Install VMware TAP on Mac with Kind K8s on Docker Desktop

munishpalmakhija

Purpose

Install VMware TAP on Mac with Kind K8s on Docker Desktop. 

Pre-requisites 

Following are the pre-requisites that will be required to install VMware TAP (1.6)

  Requirement Reference My Lab
1 Access to VMware Tanzu Network https://network.tanzu.vmware.com/  
2 API Token for VMware Tanzu Network https://network.pivotal.io/docs/api  
3 Kind

https://kind.sigs.k8s.io/docs/user/quick-start/#installation

I have Kind version v0.20.0 running on Docker Desktop version 24.0.7. 
4 Tanzu CLI

https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/install-tanzu-cli.html

brew install vmware-tanzu/tanzu/tanzu-cli

I have Tanzu CLI version version: v1.1.0
5 Pivnet CLI

https://github.com/pivotal-cf/pivnet-cli

brew install pivotal/tap/pivnet-cli

 I have Pivnet CLI version 4.1.1
6 Resource Requirements 

https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/prerequisites.html#resource-requirements

  • To deploy Tanzu Application Platform packages iterate profile on local Minikube cluster, your cluster must have at least:
    • 8 vCPUs for i9 (or equivalent) available to Tanzu Application Platform components on Mac OS.
    • 12 vCPUs for i7 (or equivalent) available to Tanzu Application Platform components on Mac OS.
    • 8 vCPUs are available to Tanzu Application Platform components on Linux and Windows.
    • 12 GB of RAM available to Tanzu Application Platform components on Mac OS, Linux, and Windows.
    • 70 GB of disk space available per node.
  
7 Github API 

I am using Github as an Image Registry. You can use any other. 

  

Installation 

We will be executing the following steps to install VMware TAP 1.6

Create Kind Cluster

We will be creating a Kind cluster with K8s version 1.27

kind create cluster –image kindest/node:v1.27.3

Deploy MetalLB

We will be using MetaLB as a Load Balancer to access the TAP GUI

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml

Configure MetaLB

We need to use the docker bridge network for the Load Balancer so that we can access the TAP GUI running on Kind K8s and create IP Address pool for MetaLB

In my case the range is 172.18.0.0/16 which is why I have the address 172.18.0.0 – 172.18.255.254

docker network inspect -f ‘{{.IPAM.Config}}’ kind

kubectl apply -f- << EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: example
namespace: metallb-system
spec:
addresses:
– 172.18.0.0-172.18.255.254

apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: empty
namespace: metallb-system
EOF

Login to Tanzu Network using CLI 

When we login to the Tanzu Network using Pivnet CLI it will accept EULA

pivnet login –api-token=<API Token>

Install Tanzu CLI Plugins

We will be installing Tanzu CLI plugins

tanzu plugin clean
tanzu plugin install –group vmware-tap/default:v1.6.1

You can verify plugins as well 

Download Cluster Essentials

Download the binaries using Pivnet CLI

pivnet download-product-files –product-slug=’tanzu-cluster-essentials’ –release-version=’1.6.0′ –glob=’tanzu-cluster-essentials-darwin-amd64-*’

Install Cluster Essentials

To install cluster essentials you will need to unzip the binaries and export environment variables.

TANZUNET_USERNAME=XXX
TANZUNET_PASSWORD=XXX
mkdir tanzu-cluster-essentials
tar xzvf tanzu-cluster-essentials-*-amd64-*.tgz -C tanzu-cluster-essentials
export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle:1.6.0
export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com
export INSTALL_REGISTRY_USERNAME=${TANZUNET_USERNAME}
export INSTALL_REGISTRY_PASSWORD=${TANZUNET_PASSWORD}
cd tanzu-cluster-essentials
./install.sh –yes

Verify KApp Controller & Secret Gen Controllers

 

Configure TAP Repository 

We will create Namespace (tap-install) and configure the TAP repository 

TANZUNET_USERNAME=…
TANZUNET_PASSWORD=…
kubectl create ns tap-install
tanzu secret registry add tap-registry \
–username “${TANZUNET_USERNAME}” \
–password “${TANZUNET_PASSWORD}” \
–server registry.tanzu.vmware.com \
–export-to-all-namespaces \
–yes \
–namespace tap-install
tanzu package repository add tanzu-tap-repository \
–url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.6.1 \
–namespace tap-install
tanzu package repository add full-deps-repository \
–url registry.tanzu.vmware.com/tanzu-application-platform/full-deps-package-repo:1.6.1 \
–namespace tap-install

You can also verify packages 

kubectl get package -n tap-install

Configure Registry Secret

I am using Github as the Image Registry. You can use any 

GITHUB_USERNAME=…
GITHUB_API_TOKEN=…
tanzu secret registry add buildservice-regcred \
–username ${GITHUB_USERNAME} \
–password ${GITHUB_API_TOKEN} \
–server ghcr.io \
–yes \
–namespace tap-install

Create Full Profile for TAP Install

Create a Full Profile for TAP Install. Couple of things to modify based on your setup 

ingress_domain: tap.172-18-0-3.sslip.io
project_path: ghcr.io/${GITHUB_USERNAME}
loadBalancerIP: 172.18.0.3

cat <<EOF > tap-values.yaml
shared:
ingress_domain: tap.172-18-0-3.sslip.io
ingress_issuer: tap-ingress-selfsigned
image_registry:
project_path: ghcr.io/${GITHUB_USERNAME}
secret:
name: buildservice-regcred
namespace: tap-install
kubernetes_version: “1.27”
ceip_policy_disclosed: true
profile: full
supply_chain: testing_scanning
contour:
contour:
replicas: 1
envoy:
service:
type: LoadBalancer
loadBalancerIP: 172.18.0.3
buildservice:
exclude_dependencies: false
tap_gui:
metadataStoreAutoconfiguration: true
app_config:
auth:
allowGuestAccess: true
metadata_store:
ns_for_export_app_cert: “*”
app_service_type: ClusterIP
pg_req_cpu: “200m”
pg_req_memory: “200Mi”
scanning:
metadataStore:
url: “” # Configuration is moved, so set this string to empty.
cnrs:
lite:
enable: true
pdb:
enable: false
cartographer:
cartographer:
resources:
requests:
cpu: 100m
memory: 200Mi
crossplane:
resourcesCrossplane:
requests:
cpu: 100m
memory: 200Mi
resourcesRBACManager:
requests:
cpu: 100m
memory: 200Mi
excluded_packages:
– policy.apps.tanzu.vmware.com
– image-policy-webhook.signing.apps.tanzu.vmware.com
– eventing.tanzu.vmware.com
– sso.apps.tanzu.vmware.com
– learningcenter.tanzu.vmware.com
– workshops.learningcenter.tanzu.vmware.com
– api-portal.tanzu.vmware.com
EOF

Install Packages for TAP

Install TAP packages using tanzu cli 

tanzu package install tap \
-p tap.tanzu.vmware.com \
-v 1.6.1 \
–values-file tap-values.yaml \
-n tap-install

You can verify the status of package installs using 

kubectl get pkgi -n tap-install

Couple of observations 

  • As we are deploying on Kind K8s it might take time to bring up the pods which would mean package install may time out.
  • As we are doing it via KApp controller it will automatically try to reconcile 
  • In my case I ran into an issue with metadata-store as the POD was in Not Ready State however it resolved automatically. 
  • I would recommend waiting for 15-20 mins and the environment would be stable 

Verify UI Access 

We will need to access the UI using the FQDN

Verify Ingress IP 

kubectl get svc -n tanzu-system-ingress envoy

Verify Proxy FQDN

kubectl get httpproxy -A

Install Docker Mac Net Connect

Docker Mac Net Connect allows you to connect to Docker containers from macOS host (without port binding).

https://github.com/chipmk/docker-mac-net-connect

# Install via Homebrew
$ brew install chipmk/tap/docker-mac-net-connect
# Run the service and register it to launch at boot
$ sudo brew services start chipmk/tap/docker-mac-net-connect

Verify UI Access 

You can try accessing the UI using the FQDN mentioned in the tap-values.yaml 

Reference
 – https://ik.am/entries/754

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: