in Docker Desktop.
config/
contains configuration files for deploying tapdev/
contains sample workload and k8s yaml file to get startedworkspace/
used by the scripts to store temporary state, you will find many interesting things in this folder as you run the scripts