Tanzu Application Platform 1.1 をKindにインストールします。
本記事ではTAPをInstallし、"Hello World"なアプリケーションをソースコードからデプロイする機能("Source to URL")を試します。 また、HTTPSを有効にします。
目次
- Kindクラスタの作成
- Pivnet CLIのインストール
- EULAの承諾
- Tanzu CLIのインストール
- Cluster Essentials for VMware Tanzuのインストール
- Tanzu Application Platformのインストール
- Workloadのデプロイ
- GitOpsでデプロイする
Kindクラスタの作成
cat <<EOF > kind-expose-port.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 31443 # expose port 31443 of the node to port 80 on the host for use later by Contour ingress (envoy)
hostPort: 443
- containerPort: 31080 # expose port 31080 of the node to port 80 on the host for use later by Contour ingress (envoy)
hostPort: 80
EOF
kind create cluster --config kind-expose-port.yaml
Pivnet CLIのインストール
ここでは pivnet CLIを使用して必要なソフトウェアをダウンロードします。
pivnet CLIはbrewでインストールできます。
brew install pivotal/tap/pivnet-cli
VMware Tanzu Network のAPI Tokenを取得して、pivnet CLIでログインします。
pivnet login --api-token=<API Token>
EULAの承諾
初回はTAPで使用するコンポーネントの EULA (End User License Agreement)を承諾する 必要があります。 Webブラウザから承諾しても良いですが、楽をしたい場合は次のコマンドでもまとめて承諾できます。 必要十分な量かわかりません。多分余分なので少し時間がかかります。
⚠️ EULAで定められている使用期間は30日間です。とは言え、特にソフトウェア的に制限がかけられているわけではありません。
for p in $(pivnet products | grep 'tanzu-.*-buildpack' | awk '{print $4}');do
echo $p
pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
echo
done
for p in $(pivnet products | grep 'tanzu-.*-stack' | awk '{print $4}');do
echo $p
pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
echo
done
for p in tanzu-cluster-essentials tanzu-application-platform tbs-dependencies;do
echo $p
pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href')
echo
done
Tanzu CLIのインストール
# For Mac
pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190780
# For Linux
pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190781
# For Windows
pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190784
tar xvf tanzu-framework-*-amd64.tar
install cli/core/v0.11.2/tanzu-core-*_amd64 /usr/local/bin/tanzu
export TANZU_CLI_NO_INIT=true
$ tanzu version
version: v0.11.2
buildDate: 2022-03-17
sha: 9f16f375
プラグインのインストール
export TANZU_CLI_NO_INIT=true
tanzu plugin install --local cli all
Cluster Essentials for VMware Tanzuのインストール
TAPのインストールに必要なKapp ControllerとSecretgen Controllerをデプロイするために Cluster Essentials for VMware Tanzu をインストールします。
# Mac
pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191985
# Linux
pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191987
# Windows
pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191983
TANZUNET_USERNAME=...
TANZUNET_PASSWORD=...
mkdir tanzu-cluster-essentials
tar xzvf tanzu-cluster-essentials-*-amd64-1.1.0.tgz -C tanzu-cluster-essentials
export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle:1.1.0
export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com
export INSTALL_REGISTRY_USERNAME=${TANZUNET_USERNAME}
export INSTALL_REGISTRY_PASSWORD=${TANZUNET_PASSWORD}
cd tanzu-cluster-essentials
./install.sh --yes
cd ..
$ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kapp-controller kapp-controller-579c8f7b69-txdgd 1/1 Running 0 2m30s
kube-system coredns-558bd4d5db-n228q 1/1 Running 0 52m
kube-system coredns-558bd4d5db-q4cbd 1/1 Running 0 52m
kube-system etcd-kind-control-plane 1/1 Running 0 52m
kube-system kindnet-585r9 1/1 Running 0 52m
kube-system kindnet-mfqmx 1/1 Running 0 51m
kube-system kube-apiserver-kind-control-plane 1/1 Running 0 52m
kube-system kube-controller-manager-kind-control-plane 1/1 Running 0 52m
kube-system kube-proxy-bjbsq 1/1 Running 0 52m
kube-system kube-proxy-nt8wx 1/1 Running 0 51m
kube-system kube-scheduler-kind-control-plane 1/1 Running 0 52m
local-path-storage local-path-provisioner-547f784dff-hhlhd 1/1 Running 0 52m
secretgen-controller secretgen-controller-667cf6cbdb-84zxf 1/1 Running 0 28s
Tanzu Application Platformのインストール
TAP用Package Repositoryの登録
TANZUNET_USERNAME=...
TANZUNET_PASSWORD=...
kubectl create ns tap-install
tanzu secret registry add tap-registry \
--username "${TANZUNET_USERNAME}" \
--password "${TANZUNET_PASSWORD}" \
--server registry.tanzu.vmware.com \
--export-to-all-namespaces \
--yes \
--namespace tap-install
tanzu package repository add tanzu-tap-repository \
--url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.1.0 \
--namespace tap-install
$ tanzu package available list --namespace tap-install
- Retrieving available packages...
NAME DISPLAY-NAME SHORT-DESCRIPTION LATEST-VERSION
accelerator.apps.tanzu.vmware.com Application Accelerator for VMware Tanzu Used to create new projects and configurations. 1.1.2
api-portal.tanzu.vmware.com API portal A unified user interface to enable search, discovery and try-out of API endpoints at ease. 1.0.15
backend.appliveview.tanzu.vmware.com Application Live View for VMware Tanzu App for monitoring and troubleshooting running apps 1.1.0
build.appliveview.tanzu.vmware.com Application Live View Conventions for VMware Tanzu Application Live View convention server 1.0.2
buildservice.tanzu.vmware.com Tanzu Build Service Tanzu Build Service enables the building and automation of containerized software workflows securely and at scale. 1.5.0
cartographer.tanzu.vmware.com Cartographer Kubernetes native Supply Chain Choreographer. 0.3.0
cnrs.tanzu.vmware.com Cloud Native Runtimes Cloud Native Runtimes is a serverless runtime based on Knative 1.2.0
connector.appliveview.tanzu.vmware.com Application Live View Connector for VMware Tanzu App for discovering and registering running apps 1.1.0
controller.conventions.apps.tanzu.vmware.com Convention Service for VMware Tanzu Convention Service enables app operators to consistently apply desired runtime configurations to fleets of workloads. 0.6.3
controller.source.apps.tanzu.vmware.com Tanzu Source Controller Tanzu Source Controller enables workload create/update from source code. 0.3.3
conventions.appliveview.tanzu.vmware.com Application Live View Conventions for VMware Tanzu Application Live View convention server 1.1.0
developer-conventions.tanzu.vmware.com Tanzu App Platform Developer Conventions Developer Conventions 0.6.0
fluxcd.source.controller.tanzu.vmware.com Flux Source Controller The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, Helm repositories and S3 buckets. 0.16.4
grype.scanning.apps.tanzu.vmware.com Grype for Supply Chain Security Tools - Scan Default scan templates using Anchore Grype 1.1.0
image-policy-webhook.signing.apps.tanzu.vmware.com Image Policy Webhook Image Policy Webhook enables defining of a policy to restrict unsigned container images. 1.1.1
learningcenter.tanzu.vmware.com Learning Center for Tanzu Application Platform Guided technical workshops 0.2.0
metadata-store.apps.tanzu.vmware.com Supply Chain Security Tools - Store Post SBoMs and query for image, package, and vulnerability metadata. 1.1.2
ootb-delivery-basic.tanzu.vmware.com Tanzu App Platform Out of The Box Delivery Basic Out of The Box Delivery Basic. 0.7.0
ootb-supply-chain-basic.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain Basic Out of The Box Supply Chain Basic. 0.7.0
ootb-supply-chain-testing-scanning.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain with Testing and Scanning Out of The Box Supply Chain with Testing and Scanning. 0.7.0
ootb-supply-chain-testing.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain with Testing Out of The Box Supply Chain with Testing. 0.7.0
ootb-templates.tanzu.vmware.com Tanzu App Platform Out of The Box Templates Out of The Box Templates. 0.7.0
run.appliveview.tanzu.vmware.com Application Live View for VMware Tanzu App for monitoring and troubleshooting running apps 1.0.3
scanning.apps.tanzu.vmware.com Supply Chain Security Tools - Scan Scan for vulnerabilities and enforce policies directly within Kubernetes native Supply Chains. 1.1.0
service-bindings.labs.vmware.com Service Bindings for Kubernetes Service Bindings for Kubernetes implements the Service Binding Specification. 0.7.1
services-toolkit.tanzu.vmware.com Services Toolkit The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.). 0.6.0
spring-boot-conventions.tanzu.vmware.com Tanzu Spring Boot Conventions Server Default Spring Boot convention server. 0.4.0
tap-auth.tanzu.vmware.com Default roles for Tanzu Application Platform Default roles for Tanzu Application Platform 1.0.1
tap-gui.tanzu.vmware.com Tanzu Application Platform GUI web app graphical user interface for Tanzu Application Platform 1.1.0
tap-telemetry.tanzu.vmware.com Telemetry Collector for Tanzu Application Platform Tanzu Application Plaform Telemetry 0.1.4
tap.tanzu.vmware.com Tanzu Application Platform Package to install a set of TAP components to get you started based on your use case. 1.1.0
tekton.tanzu.vmware.com Tekton Pipelines Tekton Pipelines is a framework for creating CI/CD systems. 0.33.2
workshops.learningcenter.tanzu.vmware.com Workshop Building Tutorial Workshop Building Tutorial 0.2.0
Iterate Profileのインストール
GITHUB_USERNAME=...
GITHUB_API_TOKEN=...
cat <<EOF > tap-values.yml
profile: iterate
ceip_policy_disclosed: true
cnrs:
domain_name: vcap.me
domain_template: "{{.Name}}-{{.Namespace}}.{{.Domain}}"
default_tls_secret: tanzu-system-ingress/cnrs-default-tls
provider: local
buildservice:
kp_default_repository: ghcr.io/${GITHUB_USERNAME}/build-service
kp_default_repository_username: ${GITHUB_USERNAME}
kp_default_repository_password: ${GITHUB_API_TOKEN}
tanzunet_username: ${TANZUNET_USERNAME}
tanzunet_password: ${TANZUNET_PASSWORD}
enable_automatic_dependency_updates: true
supply_chain: basic
ootb_supply_chain_basic:
registry:
server: ghcr.io
repository: ${GITHUB_USERNAME}
contour:
envoy:
service:
nodePorts:
http: 31080
https: 31443
package_overlays:
- name: cnrs
secrets:
- name: cnrs-default-tls
EOF
*.vcap.meは127.0.0.1に解決されます。
Cloud Native Runtimes (Knative) で使用するデフォルトのTLS証明書を用意するための次の定義をoverlayで作成します。以下のドキュメントを参考にしました。
- https://docs.vmware.com/en/Cloud-Native-Runtimes-for-VMware-Tanzu/1.1/tanzu-cloud-native-runtimes-1-1/GUID-external_dns.html
- https://knative.dev/docs/serving/using-a-tls-cert/#manually-adding-a-tls-certificate
cat <<EOF > cnrs-default-tls.yml
#@ load("@ytt:data", "data")
#@ load("@ytt:overlay", "overlay")
#@ namespace = data.values.ingress.external.namespace
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: cnrs-selfsigned-issuer
namespace: #@ namespace
spec:
selfSigned: { }
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cnrs-ca
namespace: #@ namespace
spec:
commonName: cnrs-ca
isCA: true
issuerRef:
kind: Issuer
name: cnrs-selfsigned-issuer
secretName: cnrs-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: cnrs-ca-issuer
namespace: #@ namespace
spec:
ca:
secretName: cnrs-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cnrs-default-tls
namespace: #@ namespace
spec:
dnsNames:
- #@ "*.{}".format(data.values.domain_name)
issuerRef:
kind: Issuer
name: cnrs-ca-issuer
secretName: cnrs-default-tls
---
apiVersion: projectcontour.io/v1
kind: TLSCertificateDelegation
metadata:
name: contour-delegation
namespace: #@ namespace
spec:
delegations:
- secretName: cnrs-default-tls
targetNamespaces:
- "*"
#@overlay/match by=overlay.subset({"metadata":{"name":"config-network"}, "kind": "ConfigMap"})
---
data:
#@overlay/match missing_ok=True
default-external-scheme: https
EOF
overlayファイルをSecretとして作成します。
kubectl -n tap-install create secret generic cnrs-default-tls \
-o yaml \
--dry-run=client \
--from-file=cnrs-default-tls.yml \
| kubectl apply -f-
TAPをインストールします。
tanzu package install tap -p tap.tanzu.vmware.com -v 1.1.0 --values-file tap-values.yml -n tap-install
インストールの進捗は次のコマンドで確認します。
watch kubectl get app -n tap-install
全てのappが Reconcile succeeded になるまで待ちます。
$ kubectl get app -n tap-install
NAME DESCRIPTION SINCE-DEPLOY AGE
appliveview Reconcile succeeded 119s 13m
appliveview-connector Reconcile succeeded 7m24s 17m
appliveview-conventions Reconcile succeeded 3m7s 13m
buildservice Reconcile succeeded 17m 17m
cartographer Reconcile succeeded 4m14s 15m
cert-manager Reconcile succeeded 17m 17m
cnrs Reconcile succeeded 49s 13m
contour Reconcile succeeded 3m18s 15m
conventions-controller Reconcile succeeded 3m45s 15m
developer-conventions Reconcile succeeded 3m3s 13m
fluxcd-source-controller Reconcile succeeded 6m58s 17m
image-policy-webhook Reconcile succeeded 4m53s 15m
ootb-delivery-basic Reconcile succeeded 3m57s 14m
ootb-supply-chain-basic Reconcile succeeded 3m59s 14m
ootb-templates Reconcile succeeded 4m7s 14m
service-bindings Reconcile succeeded 7m12s 17m
services-toolkit Reconcile succeeded 6m14s 17m
source-controller Reconcile succeeded 6m16s 17m
spring-boot-conventions Reconcile succeeded 2m47s 13m
tap Reconcile succeeded 7s 18m
tap-auth Reconcile succeeded 7m34s 17m
tap-telemetry Reconcile succeeded 6m32s 17m
tekton-pipelines Reconcile succeeded 6m33s 17m
インストールされたパッケージは次の通りです。
$ kubectl get packageinstall -n tap-install
NAME PACKAGE NAME PACKAGE VERSION DESCRIPTION AGE
appliveview backend.appliveview.tanzu.vmware.com 1.1.0 Reconcile succeeded 13m
appliveview-connector connector.appliveview.tanzu.vmware.com 1.1.0 Reconcile succeeded 18m
appliveview-conventions conventions.appliveview.tanzu.vmware.com 1.1.0 Reconcile succeeded 14m
buildservice buildservice.tanzu.vmware.com 1.5.0 Reconcile succeeded 18m
cartographer cartographer.tanzu.vmware.com 0.3.0 Reconcile succeeded 16m
cert-manager cert-manager.tanzu.vmware.com 1.5.3+tap.2 Reconcile succeeded 18m
cnrs cnrs.tanzu.vmware.com 1.2.0 Reconcile succeeded 13m
contour contour.tanzu.vmware.com 1.18.2+tap.2 Reconcile succeeded 16m
conventions-controller controller.conventions.apps.tanzu.vmware.com 0.6.3 Reconcile succeeded 16m
developer-conventions developer-conventions.tanzu.vmware.com 0.6.0 Reconcile succeeded 14m
fluxcd-source-controller fluxcd.source.controller.tanzu.vmware.com 0.16.4 Reconcile succeeded 18m
image-policy-webhook image-policy-webhook.signing.apps.tanzu.vmware.com 1.1.1 Reconcile succeeded 16m
ootb-delivery-basic ootb-delivery-basic.tanzu.vmware.com 0.7.0 Reconcile succeeded 14m
ootb-supply-chain-basic ootb-supply-chain-basic.tanzu.vmware.com 0.7.0 Reconcile succeeded 14m
ootb-templates ootb-templates.tanzu.vmware.com 0.7.0 Reconcile succeeded 14m
service-bindings service-bindings.labs.vmware.com 0.7.1 Reconcile succeeded 18m
services-toolkit services-toolkit.tanzu.vmware.com 0.6.0 Reconcile succeeded 18m
source-controller controller.source.apps.tanzu.vmware.com 0.3.3 Reconcile succeeded 18m
spring-boot-conventions spring-boot-conventions.tanzu.vmware.com 0.4.0 Reconcile succeeded 14m
tap tap.tanzu.vmware.com 1.1.0 Reconcile succeeded 18m
tap-auth tap-auth.tanzu.vmware.com 1.0.1 Reconcile succeeded 18m
tap-telemetry tap-telemetry.tanzu.vmware.com 0.1.4 Reconcile succeeded 18m
tekton-pipelines tekton.tanzu.vmware.com 0.33.2 Reconcile succeeded 18m
デプロイされたPodは次の通りです。
$ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
app-live-view-connector application-live-view-connector-69z7k 1/1 Running 0 18m
app-live-view-conventions appliveview-webhook-694d78484d-b45jk 1/1 Running 0 14m
app-live-view application-live-view-server-ddbd9888f-q2pjm 1/1 Running 0 13m
build-service build-pod-image-fetcher-n6679 5/5 Running 0 18m
build-service dependency-updater-controller-794cb544c5-hrzmg 1/1 Running 0 18m
build-service secret-syncer-controller-5c5cfcd99f-9zltc 1/1 Running 0 18m
build-service smart-warmer-image-fetcher-xst9c 2/2 Running 0 14m
build-service warmer-controller-5874f5498-4s9jj 1/1 Running 0 18m
cartographer-system cartographer-controller-9fbfd9fd4-gdf97 1/1 Running 0 16m
cert-injection-webhook cert-injection-webhook-85dc49bf56-f942j 1/1 Running 0 18m
cert-manager cert-manager-6cf946f494-pwdd4 1/1 Running 0 18m
cert-manager cert-manager-cainjector-6b55986f78-qvbql 1/1 Running 0 18m
cert-manager cert-manager-webhook-6848686797-pr9sw 1/1 Running 0 18m
conventions-system conventions-controller-manager-64bcd6d549-mn2vk 1/1 Running 0 16m
developer-conventions webhook-578565957d-6ng8s 1/1 Running 0 14m
flux-system source-controller-7c7964748c-z2cqn 1/1 Running 0 18m
image-policy-system image-policy-controller-manager-7c69f4d84b-fv8qt 2/2 Running 0 16m
kapp-controller kapp-controller-d55c69486-lbp4s 1/1 Running 0 21m
knative-eventing eventing-controller-7c56d9ff4c-q7nqt 1/1 Running 0 13m
knative-eventing eventing-webhook-5d4cf89758-rbhk4 1/1 Running 0 13m
knative-eventing imc-controller-7486c9c7b4-g75zx 1/1 Running 0 13m
knative-eventing imc-dispatcher-58489fd5b6-q9cp5 1/1 Running 0 13m
knative-eventing mt-broker-controller-6d5564746d-s9xkp 1/1 Running 0 13m
knative-eventing mt-broker-filter-7c845f6dcc-csmdz 1/1 Running 0 13m
knative-eventing mt-broker-ingress-7f6c4d6fb9-vrhcz 1/1 Running 0 13m
knative-eventing rabbitmq-broker-controller-778bd5488-c4pqp 1/1 Running 0 13m
knative-eventing rabbitmq-broker-webhook-7d7656dc76-768rh 1/1 Running 0 13m
knative-eventing sugar-controller-86bc96cfc9-6z7p8 1/1 Running 0 13m
knative-serving activator-975658b6d-xk728 1/1 Running 0 13m
knative-serving autoscaler-8fc5d5868-npz29 1/1 Running 0 13m
knative-serving autoscaler-hpa-776fc7dcc9-6jx5z 1/1 Running 0 13m
knative-serving controller-6599bb9768-hr4x2 1/1 Running 0 13m
knative-serving domain-mapping-68f57f87c7-bjrfx 1/1 Running 0 13m
knative-serving domainmapping-webhook-76d5f4b47-tblck 1/1 Running 0 13m
knative-serving net-certmanager-controller-f97495cd-nvz7l 1/1 Running 0 13m
knative-serving net-certmanager-webhook-74c8d6797d-45bbf 1/1 Running 0 13m
knative-serving net-contour-controller-865cbddcb7-brkbx 1/1 Running 0 109s
knative-serving webhook-56f9fc8c48-l9ztp 1/1 Running 0 13m
knative-sources rabbitmq-controller-manager-7d667d74b5-6rg9r 1/1 Running 0 13m
knative-sources rabbitmq-webhook-5f5c4f96dc-k7lv6 1/1 Running 0 13m
kpack kpack-controller-779894ffb6-ckgnw 1/1 Running 0 18m
kpack kpack-webhook-cf9c8b545-lwjbc 1/1 Running 0 18m
kube-system coredns-558bd4d5db-kxshz 1/1 Running 0 22m
kube-system coredns-558bd4d5db-vrds6 1/1 Running 0 22m
kube-system etcd-kind-control-plane 1/1 Running 0 23m
kube-system kindnet-gwd8p 1/1 Running 0 22m
kube-system kindnet-wxd4r 1/1 Running 0 22m
kube-system kube-apiserver-kind-control-plane 1/1 Running 0 23m
kube-system kube-controller-manager-kind-control-plane 1/1 Running 0 23m
kube-system kube-proxy-5vrx7 1/1 Running 0 22m
kube-system kube-proxy-mp2kz 1/1 Running 0 22m
kube-system kube-scheduler-kind-control-plane 1/1 Running 0 23m
local-path-storage local-path-provisioner-547f784dff-vzj4s 1/1 Running 0 22m
secretgen-controller secretgen-controller-6fcbff9c4d-9ghjw 1/1 Running 0 20m
service-bindings manager-846bcf8cfd-w2lxv 1/1 Running 0 18m
services-toolkit services-toolkit-controller-manager-5b7cbd6f4f-mqzmk 1/1 Running 0 18m
source-system source-controller-manager-67b6f4cd64-2hxf9 1/1 Running 0 18m
spring-boot-convention spring-boot-webhook-6c5c7656fb-cf9f2 1/1 Running 0 14m
stacks-operator-system controller-manager-785c9bc4d6-557sh 1/1 Running 0 18m
tanzu-system-ingress contour-699dfb9f9b-fvdvq 1/1 Running 0 16m
tanzu-system-ingress contour-699dfb9f9b-hc6zp 1/1 Running 0 16m
tanzu-system-ingress envoy-llt8h 2/2 Running 0 16m
tap-telemetry tap-telemetry-controller-5fc8c68f8f-kwqpk 1/1 Running 0 18m
tekton-pipelines tekton-pipelines-controller-7c475994c7-nrb7g 1/1 Running 0 18m
tekton-pipelines tekton-pipelines-webhook-64ffbb66d7-7xjgl 1/1 Running 0 18m
triggermesh aws-event-sources-controller-649669c475-pshxx 1/1 Running 0 13m
vmware-sources webhook-7f6c979bd9-hvttk 1/1 Running 0 13m
Workloadのデプロイ
Workloadを作成するための事前準備
https://docs.vmware.com/en/Tanzu-Application-Platform/1.1/tap/GUID-install-components.html#setup (一部変更しています)
kubectl create ns demo
tanzu secret registry add registry-credentials --server ghcr.io --username ${GITHUB_USERNAME} --password ${GITHUB_API_TOKEN} --namespace demo
cat <<EOF | kubectl -n demo apply -f -
apiVersion: v1
kind: Secret
metadata:
name: tap-registry
annotations:
secretgen.carvel.dev/image-pull-secret: ""
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30K
---
apiVersion: v1
kind: Secret
metadata:
name: git-ssh
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
secrets:
- name: registry-credentials
- name: git-ssh
imagePullSecrets:
- name: registry-credentials
- name: tap-registry
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: default-permit-deliverable
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: deliverable
subjects:
- kind: ServiceAccount
name: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: default-permit-workload
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: workload
subjects:
- kind: ServiceAccount
name: default
EOF
Node.jsアプリのデプロイ
tanzu apps workload apply hello \
--app hello \
--git-repo https://github.com/making/hello-nodejs \
--git-branch master \
--type web \
-n demo \
-y
tanzu apps workload tail hello -n demo
作成されるリソースを確認したければ次のコマンドをwatchしてください。
watch kubectl get pod,gitrepo,imgs,build,podintent,taskrun,imagerepository,app,ksvc,certificate,httpproxy -n demo -owide
$ tanzu apps workload get -n demo hello
# hello: Ready
---
lastTransitionTime: "2022-04-15T17:56:39Z"
message: ""
reason: Ready
status: "True"
type: Ready
Pods
NAME STATUS RESTARTS AGE
hello-00001-deployment-64bf5746d4-4wtbk Running 0 40s
hello-build-1-build-pod Succeeded 0 6m1s
hello-config-writer-rph5d-pod Succeeded 0 4m54s
Knative Services
NAME READY URL
hello Ready https://hello-demo.vcap.me
$ curl -k https://hello-demo.vcap.me
Hello Tanzu!!
Javaアプリのデプロイ
tanzu apps workload apply spring-music \
--app spring-music \
--git-repo https://github.com/scottfrederick/spring-music \
--git-branch tanzu \
--type web \
--annotation autoscaling.knative.dev/minScale=1 \
-n demo \
-y
tanzu apps workload tail spring-music -n demo
$ tanzu apps workload get -n demo spring-music
# spring-music: Ready
---
lastTransitionTime: "2022-04-17T15:04:22Z"
message: ""
reason: Ready
status: "True"
type: Ready
Pods
NAME STATUS RESTARTS AGE
spring-music-00001-deployment-5948575858-fx58s Running 0 112s
spring-music-build-1-build-pod Succeeded 0 4m59s
spring-music-config-writer-x4b4q-pod Succeeded 0 2m23s
Knative Services
NAME READY URL
spring-music Ready https://spring-music-demo.vcap.me
"THIS IS UNSAFE"を入力
Spring Bootの場合は自動で
management.server.port=8081及びmanagement.endpoints.web.exposure.include=*が設定されます。
またSpring Boot 2.6以上の場合は、management.endpoint.health.probes.add-additional-paths=trueが設定され、readiness probeに/readyzがliveness probeに/livezのpathが設定されます。$ kubectl get ksvc -n demo spring-music -oyaml | kubectl neat apiVersion: serving.knative.dev/v1 kind: Service metadata: annotations: kapp.k14s.io/identity: v1;demo/serving.knative.dev/Service/spring-music;serving.knative.dev/v1 kapp.k14s.io/original: '{"apiVersion":"serving.knative.dev/v1","kind":"Service","metadata":{"annotations":{"kbld.k14s.io/images":"null\n"},"labels":{"app.kubernetes.io/component":"run","app.kubernetes.io/part-of":"spring-music","apps.tanzu.vmware.com/workload-type":"web","carto.run/workload-name":"spring-music","kapp.k14s.io/app":"1650207894961795500","kapp.k14s.io/association":"v1.d461947476e2f10f282a43f02102e099"},"name":"spring-music","namespace":"demo"},"spec":{"template":{"metadata":{"annotations":{"autoscaling.knative.dev/minScale":"1","boot.spring.io/actuator":"http://:8081/actuator","boot.spring.io/version":"2.6.6","conventions.apps.tanzu.vmware.com/applied-conventions":"spring-boot-convention/spring-boot\nspring-boot-convention/spring-boot-graceful-shutdown\nspring-boot-convention/spring-boot-web\nspring-boot-convention/spring-boot-actuator\nspring-boot-convention/spring-boot-actuator-probes\nspring-boot-convention/service-intent-mysql\nspring-boot-convention/service-intent-postgres\nspring-boot-convention/service-intent-mongodb\nappliveview-sample/app-live-view-connector\nappliveview-sample/app-live-view-appflavours\nappliveview-sample/app-live-view-systemproperties","developer.conventions/target-containers":"workload","services.conventions.apps.tanzu.vmware.com/mongodb":"mongodb-driver-core/4.4.2","services.conventions.apps.tanzu.vmware.com/mysql":"mysql-connector-java/8.0.28","services.conventions.apps.tanzu.vmware.com/postgres":"postgresql/42.3.3"},"labels":{"app.kubernetes.io/component":"run","app.kubernetes.io/part-of":"spring-music","apps.tanzu.vmware.com/workload-type":"web","carto.run/workload-name":"spring-music","conventions.apps.tanzu.vmware.com/framework":"spring-boot","services.conventions.apps.tanzu.vmware.com/mongodb":"workload","services.conventions.apps.tanzu.vmware.com/mysql":"workload","services.conventions.apps.tanzu.vmware.com/postgres":"workload","tanzu.app.live.view":"true","tanzu.app.live.view.application.actuator.port":"8081","tanzu.app.live.view.application.flavours":"spring-boot","tanzu.app.live.view.application.name":"spring-boot-app"}},"spec":{"containers":[{"env":[{"name":"JAVA_TOOL_OPTIONS","value":"-Dmanagement.endpoint.health.probes.add-additional-paths=\"true\" -Dmanagement.endpoint.health.show-details=always -Dmanagement.endpoints.web.base-path=\"/actuator\" -Dmanagement.endpoints.web.exposure.include=* -Dmanagement.health.probes.enabled=\"true\" -Dmanagement.server.port=\"8081\" -Dserver.port=\"8080\" -Dserver.shutdown.grace-period=\"24s\""}],"image":"ghcr.io/making/spring-music-demo@sha256:93d230e9d0511884f367824055d8996f70b2301a2a0329305ec2c85c5df5914c","livenessProbe":{"httpGet":{"path":"/livez","port":8080,"scheme":"HTTP"}},"name":"workload","ports":[{"containerPort":8080,"protocol":"TCP"}],"readinessProbe":{"httpGet":{"path":"/readyz","port":8080,"scheme":"HTTP"}},"resources":{},"securityContext":{"runAsUser":1000}}],"serviceAccountName":"default"}}}}' kapp.k14s.io/original-diff-md5: 41e2400841d3c59663d988148eb12b73 kbld.k14s.io/images: | null serving.knative.dev/creator: system:serviceaccount:demo:default serving.knative.dev/lastModifier: system:serviceaccount:demo:default labels: app.kubernetes.io/component: run app.kubernetes.io/part-of: spring-music apps.tanzu.vmware.com/workload-type: web carto.run/workload-name: spring-music kapp.k14s.io/app: "1650207894961795500" kapp.k14s.io/association: v1.d461947476e2f10f282a43f02102e099 name: spring-music namespace: demo spec: template: metadata: annotations: autoscaling.knative.dev/minScale: "1" boot.spring.io/actuator: http://:8081/actuator boot.spring.io/version: 2.6.6 conventions.apps.tanzu.vmware.com/applied-conventions: |- spring-boot-convention/spring-boot spring-boot-convention/spring-boot-graceful-shutdown spring-boot-convention/spring-boot-web spring-boot-convention/spring-boot-actuator spring-boot-convention/spring-boot-actuator-probes spring-boot-convention/service-intent-mysql spring-boot-convention/service-intent-postgres spring-boot-convention/service-intent-mongodb appliveview-sample/app-live-view-connector appliveview-sample/app-live-view-appflavours appliveview-sample/app-live-view-systemproperties developer.conventions/target-containers: workload services.conventions.apps.tanzu.vmware.com/mongodb: mongodb-driver-core/4.4.2 services.conventions.apps.tanzu.vmware.com/mysql: mysql-connector-java/8.0.28 services.conventions.apps.tanzu.vmware.com/postgres: postgresql/42.3.3 creationTimestamp: null labels: app.kubernetes.io/component: run app.kubernetes.io/part-of: spring-music apps.tanzu.vmware.com/workload-type: web carto.run/workload-name: spring-music conventions.apps.tanzu.vmware.com/framework: spring-boot services.conventions.apps.tanzu.vmware.com/mongodb: workload services.conventions.apps.tanzu.vmware.com/mysql: workload services.conventions.apps.tanzu.vmware.com/postgres: workload tanzu.app.live.view: "true" tanzu.app.live.view.application.actuator.port: "8081" tanzu.app.live.view.application.flavours: spring-boot tanzu.app.live.view.application.name: spring-boot-app spec: containerConcurrency: 0 containers: - env: - name: JAVA_TOOL_OPTIONS value: -Dmanagement.endpoint.health.probes.add-additional-paths="true" -Dmanagement.endpoint.health.show-details=always -Dmanagement.endpoints.web.base-path="/actuator" -Dmanagement.endpoints.web.exposure.include=* -Dmanagement.health.probes.enabled="true" -Dmanagement.server.port="8081" -Dserver.port="8080" -Dserver.shutdown.grace-period="24s" image: ghcr.io/making/spring-music-demo@sha256:93d230e9d0511884f367824055d8996f70b2301a2a0329305ec2c85c5df5914c livenessProbe: httpGet: path: /livez port: 8080 scheme: HTTP name: workload ports: - containerPort: 8080 protocol: TCP readinessProbe: httpGet: path: /readyz port: 8080 scheme: HTTP successThreshold: 1 securityContext: runAsUser: 1000 enableServiceLinks: false serviceAccountName: default timeoutSeconds: 300 traffic: - latestRevision: true percent: 100
GitOpsでデプロイする
TBD