IK.AM

@making's tech note


Tanzu Application Platform 1.1 (Iterate Profile) をKindにインストールしHTTPSを有効にするメモ

🗃 {Dev/CaaS/Kubernetes/TAP}
🏷 Cartographer 🏷 Knative 🏷 Kubernetes 🏷 TAP 🏷 Tanzu 🏷 kind 
🗓 Updated at 2022-04-18T07:59:17Z  🗓 Created at 2022-04-17T17:20:24Z {✒️️ Edit  ⏰ History  🗑 Delete}  🌎 Translation by Google

⚠️ 本記事の内容はVMwareによってサポートされていません。 記事の内容で生じた問題については自己責任で対応し、 VMwareサポート窓口には問い合わせないでください

Tanzu Application Platform 1.1 をKindにインストールします。

本記事ではTAPをInstallし、"Hello World"なアプリケーションをソースコードからデプロイする機能("Source to URL")を試します。 また、HTTPSを有効にします。

目次

Kindクラスタの作成

cat <<EOF > kind-expose-port.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
 - role: control-plane
   extraPortMappings:
   - containerPort: 31443 # expose port 31443 of the node to port 80 on the host for use later by Contour ingress (envoy)
     hostPort: 443
   - containerPort: 31080 # expose port 31080 of the node to port 80 on the host for use later by Contour ingress (envoy)
     hostPort: 80
EOF
kind create cluster --config kind-expose-port.yaml

Pivnet CLIのインストール

ここでは pivnet CLIを使用して必要なソフトウェアをダウンロードします。 pivnet CLIはbrewでインストールできます。

brew install pivotal/tap/pivnet-cli

VMware Tanzu Network のAPI Tokenを取得して、pivnet CLIでログインします。

pivnet login --api-token=<API Token>

EULAの承諾

初回はTAPで使用するコンポーネントの EULA (End User License Agreement)を承諾する 必要があります。 Webブラウザから承諾しても良いですが、楽をしたい場合は次のコマンドでもまとめて承諾できます。 必要十分な量かわかりません。多分余分なので少し時間がかかります。

⚠️ EULAで定められている使用期間は30日間です。とは言え、特にソフトウェア的に制限がかけられているわけではありません。

for p in $(pivnet products | grep 'tanzu-.*-buildpack' | awk '{print $4}');do
  echo $p
  pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href') 
  echo
done
for p in $(pivnet products | grep 'tanzu-.*-stack' | awk '{print $4}');do
  echo $p
  pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
  echo
done
for p in tanzu-cluster-essentials tanzu-application-platform tbs-dependencies;do
  echo $p
  pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
  echo
done

Tanzu CLIのインストール

# For Mac
pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190780
# For Linux
pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190781
# For Windows
pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190784
tar xvf tanzu-framework-*-amd64.tar
install cli/core/v0.11.2/tanzu-core-*_amd64 /usr/local/bin/tanzu
export TANZU_CLI_NO_INIT=true
$ tanzu version
version: v0.11.2
buildDate: 2022-03-17
sha: 9f16f375

プラグインのインストール

export TANZU_CLI_NO_INIT=true
tanzu plugin install --local cli all

Cluster Essentials for VMware Tanzuのインストール

TAPのインストールに必要なKapp ControllerとSecretgen Controllerをデプロイするために Cluster Essentials for VMware Tanzu をインストールします。

# Mac
pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191985
# Linux
pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191987
# Windows
pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191983
TANZUNET_USERNAME=...
TANZUNET_PASSWORD=...

mkdir tanzu-cluster-essentials
tar xzvf tanzu-cluster-essentials-*-amd64-1.1.0.tgz -C tanzu-cluster-essentials

export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle:1.1.0
export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com
export INSTALL_REGISTRY_USERNAME=${TANZUNET_USERNAME}
export INSTALL_REGISTRY_PASSWORD=${TANZUNET_PASSWORD}
cd tanzu-cluster-essentials
./install.sh --yes
cd ..
$ kubectl get pod -A
NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE
kapp-controller        kapp-controller-579c8f7b69-txdgd             1/1     Running   0          2m30s
kube-system            coredns-558bd4d5db-n228q                     1/1     Running   0          52m
kube-system            coredns-558bd4d5db-q4cbd                     1/1     Running   0          52m
kube-system            etcd-kind-control-plane                      1/1     Running   0          52m
kube-system            kindnet-585r9                                1/1     Running   0          52m
kube-system            kindnet-mfqmx                                1/1     Running   0          51m
kube-system            kube-apiserver-kind-control-plane            1/1     Running   0          52m
kube-system            kube-controller-manager-kind-control-plane   1/1     Running   0          52m
kube-system            kube-proxy-bjbsq                             1/1     Running   0          52m
kube-system            kube-proxy-nt8wx                             1/1     Running   0          51m
kube-system            kube-scheduler-kind-control-plane            1/1     Running   0          52m
local-path-storage     local-path-provisioner-547f784dff-hhlhd      1/1     Running   0          52m
secretgen-controller   secretgen-controller-667cf6cbdb-84zxf        1/1     Running   0          28s

Tanzu Application Platformのインストール

TAP用Package Repositoryの登録

TANZUNET_USERNAME=...
TANZUNET_PASSWORD=...

kubectl create ns tap-install

tanzu secret registry add tap-registry \
  --username "${TANZUNET_USERNAME}" \
  --password "${TANZUNET_PASSWORD}" \
  --server registry.tanzu.vmware.com \
  --export-to-all-namespaces \
  --yes \
  --namespace tap-install

tanzu package repository add tanzu-tap-repository \
  --url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.1.0 \
  --namespace tap-install
$ tanzu package available list --namespace tap-install
- Retrieving available packages... 
  NAME                                                 DISPLAY-NAME                                                              SHORT-DESCRIPTION                                                                                                                                              LATEST-VERSION  
  accelerator.apps.tanzu.vmware.com                    Application Accelerator for VMware Tanzu                                  Used to create new projects and configurations.                                                                                                                1.1.2           
  api-portal.tanzu.vmware.com                          API portal                                                                A unified user interface to enable search, discovery and try-out of API endpoints at ease.                                                                     1.0.15          
  backend.appliveview.tanzu.vmware.com                 Application Live View for VMware Tanzu                                    App for monitoring and troubleshooting running apps                                                                                                            1.1.0           
  build.appliveview.tanzu.vmware.com                   Application Live View Conventions for VMware Tanzu                        Application Live View convention server                                                                                                                        1.0.2           
  buildservice.tanzu.vmware.com                        Tanzu Build Service                                                       Tanzu Build Service enables the building and automation of containerized software workflows securely and at scale.                                             1.5.0           
  cartographer.tanzu.vmware.com                        Cartographer                                                              Kubernetes native Supply Chain Choreographer.                                                                                                                  0.3.0           
  cnrs.tanzu.vmware.com                                Cloud Native Runtimes                                                     Cloud Native Runtimes is a serverless runtime based on Knative                                                                                                 1.2.0           
  connector.appliveview.tanzu.vmware.com               Application Live View Connector for VMware Tanzu                          App for discovering and registering running apps                                                                                                               1.1.0           
  controller.conventions.apps.tanzu.vmware.com         Convention Service for VMware Tanzu                                       Convention Service enables app operators to consistently apply desired runtime configurations to fleets of workloads.                                          0.6.3           
  controller.source.apps.tanzu.vmware.com              Tanzu Source Controller                                                   Tanzu Source Controller enables workload create/update from source code.                                                                                       0.3.3           
  conventions.appliveview.tanzu.vmware.com             Application Live View Conventions for VMware Tanzu                        Application Live View convention server                                                                                                                        1.1.0           
  developer-conventions.tanzu.vmware.com               Tanzu App Platform Developer Conventions                                  Developer Conventions                                                                                                                                          0.6.0           
  fluxcd.source.controller.tanzu.vmware.com            Flux Source Controller                                                    The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, Helm repositories and S3 buckets.      0.16.4          
  grype.scanning.apps.tanzu.vmware.com                 Grype for Supply Chain Security Tools - Scan                              Default scan templates using Anchore Grype                                                                                                                     1.1.0           
  image-policy-webhook.signing.apps.tanzu.vmware.com   Image Policy Webhook                                                      Image Policy Webhook enables defining of a policy to restrict unsigned container images.                                                                       1.1.1           
  learningcenter.tanzu.vmware.com                      Learning Center for Tanzu Application Platform                            Guided technical workshops                                                                                                                                     0.2.0           
  metadata-store.apps.tanzu.vmware.com                 Supply Chain Security Tools - Store                                       Post SBoMs and query for image, package, and vulnerability metadata.                                                                                           1.1.2           
  ootb-delivery-basic.tanzu.vmware.com                 Tanzu App Platform Out of The Box Delivery Basic                          Out of The Box Delivery Basic.                                                                                                                                 0.7.0           
  ootb-supply-chain-basic.tanzu.vmware.com             Tanzu App Platform Out of The Box Supply Chain Basic                      Out of The Box Supply Chain Basic.                                                                                                                             0.7.0           
  ootb-supply-chain-testing-scanning.tanzu.vmware.com  Tanzu App Platform Out of The Box Supply Chain with Testing and Scanning  Out of The Box Supply Chain with Testing and Scanning.                                                                                                         0.7.0           
  ootb-supply-chain-testing.tanzu.vmware.com           Tanzu App Platform Out of The Box Supply Chain with Testing               Out of The Box Supply Chain with Testing.                                                                                                                      0.7.0           
  ootb-templates.tanzu.vmware.com                      Tanzu App Platform Out of The Box Templates                               Out of The Box Templates.                                                                                                                                      0.7.0           
  run.appliveview.tanzu.vmware.com                     Application Live View for VMware Tanzu                                    App for monitoring and troubleshooting running apps                                                                                                            1.0.3           
  scanning.apps.tanzu.vmware.com                       Supply Chain Security Tools - Scan                                        Scan for vulnerabilities and enforce policies directly within Kubernetes native Supply Chains.                                                                 1.1.0           
  service-bindings.labs.vmware.com                     Service Bindings for Kubernetes                                           Service Bindings for Kubernetes implements the Service Binding Specification.                                                                                  0.7.1           
  services-toolkit.tanzu.vmware.com                    Services Toolkit                                                          The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.).  0.6.0           
  spring-boot-conventions.tanzu.vmware.com             Tanzu Spring Boot Conventions Server                                      Default Spring Boot convention server.                                                                                                                         0.4.0           
  tap-auth.tanzu.vmware.com                            Default roles for Tanzu Application Platform                              Default roles for Tanzu Application Platform                                                                                                                   1.0.1           
  tap-gui.tanzu.vmware.com                             Tanzu Application Platform GUI                                            web app graphical user interface for Tanzu Application Platform                                                                                                1.1.0           
  tap-telemetry.tanzu.vmware.com                       Telemetry Collector for Tanzu Application Platform                        Tanzu Application Plaform Telemetry                                                                                                                            0.1.4           
  tap.tanzu.vmware.com                                 Tanzu Application Platform                                                Package to install a set of TAP components to get you started based on your use case.                                                                          1.1.0           
  tekton.tanzu.vmware.com                              Tekton Pipelines                                                          Tekton Pipelines is a framework for creating CI/CD systems.                                                                                                    0.33.2          
  workshops.learningcenter.tanzu.vmware.com            Workshop Building Tutorial                                                Workshop Building Tutorial                                                                                                                                     0.2.0 

Iterate Profileのインストール

GITHUB_USERNAME=...
GITHUB_API_TOKEN=...

cat <<EOF > tap-values.yml
profile: iterate

ceip_policy_disclosed: true

cnrs:
  domain_name: vcap.me
  domain_template: "{{.Name}}-{{.Namespace}}.{{.Domain}}"
  default_tls_secret: tanzu-system-ingress/cnrs-default-tls
  provider: local

buildservice:
  kp_default_repository: ghcr.io/${GITHUB_USERNAME}/build-service
  kp_default_repository_username: ${GITHUB_USERNAME}
  kp_default_repository_password: ${GITHUB_API_TOKEN}
  tanzunet_username: ${TANZUNET_USERNAME}
  tanzunet_password: ${TANZUNET_PASSWORD}
  enable_automatic_dependency_updates: true

supply_chain: basic

ootb_supply_chain_basic:
  registry:
    server: ghcr.io
    repository: ${GITHUB_USERNAME}

contour:
  envoy:
    service:
      nodePorts:
        http: 31080
        https: 31443

package_overlays:
- name: cnrs
  secrets:
  - name: cnrs-default-tls        
EOF

*.vcap.me127.0.0.1に解決されます。

Cloud Native Runtimes (Knative) で使用するデフォルトのTLS証明書を用意するための次の定義をoverlayで作成します。以下のドキュメントを参考にしました。

cat <<EOF > cnrs-default-tls.yml
#@ load("@ytt:data", "data")
#@ load("@ytt:overlay", "overlay")
#@ namespace = data.values.ingress.external.namespace
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: cnrs-selfsigned-issuer
  namespace: #@ namespace
spec:
  selfSigned: { }
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cnrs-ca
  namespace: #@ namespace
spec:
  commonName: cnrs-ca
  isCA: true
  issuerRef:
    kind: Issuer
    name: cnrs-selfsigned-issuer
  secretName: cnrs-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: cnrs-ca-issuer
  namespace: #@ namespace
spec:
  ca:
    secretName: cnrs-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cnrs-default-tls
  namespace: #@ namespace
spec:
  dnsNames:
  - #@ "*.{}".format(data.values.domain_name)
  issuerRef:
    kind: Issuer
    name: cnrs-ca-issuer
  secretName: cnrs-default-tls
---
apiVersion: projectcontour.io/v1
kind: TLSCertificateDelegation
metadata:
  name: contour-delegation
  namespace: #@ namespace
spec:
  delegations:
  - secretName: cnrs-default-tls
    targetNamespaces:
    - "*"
#@overlay/match by=overlay.subset({"metadata":{"name":"config-network"}, "kind": "ConfigMap"})
---
data:
  #@overlay/match missing_ok=True
  default-external-scheme: https
EOF

overlayファイルをSecretとして作成します。

kubectl -n tap-install create secret generic cnrs-default-tls \
  -o yaml \
  --dry-run=client \
  --from-file=cnrs-default-tls.yml \
  | kubectl apply -f-

TAPをインストールします。

tanzu package install tap -p tap.tanzu.vmware.com -v 1.1.0 --values-file tap-values.yml -n tap-install

インストールの進捗は次のコマンドで確認します。

watch kubectl get app -n tap-install

全てのappが Reconcile succeeded になるまで待ちます。

$ kubectl get app -n tap-install 
NAME                       DESCRIPTION           SINCE-DEPLOY   AGE
appliveview                Reconcile succeeded   119s           13m
appliveview-connector      Reconcile succeeded   7m24s          17m
appliveview-conventions    Reconcile succeeded   3m7s           13m
buildservice               Reconcile succeeded   17m            17m
cartographer               Reconcile succeeded   4m14s          15m
cert-manager               Reconcile succeeded   17m            17m
cnrs                       Reconcile succeeded   49s            13m
contour                    Reconcile succeeded   3m18s          15m
conventions-controller     Reconcile succeeded   3m45s          15m
developer-conventions      Reconcile succeeded   3m3s           13m
fluxcd-source-controller   Reconcile succeeded   6m58s          17m
image-policy-webhook       Reconcile succeeded   4m53s          15m
ootb-delivery-basic        Reconcile succeeded   3m57s          14m
ootb-supply-chain-basic    Reconcile succeeded   3m59s          14m
ootb-templates             Reconcile succeeded   4m7s           14m
service-bindings           Reconcile succeeded   7m12s          17m
services-toolkit           Reconcile succeeded   6m14s          17m
source-controller          Reconcile succeeded   6m16s          17m
spring-boot-conventions    Reconcile succeeded   2m47s          13m
tap                        Reconcile succeeded   7s             18m
tap-auth                   Reconcile succeeded   7m34s          17m
tap-telemetry              Reconcile succeeded   6m32s          17m
tekton-pipelines           Reconcile succeeded   6m33s          17m

インストールされたパッケージは次の通りです。

$ kubectl get packageinstall -n tap-install 
NAME                       PACKAGE NAME                                         PACKAGE VERSION   DESCRIPTION           AGE
appliveview                backend.appliveview.tanzu.vmware.com                 1.1.0             Reconcile succeeded   13m
appliveview-connector      connector.appliveview.tanzu.vmware.com               1.1.0             Reconcile succeeded   18m
appliveview-conventions    conventions.appliveview.tanzu.vmware.com             1.1.0             Reconcile succeeded   14m
buildservice               buildservice.tanzu.vmware.com                        1.5.0             Reconcile succeeded   18m
cartographer               cartographer.tanzu.vmware.com                        0.3.0             Reconcile succeeded   16m
cert-manager               cert-manager.tanzu.vmware.com                        1.5.3+tap.2       Reconcile succeeded   18m
cnrs                       cnrs.tanzu.vmware.com                                1.2.0             Reconcile succeeded   13m
contour                    contour.tanzu.vmware.com                             1.18.2+tap.2      Reconcile succeeded   16m
conventions-controller     controller.conventions.apps.tanzu.vmware.com         0.6.3             Reconcile succeeded   16m
developer-conventions      developer-conventions.tanzu.vmware.com               0.6.0             Reconcile succeeded   14m
fluxcd-source-controller   fluxcd.source.controller.tanzu.vmware.com            0.16.4            Reconcile succeeded   18m
image-policy-webhook       image-policy-webhook.signing.apps.tanzu.vmware.com   1.1.1             Reconcile succeeded   16m
ootb-delivery-basic        ootb-delivery-basic.tanzu.vmware.com                 0.7.0             Reconcile succeeded   14m
ootb-supply-chain-basic    ootb-supply-chain-basic.tanzu.vmware.com             0.7.0             Reconcile succeeded   14m
ootb-templates             ootb-templates.tanzu.vmware.com                      0.7.0             Reconcile succeeded   14m
service-bindings           service-bindings.labs.vmware.com                     0.7.1             Reconcile succeeded   18m
services-toolkit           services-toolkit.tanzu.vmware.com                    0.6.0             Reconcile succeeded   18m
source-controller          controller.source.apps.tanzu.vmware.com              0.3.3             Reconcile succeeded   18m
spring-boot-conventions    spring-boot-conventions.tanzu.vmware.com             0.4.0             Reconcile succeeded   14m
tap                        tap.tanzu.vmware.com                                 1.1.0             Reconcile succeeded   18m
tap-auth                   tap-auth.tanzu.vmware.com                            1.0.1             Reconcile succeeded   18m
tap-telemetry              tap-telemetry.tanzu.vmware.com                       0.1.4             Reconcile succeeded   18m
tekton-pipelines           tekton.tanzu.vmware.com                              0.33.2            Reconcile succeeded   18m

デプロイされたPodは次の通りです。

$ kubectl get pod -A
NAMESPACE                   NAME                                                   READY   STATUS    RESTARTS   AGE
app-live-view-connector     application-live-view-connector-69z7k                  1/1     Running   0          18m
app-live-view-conventions   appliveview-webhook-694d78484d-b45jk                   1/1     Running   0          14m
app-live-view               application-live-view-server-ddbd9888f-q2pjm           1/1     Running   0          13m
build-service               build-pod-image-fetcher-n6679                          5/5     Running   0          18m
build-service               dependency-updater-controller-794cb544c5-hrzmg         1/1     Running   0          18m
build-service               secret-syncer-controller-5c5cfcd99f-9zltc              1/1     Running   0          18m
build-service               smart-warmer-image-fetcher-xst9c                       2/2     Running   0          14m
build-service               warmer-controller-5874f5498-4s9jj                      1/1     Running   0          18m
cartographer-system         cartographer-controller-9fbfd9fd4-gdf97                1/1     Running   0          16m
cert-injection-webhook      cert-injection-webhook-85dc49bf56-f942j                1/1     Running   0          18m
cert-manager                cert-manager-6cf946f494-pwdd4                          1/1     Running   0          18m
cert-manager                cert-manager-cainjector-6b55986f78-qvbql               1/1     Running   0          18m
cert-manager                cert-manager-webhook-6848686797-pr9sw                  1/1     Running   0          18m
conventions-system          conventions-controller-manager-64bcd6d549-mn2vk        1/1     Running   0          16m
developer-conventions       webhook-578565957d-6ng8s                               1/1     Running   0          14m
flux-system                 source-controller-7c7964748c-z2cqn                     1/1     Running   0          18m
image-policy-system         image-policy-controller-manager-7c69f4d84b-fv8qt       2/2     Running   0          16m
kapp-controller             kapp-controller-d55c69486-lbp4s                        1/1     Running   0          21m
knative-eventing            eventing-controller-7c56d9ff4c-q7nqt                   1/1     Running   0          13m
knative-eventing            eventing-webhook-5d4cf89758-rbhk4                      1/1     Running   0          13m
knative-eventing            imc-controller-7486c9c7b4-g75zx                        1/1     Running   0          13m
knative-eventing            imc-dispatcher-58489fd5b6-q9cp5                        1/1     Running   0          13m
knative-eventing            mt-broker-controller-6d5564746d-s9xkp                  1/1     Running   0          13m
knative-eventing            mt-broker-filter-7c845f6dcc-csmdz                      1/1     Running   0          13m
knative-eventing            mt-broker-ingress-7f6c4d6fb9-vrhcz                     1/1     Running   0          13m
knative-eventing            rabbitmq-broker-controller-778bd5488-c4pqp             1/1     Running   0          13m
knative-eventing            rabbitmq-broker-webhook-7d7656dc76-768rh               1/1     Running   0          13m
knative-eventing            sugar-controller-86bc96cfc9-6z7p8                      1/1     Running   0          13m
knative-serving             activator-975658b6d-xk728                              1/1     Running   0          13m
knative-serving             autoscaler-8fc5d5868-npz29                             1/1     Running   0          13m
knative-serving             autoscaler-hpa-776fc7dcc9-6jx5z                        1/1     Running   0          13m
knative-serving             controller-6599bb9768-hr4x2                            1/1     Running   0          13m
knative-serving             domain-mapping-68f57f87c7-bjrfx                        1/1     Running   0          13m
knative-serving             domainmapping-webhook-76d5f4b47-tblck                  1/1     Running   0          13m
knative-serving             net-certmanager-controller-f97495cd-nvz7l              1/1     Running   0          13m
knative-serving             net-certmanager-webhook-74c8d6797d-45bbf               1/1     Running   0          13m
knative-serving             net-contour-controller-865cbddcb7-brkbx                1/1     Running   0          109s
knative-serving             webhook-56f9fc8c48-l9ztp                               1/1     Running   0          13m
knative-sources             rabbitmq-controller-manager-7d667d74b5-6rg9r           1/1     Running   0          13m
knative-sources             rabbitmq-webhook-5f5c4f96dc-k7lv6                      1/1     Running   0          13m
kpack                       kpack-controller-779894ffb6-ckgnw                      1/1     Running   0          18m
kpack                       kpack-webhook-cf9c8b545-lwjbc                          1/1     Running   0          18m
kube-system                 coredns-558bd4d5db-kxshz                               1/1     Running   0          22m
kube-system                 coredns-558bd4d5db-vrds6                               1/1     Running   0          22m
kube-system                 etcd-kind-control-plane                                1/1     Running   0          23m
kube-system                 kindnet-gwd8p                                          1/1     Running   0          22m
kube-system                 kindnet-wxd4r                                          1/1     Running   0          22m
kube-system                 kube-apiserver-kind-control-plane                      1/1     Running   0          23m
kube-system                 kube-controller-manager-kind-control-plane             1/1     Running   0          23m
kube-system                 kube-proxy-5vrx7                                       1/1     Running   0          22m
kube-system                 kube-proxy-mp2kz                                       1/1     Running   0          22m
kube-system                 kube-scheduler-kind-control-plane                      1/1     Running   0          23m
local-path-storage          local-path-provisioner-547f784dff-vzj4s                1/1     Running   0          22m
secretgen-controller        secretgen-controller-6fcbff9c4d-9ghjw                  1/1     Running   0          20m
service-bindings            manager-846bcf8cfd-w2lxv                               1/1     Running   0          18m
services-toolkit            services-toolkit-controller-manager-5b7cbd6f4f-mqzmk   1/1     Running   0          18m
source-system               source-controller-manager-67b6f4cd64-2hxf9             1/1     Running   0          18m
spring-boot-convention      spring-boot-webhook-6c5c7656fb-cf9f2                   1/1     Running   0          14m
stacks-operator-system      controller-manager-785c9bc4d6-557sh                    1/1     Running   0          18m
tanzu-system-ingress        contour-699dfb9f9b-fvdvq                               1/1     Running   0          16m
tanzu-system-ingress        contour-699dfb9f9b-hc6zp                               1/1     Running   0          16m
tanzu-system-ingress        envoy-llt8h                                            2/2     Running   0          16m
tap-telemetry               tap-telemetry-controller-5fc8c68f8f-kwqpk              1/1     Running   0          18m
tekton-pipelines            tekton-pipelines-controller-7c475994c7-nrb7g           1/1     Running   0          18m
tekton-pipelines            tekton-pipelines-webhook-64ffbb66d7-7xjgl              1/1     Running   0          18m
triggermesh                 aws-event-sources-controller-649669c475-pshxx          1/1     Running   0          13m
vmware-sources              webhook-7f6c979bd9-hvttk                               1/1     Running   0          13m

Workloadのデプロイ

Workloadを作成するための事前準備

https://docs.vmware.com/en/Tanzu-Application-Platform/1.1/tap/GUID-install-components.html#setup (一部変更しています)

kubectl create ns demo
tanzu secret registry add registry-credentials --server ghcr.io --username ${GITHUB_USERNAME} --password ${GITHUB_API_TOKEN} --namespace demo
cat <<EOF | kubectl -n demo apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: tap-registry
  annotations:
    secretgen.carvel.dev/image-pull-secret: ""
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: e30K
---
apiVersion: v1
kind: Secret
metadata:
  name: git-ssh
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
secrets:
  - name: registry-credentials
  - name: git-ssh
imagePullSecrets:
  - name: registry-credentials
  - name: tap-registry
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default-permit-deliverable
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: deliverable
subjects:
  - kind: ServiceAccount
    name: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default-permit-workload
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: workload
subjects:
  - kind: ServiceAccount
    name: default
EOF

Node.jsアプリのデプロイ

tanzu apps workload apply hello \
  --app hello \
  --git-repo https://github.com/making/hello-nodejs \
  --git-branch master \
  --type web \
  -n demo \
  -y
tanzu apps workload tail hello -n demo   

作成されるリソースを確認したければ次のコマンドをwatchしてください。

watch kubectl get pod,gitrepo,imgs,build,podintent,taskrun,imagerepository,app,ksvc,certificate,httpproxy -n demo -owide
$ tanzu apps workload get -n demo hello
# hello: Ready
---
lastTransitionTime: "2022-04-15T17:56:39Z"
message: ""
reason: Ready
status: "True"
type: Ready

Pods
NAME                                      STATUS        RESTARTS   AGE
hello-00001-deployment-64bf5746d4-4wtbk   Running       0          40s
hello-build-1-build-pod                   Succeeded     0          6m1s
hello-config-writer-rph5d-pod             Succeeded     0          4m54s

Knative Services
NAME    READY   URL
hello   Ready   https://hello-demo.vcap.me
$ curl -k https://hello-demo.vcap.me
Hello Tanzu!!

Javaアプリのデプロイ

tanzu apps workload apply spring-music \
  --app spring-music \
  --git-repo https://github.com/scottfrederick/spring-music \
  --git-branch tanzu \
  --type web \
  --annotation autoscaling.knative.dev/minScale=1 \
  -n demo \
  -y
tanzu apps workload tail spring-music -n demo   
$ tanzu apps workload get -n demo spring-music
# spring-music: Ready
---
lastTransitionTime: "2022-04-17T15:04:22Z"
message: ""
reason: Ready
status: "True"
type: Ready

Pods
NAME                                             STATUS      RESTARTS   AGE
spring-music-00001-deployment-5948575858-fx58s   Running     0          112s
spring-music-build-1-build-pod                   Succeeded   0          4m59s
spring-music-config-writer-x4b4q-pod             Succeeded   0          2m23s

Knative Services
NAME           READY   URL
spring-music   Ready   https://spring-music-demo.vcap.me
image

"THIS IS UNSAFE"を入力

image

Spring Bootの場合は自動でmanagement.server.port=8081及びmanagement.endpoints.web.exposure.include=*が設定されます。
またSpring Boot 2.6以上の場合は、management.endpoint.health.probes.add-additional-paths=trueが設定され、readiness probeに /readyz がliveness probeに /livez のpathが設定されます。

$ kubectl get ksvc -n demo spring-music -oyaml | kubectl neat
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  annotations:
    kapp.k14s.io/identity: v1;demo/serving.knative.dev/Service/spring-music;serving.knative.dev/v1
    kapp.k14s.io/original: '{"apiVersion":"serving.knative.dev/v1","kind":"Service","metadata":{"annotations":{"kbld.k14s.io/images":"null\n"},"labels":{"app.kubernetes.io/component":"run","app.kubernetes.io/part-of":"spring-music","apps.tanzu.vmware.com/workload-type":"web","carto.run/workload-name":"spring-music","kapp.k14s.io/app":"1650207894961795500","kapp.k14s.io/association":"v1.d461947476e2f10f282a43f02102e099"},"name":"spring-music","namespace":"demo"},"spec":{"template":{"metadata":{"annotations":{"autoscaling.knative.dev/minScale":"1","boot.spring.io/actuator":"http://:8081/actuator","boot.spring.io/version":"2.6.6","conventions.apps.tanzu.vmware.com/applied-conventions":"spring-boot-convention/spring-boot\nspring-boot-convention/spring-boot-graceful-shutdown\nspring-boot-convention/spring-boot-web\nspring-boot-convention/spring-boot-actuator\nspring-boot-convention/spring-boot-actuator-probes\nspring-boot-convention/service-intent-mysql\nspring-boot-convention/service-intent-postgres\nspring-boot-convention/service-intent-mongodb\nappliveview-sample/app-live-view-connector\nappliveview-sample/app-live-view-appflavours\nappliveview-sample/app-live-view-systemproperties","developer.conventions/target-containers":"workload","services.conventions.apps.tanzu.vmware.com/mongodb":"mongodb-driver-core/4.4.2","services.conventions.apps.tanzu.vmware.com/mysql":"mysql-connector-java/8.0.28","services.conventions.apps.tanzu.vmware.com/postgres":"postgresql/42.3.3"},"labels":{"app.kubernetes.io/component":"run","app.kubernetes.io/part-of":"spring-music","apps.tanzu.vmware.com/workload-type":"web","carto.run/workload-name":"spring-music","conventions.apps.tanzu.vmware.com/framework":"spring-boot","services.conventions.apps.tanzu.vmware.com/mongodb":"workload","services.conventions.apps.tanzu.vmware.com/mysql":"workload","services.conventions.apps.tanzu.vmware.com/postgres":"workload","tanzu.app.live.view":"true","tanzu.app.live.view.application.actuator.port":"8081","tanzu.app.live.view.application.flavours":"spring-boot","tanzu.app.live.view.application.name":"spring-boot-app"}},"spec":{"containers":[{"env":[{"name":"JAVA_TOOL_OPTIONS","value":"-Dmanagement.endpoint.health.probes.add-additional-paths=\"true\"
      -Dmanagement.endpoint.health.show-details=always -Dmanagement.endpoints.web.base-path=\"/actuator\"
      -Dmanagement.endpoints.web.exposure.include=* -Dmanagement.health.probes.enabled=\"true\"
      -Dmanagement.server.port=\"8081\" -Dserver.port=\"8080\" -Dserver.shutdown.grace-period=\"24s\""}],"image":"ghcr.io/making/spring-music-demo@sha256:93d230e9d0511884f367824055d8996f70b2301a2a0329305ec2c85c5df5914c","livenessProbe":{"httpGet":{"path":"/livez","port":8080,"scheme":"HTTP"}},"name":"workload","ports":[{"containerPort":8080,"protocol":"TCP"}],"readinessProbe":{"httpGet":{"path":"/readyz","port":8080,"scheme":"HTTP"}},"resources":{},"securityContext":{"runAsUser":1000}}],"serviceAccountName":"default"}}}}'
    kapp.k14s.io/original-diff-md5: 41e2400841d3c59663d988148eb12b73
    kbld.k14s.io/images: |
      null
    serving.knative.dev/creator: system:serviceaccount:demo:default
    serving.knative.dev/lastModifier: system:serviceaccount:demo:default
  labels:
    app.kubernetes.io/component: run
    app.kubernetes.io/part-of: spring-music
    apps.tanzu.vmware.com/workload-type: web
    carto.run/workload-name: spring-music
    kapp.k14s.io/app: "1650207894961795500"
    kapp.k14s.io/association: v1.d461947476e2f10f282a43f02102e099
  name: spring-music
  namespace: demo
spec:
  template:
    metadata:
      annotations:
        autoscaling.knative.dev/minScale: "1"
        boot.spring.io/actuator: http://:8081/actuator
        boot.spring.io/version: 2.6.6
        conventions.apps.tanzu.vmware.com/applied-conventions: |-
          spring-boot-convention/spring-boot
          spring-boot-convention/spring-boot-graceful-shutdown
          spring-boot-convention/spring-boot-web
          spring-boot-convention/spring-boot-actuator
          spring-boot-convention/spring-boot-actuator-probes
          spring-boot-convention/service-intent-mysql
          spring-boot-convention/service-intent-postgres
          spring-boot-convention/service-intent-mongodb
          appliveview-sample/app-live-view-connector
          appliveview-sample/app-live-view-appflavours
          appliveview-sample/app-live-view-systemproperties
        developer.conventions/target-containers: workload
        services.conventions.apps.tanzu.vmware.com/mongodb: mongodb-driver-core/4.4.2
        services.conventions.apps.tanzu.vmware.com/mysql: mysql-connector-java/8.0.28
        services.conventions.apps.tanzu.vmware.com/postgres: postgresql/42.3.3
      creationTimestamp: null
      labels:
        app.kubernetes.io/component: run
        app.kubernetes.io/part-of: spring-music
        apps.tanzu.vmware.com/workload-type: web
        carto.run/workload-name: spring-music
        conventions.apps.tanzu.vmware.com/framework: spring-boot
        services.conventions.apps.tanzu.vmware.com/mongodb: workload
        services.conventions.apps.tanzu.vmware.com/mysql: workload
        services.conventions.apps.tanzu.vmware.com/postgres: workload
        tanzu.app.live.view: "true"
        tanzu.app.live.view.application.actuator.port: "8081"
        tanzu.app.live.view.application.flavours: spring-boot
        tanzu.app.live.view.application.name: spring-boot-app
    spec:
      containerConcurrency: 0
      containers:
      - env:
        - name: JAVA_TOOL_OPTIONS
          value: -Dmanagement.endpoint.health.probes.add-additional-paths="true" -Dmanagement.endpoint.health.show-details=always
            -Dmanagement.endpoints.web.base-path="/actuator" -Dmanagement.endpoints.web.exposure.include=*
            -Dmanagement.health.probes.enabled="true" -Dmanagement.server.port="8081"
            -Dserver.port="8080" -Dserver.shutdown.grace-period="24s"
        image: ghcr.io/making/spring-music-demo@sha256:93d230e9d0511884f367824055d8996f70b2301a2a0329305ec2c85c5df5914c
        livenessProbe:
          httpGet:
            path: /livez
            port: 8080
            scheme: HTTP
        name: workload
        ports:
        - containerPort: 8080
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /readyz
            port: 8080
            scheme: HTTP
          successThreshold: 1
        securityContext:
          runAsUser: 1000
      enableServiceLinks: false
      serviceAccountName: default
      timeoutSeconds: 300
  traffic:
  - latestRevision: true
    percent: 100

GitOpsでデプロイする

TBD