Purpose
Install VMware TAP on Mac with Kind K8s on Docker Desktop.
Pre-requisites
Following are the pre-requisites that will be required to install VMware TAP (1.6)
Requirement | Reference | My Lab | |
---|---|---|---|
1 | Access to VMware Tanzu Network | https://network.tanzu.vmware.com/ | |
2 | API Token for VMware Tanzu Network | https://network.pivotal.io/docs/api | |
3 | Kind |
https://kind.sigs.k8s.io/docs/user/quick-start/#installation |
I have Kind version v0.20.0 running on Docker Desktop version 24.0.7. |
4 | Tanzu CLI |
https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/install-tanzu-cli.html brew install vmware-tanzu/tanzu/tanzu-cli |
I have Tanzu CLI version version: v1.1.0 |
5 | Pivnet CLI |
https://github.com/pivotal-cf/pivnet-cli brew install pivotal/tap/pivnet-cli |
I have Pivnet CLI version 4.1.1 |
6 | Resource Requirements |
|
|
7 | Github API |
I am using Github as an Image Registry. You can use any other. |
Installation
We will be executing the following steps to install VMware TAP 1.6
Create Kind Cluster
We will be creating a Kind cluster with K8s version 1.27
kind create cluster –image kindest/node:v1.27.3
Deploy MetalLB
We will be using MetaLB as a Load Balancer to access the TAP GUI
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml
Configure MetaLB
We need to use the docker bridge network for the Load Balancer so that we can access the TAP GUI running on Kind K8s and create IP Address pool for MetaLB
In my case the range is 172.18.0.0/16 which is why I have the address 172.18.0.0 – 172.18.255.254
docker network inspect -f ‘{{.IPAM.Config}}’ kind
kubectl apply -f- << EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: example
namespace: metallb-system
spec:
addresses:
– 172.18.0.0-172.18.255.254
—
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: empty
namespace: metallb-system
EOF
Login to Tanzu Network using CLI
When we login to the Tanzu Network using Pivnet CLI it will accept EULA
pivnet login –api-token=<API Token>
Install Tanzu CLI Plugins
We will be installing Tanzu CLI plugins
tanzu plugin clean
tanzu plugin install –group vmware-tap/default:v1.6.1
You can verify plugins as well
Download Cluster Essentials
Download the binaries using Pivnet CLI
pivnet download-product-files –product-slug=’tanzu-cluster-essentials’ –release-version=’1.6.0′ –glob=’tanzu-cluster-essentials-darwin-amd64-*’
Install Cluster Essentials
To install cluster essentials you will need to unzip the binaries and export environment variables.
TANZUNET_USERNAME=XXX
TANZUNET_PASSWORD=XXX
mkdir tanzu-cluster-essentials
tar xzvf tanzu-cluster-essentials-*-amd64-*.tgz -C tanzu-cluster-essentials
export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle:1.6.0
export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com
export INSTALL_REGISTRY_USERNAME=${TANZUNET_USERNAME}
export INSTALL_REGISTRY_PASSWORD=${TANZUNET_PASSWORD}
cd tanzu-cluster-essentials
./install.sh –yes
Verify KApp Controller & Secret Gen Controllers
Configure TAP Repository
We will create Namespace (tap-install) and configure the TAP repository
TANZUNET_USERNAME=…
TANZUNET_PASSWORD=…
kubectl create ns tap-install
tanzu secret registry add tap-registry \
–username “${TANZUNET_USERNAME}” \
–password “${TANZUNET_PASSWORD}” \
–server registry.tanzu.vmware.com \
–export-to-all-namespaces \
–yes \
–namespace tap-install
tanzu package repository add tanzu-tap-repository \
–url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.6.1 \
–namespace tap-install
tanzu package repository add full-deps-repository \
–url registry.tanzu.vmware.com/tanzu-application-platform/full-deps-package-repo:1.6.1 \
–namespace tap-install
You can also verify packages
kubectl get package -n tap-install
Configure Registry Secret
I am using Github as the Image Registry. You can use any
GITHUB_USERNAME=…
GITHUB_API_TOKEN=…
tanzu secret registry add buildservice-regcred \
–username ${GITHUB_USERNAME} \
–password ${GITHUB_API_TOKEN} \
–server ghcr.io \
–yes \
–namespace tap-install
Create Full Profile for TAP Install
Create a Full Profile for TAP Install. Couple of things to modify based on your setup
ingress_domain: tap.172-18-0-3.sslip.io
project_path: ghcr.io/${GITHUB_USERNAME}
loadBalancerIP: 172.18.0.3
cat <<EOF > tap-values.yaml
shared:
ingress_domain: tap.172-18-0-3.sslip.io
ingress_issuer: tap-ingress-selfsigned
image_registry:
project_path: ghcr.io/${GITHUB_USERNAME}
secret:
name: buildservice-regcred
namespace: tap-install
kubernetes_version: “1.27”
ceip_policy_disclosed: true
profile: full
supply_chain: testing_scanning
contour:
contour:
replicas: 1
envoy:
service:
type: LoadBalancer
loadBalancerIP: 172.18.0.3
buildservice:
exclude_dependencies: false
tap_gui:
metadataStoreAutoconfiguration: true
app_config:
auth:
allowGuestAccess: true
metadata_store:
ns_for_export_app_cert: “*”
app_service_type: ClusterIP
pg_req_cpu: “200m”
pg_req_memory: “200Mi”
scanning:
metadataStore:
url: “” # Configuration is moved, so set this string to empty.
cnrs:
lite:
enable: true
pdb:
enable: false
cartographer:
cartographer:
resources:
requests:
cpu: 100m
memory: 200Mi
crossplane:
resourcesCrossplane:
requests:
cpu: 100m
memory: 200Mi
resourcesRBACManager:
requests:
cpu: 100m
memory: 200Mi
excluded_packages:
– policy.apps.tanzu.vmware.com
– image-policy-webhook.signing.apps.tanzu.vmware.com
– eventing.tanzu.vmware.com
– sso.apps.tanzu.vmware.com
– learningcenter.tanzu.vmware.com
– workshops.learningcenter.tanzu.vmware.com
– api-portal.tanzu.vmware.com
EOF
Install Packages for TAP
Install TAP packages using tanzu cli
tanzu package install tap \
-p tap.tanzu.vmware.com \
-v 1.6.1 \
–values-file tap-values.yaml \
-n tap-install
You can verify the status of package installs using
kubectl get pkgi -n tap-install
Couple of observations
- As we are deploying on Kind K8s it might take time to bring up the pods which would mean package install may time out.
- As we are doing it via KApp controller it will automatically try to reconcile
- In my case I ran into an issue with metadata-store as the POD was in Not Ready State however it resolved automatically.
- I would recommend waiting for 15-20 mins and the environment would be stable
Verify UI Access
We will need to access the UI using the FQDN
Verify Ingress IP
kubectl get svc -n tanzu-system-ingress envoy
Verify Proxy FQDN
kubectl get httpproxy -A
Install Docker Mac Net Connect
Docker Mac Net Connect allows you to connect to Docker containers from macOS host (without port binding).
https://github.com/chipmk/docker-mac-net-connect
# Install via Homebrew
$ brew install chipmk/tap/docker-mac-net-connect
# Run the service and register it to launch at boot
$ sudo brew services start chipmk/tap/docker-mac-net-connect
Verify UI Access
You can try accessing the UI using the FQDN mentioned in the tap-values.yaml