--- title: Tanzu Application Platform 1.1 (Iterate Profile) をKindにインストールしHTTPSを有効にするメモ tags: ["Kubernetes", "Cartographer", "kind", "Tanzu", "TAP", "Knative"] categories: ["Dev", "CaaS", "Kubernetes", "TAP"] date: 2022-04-17T17:20:24Z updated: 2022-04-18T07:59:17Z --- [Tanzu Application Platform 1.1](https://docs.vmware.com/en/Tanzu-Application-Platform/1.1/tap//GUID-overview.html) をKindにインストールします。 本記事ではTAPをInstallし、"Hello World"なアプリケーションをソースコードからデプロイする機能("Source to URL")を試します。 また、HTTPSを有効にします。 **目次** ### Kindクラスタの作成 ``` cat < kind-expose-port.yaml kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane extraPortMappings: - containerPort: 31443 # expose port 31443 of the node to port 80 on the host for use later by Contour ingress (envoy) hostPort: 443 - containerPort: 31080 # expose port 31080 of the node to port 80 on the host for use later by Contour ingress (envoy) hostPort: 80 EOF kind create cluster --config kind-expose-port.yaml ``` ### Pivnet CLIのインストール ここでは [`pivnet`](https://github.com/pivotal-cf/pivnet-cli) CLIを使用して必要なソフトウェアをダウンロードします。 `pivnet` CLIはbrewでインストールできます。 ``` brew install pivotal/tap/pivnet-cli ``` [VMware Tanzu Network](https://network.tanzu.vmware.com/) のAPI Tokenを取得して、`pivnet` CLIでログインします。 ``` pivnet login --api-token= ``` ### EULAの承諾 初回はTAPで使用するコンポーネントの [EULA (End User License Agreement)を承諾する](https://docs.vmware.com/en/Tanzu-Application-Platform/1.1/tap/GUID-install-tanzu-cli.html#accept-the-end-user-license-agreements-0) 必要があります。 Webブラウザから承諾しても良いですが、楽をしたい場合は次のコマンドでもまとめて承諾できます。 必要十分な量かわかりません。多分余分なので少し時間がかかります。 > ⚠️ EULAで定められている使用期間は30日間です。とは言え、特にソフトウェア的に制限がかけられているわけではありません。 ``` for p in $(pivnet products | grep 'tanzu-.*-buildpack' | awk '{print $4}');do echo $p pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href') echo done for p in $(pivnet products | grep 'tanzu-.*-stack' | awk '{print $4}');do echo $p pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href') echo done for p in tanzu-cluster-essentials tanzu-application-platform tbs-dependencies;do echo $p pivnet curl -X POST $(pivnet releases -p ${p} --format=json | jq -r '.[0]._links.eula_acceptance.href') echo done ``` ### Tanzu CLIのインストール ``` # For Mac pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190780 # For Linux pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190781 # For Windows pivnet download-product-files --product-slug='tanzu-application-platform' --release-version='1.1.0' --product-file-id=1190784 ``` ``` tar xvf tanzu-framework-*-amd64.tar install cli/core/v0.11.2/tanzu-core-*_amd64 /usr/local/bin/tanzu export TANZU_CLI_NO_INIT=true ``` ``` $ tanzu version version: v0.11.2 buildDate: 2022-03-17 sha: 9f16f375 ``` プラグインのインストール ``` export TANZU_CLI_NO_INIT=true tanzu plugin install --local cli all ``` ### Cluster Essentials for VMware Tanzuのインストール TAPのインストールに必要なKapp ControllerとSecretgen Controllerをデプロイするために [Cluster Essentials for VMware Tanzu](https://network.tanzu.vmware.com/products/tanzu-cluster-essentials/#/releases/1077299) をインストールします。 ``` # Mac pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191985 # Linux pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191987 # Windows pivnet download-product-files --product-slug='tanzu-cluster-essentials' --release-version='1.1.0' --product-file-id=1191983 ``` ```yaml TANZUNET_USERNAME=... TANZUNET_PASSWORD=... mkdir tanzu-cluster-essentials tar xzvf tanzu-cluster-essentials-*-amd64-1.1.0.tgz -C tanzu-cluster-essentials export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle:1.1.0 export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com export INSTALL_REGISTRY_USERNAME=${TANZUNET_USERNAME} export INSTALL_REGISTRY_PASSWORD=${TANZUNET_PASSWORD} cd tanzu-cluster-essentials ./install.sh --yes cd .. ``` ``` $ kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kapp-controller kapp-controller-579c8f7b69-txdgd 1/1 Running 0 2m30s kube-system coredns-558bd4d5db-n228q 1/1 Running 0 52m kube-system coredns-558bd4d5db-q4cbd 1/1 Running 0 52m kube-system etcd-kind-control-plane 1/1 Running 0 52m kube-system kindnet-585r9 1/1 Running 0 52m kube-system kindnet-mfqmx 1/1 Running 0 51m kube-system kube-apiserver-kind-control-plane 1/1 Running 0 52m kube-system kube-controller-manager-kind-control-plane 1/1 Running 0 52m kube-system kube-proxy-bjbsq 1/1 Running 0 52m kube-system kube-proxy-nt8wx 1/1 Running 0 51m kube-system kube-scheduler-kind-control-plane 1/1 Running 0 52m local-path-storage local-path-provisioner-547f784dff-hhlhd 1/1 Running 0 52m secretgen-controller secretgen-controller-667cf6cbdb-84zxf 1/1 Running 0 28s ``` ### Tanzu Application Platformのインストール #### TAP用Package Repositoryの登録 ``` TANZUNET_USERNAME=... TANZUNET_PASSWORD=... kubectl create ns tap-install tanzu secret registry add tap-registry \ --username "${TANZUNET_USERNAME}" \ --password "${TANZUNET_PASSWORD}" \ --server registry.tanzu.vmware.com \ --export-to-all-namespaces \ --yes \ --namespace tap-install tanzu package repository add tanzu-tap-repository \ --url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.1.0 \ --namespace tap-install ``` ``` $ tanzu package available list --namespace tap-install - Retrieving available packages... NAME DISPLAY-NAME SHORT-DESCRIPTION LATEST-VERSION accelerator.apps.tanzu.vmware.com Application Accelerator for VMware Tanzu Used to create new projects and configurations. 1.1.2 api-portal.tanzu.vmware.com API portal A unified user interface to enable search, discovery and try-out of API endpoints at ease. 1.0.15 backend.appliveview.tanzu.vmware.com Application Live View for VMware Tanzu App for monitoring and troubleshooting running apps 1.1.0 build.appliveview.tanzu.vmware.com Application Live View Conventions for VMware Tanzu Application Live View convention server 1.0.2 buildservice.tanzu.vmware.com Tanzu Build Service Tanzu Build Service enables the building and automation of containerized software workflows securely and at scale. 1.5.0 cartographer.tanzu.vmware.com Cartographer Kubernetes native Supply Chain Choreographer. 0.3.0 cnrs.tanzu.vmware.com Cloud Native Runtimes Cloud Native Runtimes is a serverless runtime based on Knative 1.2.0 connector.appliveview.tanzu.vmware.com Application Live View Connector for VMware Tanzu App for discovering and registering running apps 1.1.0 controller.conventions.apps.tanzu.vmware.com Convention Service for VMware Tanzu Convention Service enables app operators to consistently apply desired runtime configurations to fleets of workloads. 0.6.3 controller.source.apps.tanzu.vmware.com Tanzu Source Controller Tanzu Source Controller enables workload create/update from source code. 0.3.3 conventions.appliveview.tanzu.vmware.com Application Live View Conventions for VMware Tanzu Application Live View convention server 1.1.0 developer-conventions.tanzu.vmware.com Tanzu App Platform Developer Conventions Developer Conventions 0.6.0 fluxcd.source.controller.tanzu.vmware.com Flux Source Controller The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, Helm repositories and S3 buckets. 0.16.4 grype.scanning.apps.tanzu.vmware.com Grype for Supply Chain Security Tools - Scan Default scan templates using Anchore Grype 1.1.0 image-policy-webhook.signing.apps.tanzu.vmware.com Image Policy Webhook Image Policy Webhook enables defining of a policy to restrict unsigned container images. 1.1.1 learningcenter.tanzu.vmware.com Learning Center for Tanzu Application Platform Guided technical workshops 0.2.0 metadata-store.apps.tanzu.vmware.com Supply Chain Security Tools - Store Post SBoMs and query for image, package, and vulnerability metadata. 1.1.2 ootb-delivery-basic.tanzu.vmware.com Tanzu App Platform Out of The Box Delivery Basic Out of The Box Delivery Basic. 0.7.0 ootb-supply-chain-basic.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain Basic Out of The Box Supply Chain Basic. 0.7.0 ootb-supply-chain-testing-scanning.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain with Testing and Scanning Out of The Box Supply Chain with Testing and Scanning. 0.7.0 ootb-supply-chain-testing.tanzu.vmware.com Tanzu App Platform Out of The Box Supply Chain with Testing Out of The Box Supply Chain with Testing. 0.7.0 ootb-templates.tanzu.vmware.com Tanzu App Platform Out of The Box Templates Out of The Box Templates. 0.7.0 run.appliveview.tanzu.vmware.com Application Live View for VMware Tanzu App for monitoring and troubleshooting running apps 1.0.3 scanning.apps.tanzu.vmware.com Supply Chain Security Tools - Scan Scan for vulnerabilities and enforce policies directly within Kubernetes native Supply Chains. 1.1.0 service-bindings.labs.vmware.com Service Bindings for Kubernetes Service Bindings for Kubernetes implements the Service Binding Specification. 0.7.1 services-toolkit.tanzu.vmware.com Services Toolkit The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.). 0.6.0 spring-boot-conventions.tanzu.vmware.com Tanzu Spring Boot Conventions Server Default Spring Boot convention server. 0.4.0 tap-auth.tanzu.vmware.com Default roles for Tanzu Application Platform Default roles for Tanzu Application Platform 1.0.1 tap-gui.tanzu.vmware.com Tanzu Application Platform GUI web app graphical user interface for Tanzu Application Platform 1.1.0 tap-telemetry.tanzu.vmware.com Telemetry Collector for Tanzu Application Platform Tanzu Application Plaform Telemetry 0.1.4 tap.tanzu.vmware.com Tanzu Application Platform Package to install a set of TAP components to get you started based on your use case. 1.1.0 tekton.tanzu.vmware.com Tekton Pipelines Tekton Pipelines is a framework for creating CI/CD systems. 0.33.2 workshops.learningcenter.tanzu.vmware.com Workshop Building Tutorial Workshop Building Tutorial 0.2.0 ``` #### Iterate Profileのインストール ```yaml GITHUB_USERNAME=... GITHUB_API_TOKEN=... cat < tap-values.yml profile: iterate ceip_policy_disclosed: true cnrs: domain_name: vcap.me domain_template: "{{.Name}}-{{.Namespace}}.{{.Domain}}" default_tls_secret: tanzu-system-ingress/cnrs-default-tls provider: local buildservice: kp_default_repository: ghcr.io/${GITHUB_USERNAME}/build-service kp_default_repository_username: ${GITHUB_USERNAME} kp_default_repository_password: ${GITHUB_API_TOKEN} tanzunet_username: ${TANZUNET_USERNAME} tanzunet_password: ${TANZUNET_PASSWORD} enable_automatic_dependency_updates: true supply_chain: basic ootb_supply_chain_basic: registry: server: ghcr.io repository: ${GITHUB_USERNAME} contour: envoy: service: nodePorts: http: 31080 https: 31443 package_overlays: - name: cnrs secrets: - name: cnrs-default-tls EOF ``` > `*.vcap.me`は`127.0.0.1`に解決されます。 Cloud Native Runtimes (Knative) で使用するデフォルトのTLS証明書を用意するための次の定義をoverlayで作成します。以下のドキュメントを参考にしました。 * https://docs.vmware.com/en/Cloud-Native-Runtimes-for-VMware-Tanzu/1.1/tanzu-cloud-native-runtimes-1-1/GUID-external_dns.html * https://knative.dev/docs/serving/using-a-tls-cert/#manually-adding-a-tls-certificate ```yaml cat < cnrs-default-tls.yml #@ load("@ytt:data", "data") #@ load("@ytt:overlay", "overlay") #@ namespace = data.values.ingress.external.namespace --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: cnrs-selfsigned-issuer namespace: #@ namespace spec: selfSigned: { } --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: cnrs-ca namespace: #@ namespace spec: commonName: cnrs-ca isCA: true issuerRef: kind: Issuer name: cnrs-selfsigned-issuer secretName: cnrs-ca --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: cnrs-ca-issuer namespace: #@ namespace spec: ca: secretName: cnrs-ca --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: cnrs-default-tls namespace: #@ namespace spec: dnsNames: - #@ "*.{}".format(data.values.domain_name) issuerRef: kind: Issuer name: cnrs-ca-issuer secretName: cnrs-default-tls --- apiVersion: projectcontour.io/v1 kind: TLSCertificateDelegation metadata: name: contour-delegation namespace: #@ namespace spec: delegations: - secretName: cnrs-default-tls targetNamespaces: - "*" #@overlay/match by=overlay.subset({"metadata":{"name":"config-network"}, "kind": "ConfigMap"}) --- data: #@overlay/match missing_ok=True default-external-scheme: https EOF ``` overlayファイルをSecretとして作成します。 ``` kubectl -n tap-install create secret generic cnrs-default-tls \ -o yaml \ --dry-run=client \ --from-file=cnrs-default-tls.yml \ | kubectl apply -f- ``` TAPをインストールします。 ``` tanzu package install tap -p tap.tanzu.vmware.com -v 1.1.0 --values-file tap-values.yml -n tap-install ``` インストールの進捗は次のコマンドで確認します。 ``` watch kubectl get app -n tap-install ``` 全てのappが `Reconcile succeeded` になるまで待ちます。 ``` $ kubectl get app -n tap-install NAME DESCRIPTION SINCE-DEPLOY AGE appliveview Reconcile succeeded 119s 13m appliveview-connector Reconcile succeeded 7m24s 17m appliveview-conventions Reconcile succeeded 3m7s 13m buildservice Reconcile succeeded 17m 17m cartographer Reconcile succeeded 4m14s 15m cert-manager Reconcile succeeded 17m 17m cnrs Reconcile succeeded 49s 13m contour Reconcile succeeded 3m18s 15m conventions-controller Reconcile succeeded 3m45s 15m developer-conventions Reconcile succeeded 3m3s 13m fluxcd-source-controller Reconcile succeeded 6m58s 17m image-policy-webhook Reconcile succeeded 4m53s 15m ootb-delivery-basic Reconcile succeeded 3m57s 14m ootb-supply-chain-basic Reconcile succeeded 3m59s 14m ootb-templates Reconcile succeeded 4m7s 14m service-bindings Reconcile succeeded 7m12s 17m services-toolkit Reconcile succeeded 6m14s 17m source-controller Reconcile succeeded 6m16s 17m spring-boot-conventions Reconcile succeeded 2m47s 13m tap Reconcile succeeded 7s 18m tap-auth Reconcile succeeded 7m34s 17m tap-telemetry Reconcile succeeded 6m32s 17m tekton-pipelines Reconcile succeeded 6m33s 17m ``` インストールされたパッケージは次の通りです。 ```` $ kubectl get packageinstall -n tap-install NAME PACKAGE NAME PACKAGE VERSION DESCRIPTION AGE appliveview backend.appliveview.tanzu.vmware.com 1.1.0 Reconcile succeeded 13m appliveview-connector connector.appliveview.tanzu.vmware.com 1.1.0 Reconcile succeeded 18m appliveview-conventions conventions.appliveview.tanzu.vmware.com 1.1.0 Reconcile succeeded 14m buildservice buildservice.tanzu.vmware.com 1.5.0 Reconcile succeeded 18m cartographer cartographer.tanzu.vmware.com 0.3.0 Reconcile succeeded 16m cert-manager cert-manager.tanzu.vmware.com 1.5.3+tap.2 Reconcile succeeded 18m cnrs cnrs.tanzu.vmware.com 1.2.0 Reconcile succeeded 13m contour contour.tanzu.vmware.com 1.18.2+tap.2 Reconcile succeeded 16m conventions-controller controller.conventions.apps.tanzu.vmware.com 0.6.3 Reconcile succeeded 16m developer-conventions developer-conventions.tanzu.vmware.com 0.6.0 Reconcile succeeded 14m fluxcd-source-controller fluxcd.source.controller.tanzu.vmware.com 0.16.4 Reconcile succeeded 18m image-policy-webhook image-policy-webhook.signing.apps.tanzu.vmware.com 1.1.1 Reconcile succeeded 16m ootb-delivery-basic ootb-delivery-basic.tanzu.vmware.com 0.7.0 Reconcile succeeded 14m ootb-supply-chain-basic ootb-supply-chain-basic.tanzu.vmware.com 0.7.0 Reconcile succeeded 14m ootb-templates ootb-templates.tanzu.vmware.com 0.7.0 Reconcile succeeded 14m service-bindings service-bindings.labs.vmware.com 0.7.1 Reconcile succeeded 18m services-toolkit services-toolkit.tanzu.vmware.com 0.6.0 Reconcile succeeded 18m source-controller controller.source.apps.tanzu.vmware.com 0.3.3 Reconcile succeeded 18m spring-boot-conventions spring-boot-conventions.tanzu.vmware.com 0.4.0 Reconcile succeeded 14m tap tap.tanzu.vmware.com 1.1.0 Reconcile succeeded 18m tap-auth tap-auth.tanzu.vmware.com 1.0.1 Reconcile succeeded 18m tap-telemetry tap-telemetry.tanzu.vmware.com 0.1.4 Reconcile succeeded 18m tekton-pipelines tekton.tanzu.vmware.com 0.33.2 Reconcile succeeded 18m ```` デプロイされたPodは次の通りです。 ``` $ kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE app-live-view-connector application-live-view-connector-69z7k 1/1 Running 0 18m app-live-view-conventions appliveview-webhook-694d78484d-b45jk 1/1 Running 0 14m app-live-view application-live-view-server-ddbd9888f-q2pjm 1/1 Running 0 13m build-service build-pod-image-fetcher-n6679 5/5 Running 0 18m build-service dependency-updater-controller-794cb544c5-hrzmg 1/1 Running 0 18m build-service secret-syncer-controller-5c5cfcd99f-9zltc 1/1 Running 0 18m build-service smart-warmer-image-fetcher-xst9c 2/2 Running 0 14m build-service warmer-controller-5874f5498-4s9jj 1/1 Running 0 18m cartographer-system cartographer-controller-9fbfd9fd4-gdf97 1/1 Running 0 16m cert-injection-webhook cert-injection-webhook-85dc49bf56-f942j 1/1 Running 0 18m cert-manager cert-manager-6cf946f494-pwdd4 1/1 Running 0 18m cert-manager cert-manager-cainjector-6b55986f78-qvbql 1/1 Running 0 18m cert-manager cert-manager-webhook-6848686797-pr9sw 1/1 Running 0 18m conventions-system conventions-controller-manager-64bcd6d549-mn2vk 1/1 Running 0 16m developer-conventions webhook-578565957d-6ng8s 1/1 Running 0 14m flux-system source-controller-7c7964748c-z2cqn 1/1 Running 0 18m image-policy-system image-policy-controller-manager-7c69f4d84b-fv8qt 2/2 Running 0 16m kapp-controller kapp-controller-d55c69486-lbp4s 1/1 Running 0 21m knative-eventing eventing-controller-7c56d9ff4c-q7nqt 1/1 Running 0 13m knative-eventing eventing-webhook-5d4cf89758-rbhk4 1/1 Running 0 13m knative-eventing imc-controller-7486c9c7b4-g75zx 1/1 Running 0 13m knative-eventing imc-dispatcher-58489fd5b6-q9cp5 1/1 Running 0 13m knative-eventing mt-broker-controller-6d5564746d-s9xkp 1/1 Running 0 13m knative-eventing mt-broker-filter-7c845f6dcc-csmdz 1/1 Running 0 13m knative-eventing mt-broker-ingress-7f6c4d6fb9-vrhcz 1/1 Running 0 13m knative-eventing rabbitmq-broker-controller-778bd5488-c4pqp 1/1 Running 0 13m knative-eventing rabbitmq-broker-webhook-7d7656dc76-768rh 1/1 Running 0 13m knative-eventing sugar-controller-86bc96cfc9-6z7p8 1/1 Running 0 13m knative-serving activator-975658b6d-xk728 1/1 Running 0 13m knative-serving autoscaler-8fc5d5868-npz29 1/1 Running 0 13m knative-serving autoscaler-hpa-776fc7dcc9-6jx5z 1/1 Running 0 13m knative-serving controller-6599bb9768-hr4x2 1/1 Running 0 13m knative-serving domain-mapping-68f57f87c7-bjrfx 1/1 Running 0 13m knative-serving domainmapping-webhook-76d5f4b47-tblck 1/1 Running 0 13m knative-serving net-certmanager-controller-f97495cd-nvz7l 1/1 Running 0 13m knative-serving net-certmanager-webhook-74c8d6797d-45bbf 1/1 Running 0 13m knative-serving net-contour-controller-865cbddcb7-brkbx 1/1 Running 0 109s knative-serving webhook-56f9fc8c48-l9ztp 1/1 Running 0 13m knative-sources rabbitmq-controller-manager-7d667d74b5-6rg9r 1/1 Running 0 13m knative-sources rabbitmq-webhook-5f5c4f96dc-k7lv6 1/1 Running 0 13m kpack kpack-controller-779894ffb6-ckgnw 1/1 Running 0 18m kpack kpack-webhook-cf9c8b545-lwjbc 1/1 Running 0 18m kube-system coredns-558bd4d5db-kxshz 1/1 Running 0 22m kube-system coredns-558bd4d5db-vrds6 1/1 Running 0 22m kube-system etcd-kind-control-plane 1/1 Running 0 23m kube-system kindnet-gwd8p 1/1 Running 0 22m kube-system kindnet-wxd4r 1/1 Running 0 22m kube-system kube-apiserver-kind-control-plane 1/1 Running 0 23m kube-system kube-controller-manager-kind-control-plane 1/1 Running 0 23m kube-system kube-proxy-5vrx7 1/1 Running 0 22m kube-system kube-proxy-mp2kz 1/1 Running 0 22m kube-system kube-scheduler-kind-control-plane 1/1 Running 0 23m local-path-storage local-path-provisioner-547f784dff-vzj4s 1/1 Running 0 22m secretgen-controller secretgen-controller-6fcbff9c4d-9ghjw 1/1 Running 0 20m service-bindings manager-846bcf8cfd-w2lxv 1/1 Running 0 18m services-toolkit services-toolkit-controller-manager-5b7cbd6f4f-mqzmk 1/1 Running 0 18m source-system source-controller-manager-67b6f4cd64-2hxf9 1/1 Running 0 18m spring-boot-convention spring-boot-webhook-6c5c7656fb-cf9f2 1/1 Running 0 14m stacks-operator-system controller-manager-785c9bc4d6-557sh 1/1 Running 0 18m tanzu-system-ingress contour-699dfb9f9b-fvdvq 1/1 Running 0 16m tanzu-system-ingress contour-699dfb9f9b-hc6zp 1/1 Running 0 16m tanzu-system-ingress envoy-llt8h 2/2 Running 0 16m tap-telemetry tap-telemetry-controller-5fc8c68f8f-kwqpk 1/1 Running 0 18m tekton-pipelines tekton-pipelines-controller-7c475994c7-nrb7g 1/1 Running 0 18m tekton-pipelines tekton-pipelines-webhook-64ffbb66d7-7xjgl 1/1 Running 0 18m triggermesh aws-event-sources-controller-649669c475-pshxx 1/1 Running 0 13m vmware-sources webhook-7f6c979bd9-hvttk 1/1 Running 0 13m ``` ### Workloadのデプロイ #### Workloadを作成するための事前準備 https://docs.vmware.com/en/Tanzu-Application-Platform/1.1/tap/GUID-install-components.html#setup (一部変更しています) ``` kubectl create ns demo tanzu secret registry add registry-credentials --server ghcr.io --username ${GITHUB_USERNAME} --password ${GITHUB_API_TOKEN} --namespace demo ``` ```yaml cat < "THIS IS UNSAFE"を入力 image > Spring Bootの場合は自動で`management.server.port=8081`及び`management.endpoints.web.exposure.include=*`が設定されます。
> またSpring Boot 2.6以上の場合は、`management.endpoint.health.probes.add-additional-paths=true`が設定され、readiness probeに `/readyz` がliveness probeに `/livez` のpathが設定されます。 > > ```yaml > $ kubectl get ksvc -n demo spring-music -oyaml | kubectl neat > apiVersion: serving.knative.dev/v1 > kind: Service > metadata: > annotations: > kapp.k14s.io/identity: v1;demo/serving.knative.dev/Service/spring-music;serving.knative.dev/v1 > kapp.k14s.io/original: '{"apiVersion":"serving.knative.dev/v1","kind":"Service","metadata":{"annotations":{"kbld.k14s.io/images":"null\n"},"labels":{"app.kubernetes.io/component":"run","app.kubernetes.io/part-of":"spring-music","apps.tanzu.vmware.com/workload-type":"web","carto.run/workload-name":"spring-music","kapp.k14s.io/app":"1650207894961795500","kapp.k14s.io/association":"v1.d461947476e2f10f282a43f02102e099"},"name":"spring-music","namespace":"demo"},"spec":{"template":{"metadata":{"annotations":{"autoscaling.knative.dev/minScale":"1","boot.spring.io/actuator":"http://:8081/actuator","boot.spring.io/version":"2.6.6","conventions.apps.tanzu.vmware.com/applied-conventions":"spring-boot-convention/spring-boot\nspring-boot-convention/spring-boot-graceful-shutdown\nspring-boot-convention/spring-boot-web\nspring-boot-convention/spring-boot-actuator\nspring-boot-convention/spring-boot-actuator-probes\nspring-boot-convention/service-intent-mysql\nspring-boot-convention/service-intent-postgres\nspring-boot-convention/service-intent-mongodb\nappliveview-sample/app-live-view-connector\nappliveview-sample/app-live-view-appflavours\nappliveview-sample/app-live-view-systemproperties","developer.conventions/target-containers":"workload","services.conventions.apps.tanzu.vmware.com/mongodb":"mongodb-driver-core/4.4.2","services.conventions.apps.tanzu.vmware.com/mysql":"mysql-connector-java/8.0.28","services.conventions.apps.tanzu.vmware.com/postgres":"postgresql/42.3.3"},"labels":{"app.kubernetes.io/component":"run","app.kubernetes.io/part-of":"spring-music","apps.tanzu.vmware.com/workload-type":"web","carto.run/workload-name":"spring-music","conventions.apps.tanzu.vmware.com/framework":"spring-boot","services.conventions.apps.tanzu.vmware.com/mongodb":"workload","services.conventions.apps.tanzu.vmware.com/mysql":"workload","services.conventions.apps.tanzu.vmware.com/postgres":"workload","tanzu.app.live.view":"true","tanzu.app.live.view.application.actuator.port":"8081","tanzu.app.live.view.application.flavours":"spring-boot","tanzu.app.live.view.application.name":"spring-boot-app"}},"spec":{"containers":[{"env":[{"name":"JAVA_TOOL_OPTIONS","value":"-Dmanagement.endpoint.health.probes.add-additional-paths=\"true\" > -Dmanagement.endpoint.health.show-details=always -Dmanagement.endpoints.web.base-path=\"/actuator\" > -Dmanagement.endpoints.web.exposure.include=* -Dmanagement.health.probes.enabled=\"true\" > -Dmanagement.server.port=\"8081\" -Dserver.port=\"8080\" -Dserver.shutdown.grace-period=\"24s\""}],"image":"ghcr.io/making/spring-music-demo@sha256:93d230e9d0511884f367824055d8996f70b2301a2a0329305ec2c85c5df5914c","livenessProbe":{"httpGet":{"path":"/livez","port":8080,"scheme":"HTTP"}},"name":"workload","ports":[{"containerPort":8080,"protocol":"TCP"}],"readinessProbe":{"httpGet":{"path":"/readyz","port":8080,"scheme":"HTTP"}},"resources":{},"securityContext":{"runAsUser":1000}}],"serviceAccountName":"default"}}}}' > kapp.k14s.io/original-diff-md5: 41e2400841d3c59663d988148eb12b73 > kbld.k14s.io/images: | > null > serving.knative.dev/creator: system:serviceaccount:demo:default > serving.knative.dev/lastModifier: system:serviceaccount:demo:default > labels: > app.kubernetes.io/component: run > app.kubernetes.io/part-of: spring-music > apps.tanzu.vmware.com/workload-type: web > carto.run/workload-name: spring-music > kapp.k14s.io/app: "1650207894961795500" > kapp.k14s.io/association: v1.d461947476e2f10f282a43f02102e099 > name: spring-music > namespace: demo > spec: > template: > metadata: > annotations: > autoscaling.knative.dev/minScale: "1" > boot.spring.io/actuator: http://:8081/actuator > boot.spring.io/version: 2.6.6 > conventions.apps.tanzu.vmware.com/applied-conventions: |- > spring-boot-convention/spring-boot > spring-boot-convention/spring-boot-graceful-shutdown > spring-boot-convention/spring-boot-web > spring-boot-convention/spring-boot-actuator > spring-boot-convention/spring-boot-actuator-probes > spring-boot-convention/service-intent-mysql > spring-boot-convention/service-intent-postgres > spring-boot-convention/service-intent-mongodb > appliveview-sample/app-live-view-connector > appliveview-sample/app-live-view-appflavours > appliveview-sample/app-live-view-systemproperties > developer.conventions/target-containers: workload > services.conventions.apps.tanzu.vmware.com/mongodb: mongodb-driver-core/4.4.2 > services.conventions.apps.tanzu.vmware.com/mysql: mysql-connector-java/8.0.28 > services.conventions.apps.tanzu.vmware.com/postgres: postgresql/42.3.3 > creationTimestamp: null > labels: > app.kubernetes.io/component: run > app.kubernetes.io/part-of: spring-music > apps.tanzu.vmware.com/workload-type: web > carto.run/workload-name: spring-music > conventions.apps.tanzu.vmware.com/framework: spring-boot > services.conventions.apps.tanzu.vmware.com/mongodb: workload > services.conventions.apps.tanzu.vmware.com/mysql: workload > services.conventions.apps.tanzu.vmware.com/postgres: workload > tanzu.app.live.view: "true" > tanzu.app.live.view.application.actuator.port: "8081" > tanzu.app.live.view.application.flavours: spring-boot > tanzu.app.live.view.application.name: spring-boot-app > spec: > containerConcurrency: 0 > containers: > - env: > - name: JAVA_TOOL_OPTIONS > value: -Dmanagement.endpoint.health.probes.add-additional-paths="true" -Dmanagement.endpoint.health.show-details=always > -Dmanagement.endpoints.web.base-path="/actuator" -Dmanagement.endpoints.web.exposure.include=* > -Dmanagement.health.probes.enabled="true" -Dmanagement.server.port="8081" > -Dserver.port="8080" -Dserver.shutdown.grace-period="24s" > image: ghcr.io/making/spring-music-demo@sha256:93d230e9d0511884f367824055d8996f70b2301a2a0329305ec2c85c5df5914c > livenessProbe: > httpGet: > path: /livez > port: 8080 > scheme: HTTP > name: workload > ports: > - containerPort: 8080 > protocol: TCP > readinessProbe: > httpGet: > path: /readyz > port: 8080 > scheme: HTTP > successThreshold: 1 > securityContext: > runAsUser: 1000 > enableServiceLinks: false > serviceAccountName: default > timeoutSeconds: 300 > traffic: > - latestRevision: true > percent: 100 > ``` > > ### GitOpsでデプロイする TBD