This topic tells you how to install Tanzu Application Platform (commonly known as TAP) packages from your Tanzu Application Platform package repository on to Azure.
Before installing the packages, ensure you have:
- Completed the Prerequisites.
- Created Azure Resources.
- Accepted Tanzu Application Platform EULA and installed Tanzu CLI with any required plug-ins.
- Installed [Cluster Essentials for Tanzu](https://{{ vars.staging_toggle }}.vmware.com/en/Cluster-Essentials-for-VMware-Tanzu/{{ vars.url_version }}/cluster-essentials/deploy.html).
VMware recommends relocating the images from VMware Tanzu Network registry to your own container image registry before attempting installation. If you don't relocate the images, Tanzu Application Platform depends on VMware Tanzu Network for continued operation, and VMware Tanzu Network offers no uptime guarantees. The option to skip relocation is documented for evaluation and proof-of-concept only.
To relocate images from the VMware Tanzu Network registry to the ACR registry:
-
Set up environment variables for installation use by running:
# Set tanzunet as the source registry to copy the Tanzu Application Platform packages from. export IMGPKG_REGISTRY_HOSTNAME_0=registry.tanzu.vmware.com export IMGPKG_REGISTRY_USERNAME_0=MY-TANZUNET-USERNAME export IMGPKG_REGISTRY_PASSWORD_0=MY-TANZUNET-PASSWORD # The user’s registry for copying the Tanzu Application Platform package to. export IMGPKG_REGISTRY_HOSTNAME_1=$INSTALL_REGISTRY_HOSTNAME export IMGPKG_REGISTRY_USERNAME_1=$REGISTRY_NAME export IMGPKG_REGISTRY_PASSWORD_1=REGISTRY-PASSWORD # These environment variables starting with IMGPKG_* are used by the imgpkg command only. # The registry from which the Tanzu Application Platform package is retrieved. export INSTALL_REGISTRY_HOSTNAME=$REGISTRY_NAME.azurecr.io export TAP_VERSION=VERSION-NUMBER export INSTALL_REPO=tapimages
Where:
MY-TANZUNET-USERNAMEis the user with access to the images in the VMware Tanzu Network registryregistry.tanzu.vmware.comMY-TANZUNET-PASSWORDis the password forMY-TANZUNET-USERNAME.VERSION-NUMBERis your Tanzu Application Platform version. For example,{{ vars.tap_version }}
-
[Install the Carvel tool imgpkg CLI](https://{{ vars.staging_toggle }}.vmware.com/en/Cluster-Essentials-for-VMware-Tanzu/{{ vars.url_version }}/cluster-essentials/deploy.html#optionally-install-clis-onto-your-path).
-
Relocate the images with the
imgpkgCLI by running:imgpkg copy --concurrency 1 -b ${IMGPKG_REGISTRY_HOSTNAME_0}/tanzu-application-platform/tap-packages:${TAP_VERSION} --to-repo ${IMGPKG_REGISTRY_HOSTNAME_1}/${INSTALL_REPO} -
Create a namespace called
tap-installfor deploying any component packages by running:kubectl create ns tap-installThis namespace keeps the objects grouped together logically.
-
Create registry secret for the VMware Tanzu Network registry by running:
tanzu secret registry add tap-registry \ --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} \ --server ${INSTALL_REGISTRY_HOSTNAME} \ --export-to-all-namespaces --yes --namespace tap-install tanzu secret registry list --namespace tap-install
-
Add the Tanzu Application Platform package repository to the cluster by running:
tanzu package repository add tanzu-tap-repository \ --url ${INSTALL_REGISTRY_HOSTNAME}/full-deps-package-repo --namespace tap-install
-
Get the status of the Tanzu Application Platform package repository, and ensure the status updates to
Reconcile succeededby running:tanzu package repository get tanzu-tap-repository --namespace tap-installFor example:
$ tanzu package repository get tanzu-tap-repository --namespace tap-install - Retrieving repository tap... NAME: tanzu-tap-repository VERSION: 16253001 REPOSITORY: 123456789012.dkr.acr.us-east.azure.com/tap-images TAG: {{ vars.tap_version }} STATUS: Reconcile succeeded REASON:
Note The
VERSIONandTAGnumbers differ from the earlier example if you are on Tanzu Application Platform v1.0.2 or earlier. -
List the available packages by running:
tanzu package available list --namespace tap-installFor example:
$ tanzu package available list --namespace tap-install / Retrieving available packages... NAME DISPLAY-NAME SHORT-DESCRIPTION accelerator.apps.tanzu.vmware.com Application Accelerator for VMware Tanzu Used to create new projects and configurations. api-portal.tanzu.vmware.com API portal A unified user interface for API discovery and exploration at scale. apis.apps.tanzu.vmware.com API Auto Registration for VMware Tanzu A TAP component to automatically register API exposing workloads as API entities in TAP GUI. backend.appliveview.tanzu.vmware.com Application Live View for VMware Tanzu App for monitoring and troubleshooting running apps buildservice.tanzu.vmware.com Tanzu Build Service Tanzu Build Service enables the building and automation of containerized software workflows securely and at scale. carbonblack.scanning.apps.tanzu.vmware.com VMware Carbon Black for Supply Chain Security Tools - Scan Default scan templates using VMware Carbon Black cartographer.tanzu.vmware.com Cartographer Kubernetes native Supply Chain Choreographer. cnrs.tanzu.vmware.com Cloud Native Runtimes Cloud Native Runtimes is a serverless runtime based on Knative connector.appliveview.tanzu.vmware.com Application Live View Connector for VMware Tanzu App for discovering and registering running apps controller.source.apps.tanzu.vmware.com Tanzu Source Controller Tanzu Source Controller enables workload create/update from source code. conventions.appliveview.tanzu.vmware.com Application Live View Conventions for VMware Tanzu Application Live View convention server developer-conventions.tanzu.vmware.com Tanzu App Platform Developer Conventions Developer Conventions external-secrets.apps.tanzu.vmware.com External Secrets Operator External Secrets Operator is a Kubernetes operator that integrates external secret management systems. fluxcd.source.controller.tanzu.vmware.com Flux Source Controller The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, Helm repositories and S3 buckets. grype.scanning.apps.tanzu.vmware.com Grype for Supply Chain Security Tools - Scan Default scan templates using Anchore Grype metadata-store.apps.tanzu.vmware.com Supply Chain Security Tools - Store Post SBoMs and query for image, package, and vulnerability metadata. namespace-provisioner.apps.tanzu.vmware.com Namespace Provisioner Automatic Provisioning of Developer Namespaces. ootb-delivery-basic.tanzu.vmware.com Tanzu App Platform Out of The Box Delivery Basic Out of The Box Delivery Basic. ootb-supply-chain-basic.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain Basic Out of The Box Supply Chain Basic. ootb-supply-chain-testing-scanning.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain with Testing and Scanning Out of The Box Supply Chain with Testing and Scanning. ootb-supply-chain-testing.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain with Testing Out of The Box Supply Chain with Testing. ootb-templates.tanzu.vmware.com Tanzu App Platform Out of The Box Templates Out of The Box Templates. policy.apps.tanzu.vmware.com Supply Chain Security Tools - Policy Controller Policy Controller enables defining of a policy to restrict unsigned container images. scanning.apps.tanzu.vmware.com Supply Chain Security Tools - Scan Scan for vulnerabilities and enforce policies directly within Kubernetes native Supply Chains. service-bindings.labs.vmware.com Service Bindings for Kubernetes Service Bindings for Kubernetes implements the Service Binding Specification. services-toolkit.tanzu.vmware.com Services Toolkit The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.). snyk.scanning.apps.tanzu.vmware.com Snyk for Supply Chain Security Tools - Scan Default scan templates using Snyk spring-boot-conventions.tanzu.vmware.com Tanzu Spring Boot Conventions Server Default Spring Boot convention server. sso.apps.tanzu.vmware.com AppSSO Application Single Sign-On for Tanzu tap-auth.tanzu.vmware.com Default roles for Tanzu Application Platform Default roles for Tanzu Application Platform tap-gui.tanzu.vmware.com Tanzu Developer Portal web app graphical user interface for Tanzu Application Platform tap-telemetry.tanzu.vmware.com Telemetry Collector for Tanzu Application Platform Tanzu Application Platform Telemetry tap.tanzu.vmware.com Tanzu Application Platform Package to install a set of TAP components to get you started based on your use case. tekton.tanzu.vmware.com Tekton Pipelines Tekton Pipelines is a framework for creating CI/CD systems.
The tap.tanzu.vmware.com package installs predefined sets of packages based on your profile settings
by using the package manager installed by Tanzu Cluster Essentials.
For more information about profiles, see Components and installation profiles.
Some components use kpack and require a repository to publish artifacts to. This registry does not have to be the same registry used for installing the Tanzu Application Platform packages. To create a registry secret and add it to a developer namespace, run:
export KP_REGISTRY_USERNAME=YOUR-USERNAME
export KP_REGISTRY_PASSWORD=YOUR-PASSWORD
export KP_REGISTRY_HOSTNAME=YOUR-HOSTNAME
echo $KP_REGISTRY_USERNAME
echo $KP_REGISTRY_PASSWORD
echo $KP_REGISTRY_HOSTNAME
docker login $KP_REGISTRY_HOSTNAME -u $KP_REGISTRY_USERNAME -p $KP_REGISTRY_PASSWORD
export YOUR_NAMESPACE=mydev-ns
echo $YOUR_NAMESPACE
kubectl create ns $YOUR_NAMESPACE
tanzu secret registry add registry-credentials --server $KP_REGISTRY_HOSTNAME --username $KP_REGISTRY_USERNAME --password $KP_REGISTRY_PASSWORD --namespace $YOUR_NAMESPACE
kubectl get secret registry-credentials -o jsonpath='{.data.\.dockerconfigjson}' -n $YOUR_NAMESPACE| base64 --decodeTo prepare to install a profile:
-
List version information for the package by running:
tanzu package available list tap.tanzu.vmware.com --namespace tap-install -
Create a
tap-values.yamlfile by using the Full Profile (Azure), which contains the minimum configurations required to deploy Tanzu Application Platform on Azure. The sample values file contains the necessary defaults for:- The meta-package, or parent Tanzu Application Platform package.
- Subordinate packages, or individual child packages.
Keep the values file for future configuration use.
Note
tap-values.yamlis set as a Kubernetes secret, which provides secure means to read credentials for the Tanzu Application Platform components.
The following is the YAML file sample for the full-profile on Azure by using the ACR repositories you created earlier.
The profile: field takes full as the default value, but you can also set it to iterate, build, run, or view.
See Install multicluster Tanzu Application Platform profiles for more information.
cat << EOF > tap-values.yaml
shared:
ingress_domain: YOUR_DOMAIN
ingress_issuer: CLUSTER_ISSUER # use "" to disable SSL
image_registry:
project_path: ${KP_REGISTRY_HOSTNAME}/tap
secret:
name: registry-credentials
namespace: ${YOUR_NAMESPACE}
ceip_policy_disclosed: true
profile: full # Can take iterate, build, run, view.
supply_chain: basic # Can take testing, testing_scanning.
ootb_templates:
iaas_auth: true
ootb_supply_chain_basic:
registry: # (Optional) Takes the value from the project_path under the shared.image_registry section by default, but you can override it by setting different values.
server: ${KP_REGISTRY_HOSTNAME}
repository: tap-apps
gitops:
credentials_secret: ""
contour:
envoy:
service:
type: LoadBalancer
buildservice:
# (Optional) Takes the value from the project_path under the shared.image_registry section by default, but you can override it by setting a different value.
kp_default_repository: ${KP_REGISTRY_HOSTNAME}/buildservice
kp_default_repository_secret:
name: registry-credentials
namespace: ${YOUR_NAMESPACE}
local_source_proxy:
# (Optional) Takes the value from the project_path under the shared.image_registry section by default, but you can override it by setting a different value.
repository: "EXTERNAL-REGISTRY-FOR-LOCAL-SOURCE"
push_secret:
name: "EXTERNAL-REGISTRY-FOR-LOCAL-SOURCE-SECRET"
namespace: "EXTERNAL-REGISTRY-FOR-LOCAL-SOURCE-SECRET-NAMESPACE"
create_export: true # When set to true, the secret mentioned in this section is automatically exported to Local Source Proxy's namespace.
ootb_delivery_basic:
service_account: default
tap_gui:
app_config:
auth:
allowGuestAccess: true
metadata_store:
app_service_type: ClusterIP
ns_for_export_app_cert: ${YOUR_NAMESPACE}
accelerator:
server:
service_type: "ClusterIP"
EOFWhere:
YOUR_DOMAINis the subdomain for the host name that you point at thetanzu-shared-ingressservice's External IP address.Note You can update this field when knowing the external IP address of the ingress after the initial install of Tanzu Application Platform.
CLUSTER_ISSUERis the name of the deployedClusterIssuerto enable TLS on your ingress domain. You can disable TLS by using an empty string"".YOUR_NAMESPACEis the environment variable you defined earlier to describe the name of the developer namespace. Supply Chain Security Tools - Store exports secrets to the namespace, and Supply Chain Security Tools - Scan deploys theScanTemplatesthere. This allows the scanning feature to run in this namespace. If there are multiple developer namespaces, usens_for_export_app_cert: "*"to export the Supply Chain Security Tools - Store CA certificate to all namespaces.EXTERNAL-REGISTRY-FOR-LOCAL-SOURCEis where the developer's local source is uploaded when using Tanzu CLI to use Local Source Proxy for workload creation.EXTERNAL-REGISTRY-FOR-LOCAL-SOURCE-SECRETis the name of the secret with credentials that allow pushing to theEXTERNAL-REGISTRY-FOR-LOCAL-SOURCErepository.EXTERNAL-REGISTRY-FOR-LOCAL-SOURCE-SECRET-NAMESPACEis the namespace in whichEXTERNAL-REGISTRY-FOR-LOCAL-SOURCE-SECRETis available.
Important Installing Grype by using
tap-values.yamlas follows is deprecated in v1.6 and will be removed in v1.8:grype: targetImagePullSecret: registry-credentialsYou can install Grype by using Namespace Provisioner instead.
When you install a profile that includes Tanzu Build Service,
Tanzu Application Platform is installed with the lite set of dependencies.
These dependencies consist of buildpacks
and stacks
required for application builds.
The lite set of dependencies do not contain all buildpacks and stacks.
To use all buildpacks and stacks, you must install the full dependencies.
For more information about the differences between lite and full dependencies, see
About lite and full dependencies.
To configure full dependencies, add the key-value pair
exclude_dependencies: true to your tap-values.yaml file under the buildservice section.
For example:
buildservice:
kp_default_repository: "KP-DEFAULT-REPO"
kp_default_repository_secret: # Takes the value from the shared section by default, but can be overridden by setting a different value.
name: "KP-DEFAULT-REPO-SECRET"
namespace: "KP-DEFAULT-REPO-SECRET-NAMESPACE"
exclude_dependencies: trueAfter configuring full dependencies, you must install the dependencies after
you have finished installing your Tanzu Application Platform package.
See Install the full dependencies package for more information.
Tanzu Application Platform v1.6.1 supports building applications with Ubuntu v22.04 (Jammy).
Follow these steps to install the Tanzu Application Platform package:
-
Install the package by running:
tanzu package install tap -p tap.tanzu.vmware.com -v $TAP_VERSION --values-file tap-values.yaml -n tap-install -
Verify the package install by running:
tanzu package installed get tap -n tap-installThis can take 5-10 minutes because it installs several packages on your cluster.
-
Verify that the necessary packages in the profile are installed by running:
tanzu package installed list -A -
If you configured
fulldependencies in yourtbs-values.yamlfile, install thefulldependencies by following the procedure in Install full dependencies.
After installing the Full profile on your cluster, you can install the Tanzu Developer Tools for VS Code Extension to help you develop against it. For more information, see Install Tanzu Developer Tools for your VS Code.
If you configured full dependencies in your tap-values.yaml file in
Configure your profile with full dependencies earlier,
you must install the full dependencies package.
For more information about the differences between lite and full dependencies, see
About lite and full dependencies.
To install the full dependencies package:
{{> 'partials/tanzu-build-service/full-deps' }}
You can use the host name configured in Access Tanzu Developer Portal to access Tanzu Developer Portal. This host name is pointed at the shared ingress.
You're now ready to start using Tanzu Developer Portal. Proceed to the Getting Started topic or the Tanzu Developer Portal - Catalog Operations topic.