# TAP 1.4 Baseline ## Common Prerequisites for all platform: **1. Access to VMware Tanzu Network:** Used vmware email ID, no external setup required. **2. DNS Configuration:** Did not do because this require an IP address. **3. Accepting EULA:** Used vmware email ID, no external setup required. **4. Install Tanzu cli:** Follwed [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/install-tanzu-cli.html#-installupdate-tanzu-cli-plug-ins). **4. Others:** **Browser:** already installed **Kubternetes:** already installed **Github repo for catalog:** Used exiting [repo](https://github.com/dhadukk/tap-catalog) ## AWS (EKS cluster) * Installed everything manually and used step-by-step installation from document. * Configuration: 5 t3.xlarge node, 4 vCPU and 16 GB RAM ### Prerequisites: **1. Cluster-specific registry:** Used `aws` cli to create registry and used command mention in [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/aws-resources.html). ### Create AWS Resources for TAP: Followed [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/aws-resources.html) This include: **cluster creation** and **image registry creation**. #### Install EBS CSI driver Can follow doc but writting list of commands required to make it easy. ``` 1. Check if your cluster have Identity and Access Management (IAM) OpenID Connect (OIDC) provider or if not create one. $ oidc_id=$(aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5) $ aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4 # If you can see some result like: 733314BF9024E3A9A293A9E9CB753948 this means you cluster already have IAM OIDC provider. # If not create one IAM IODC provider by running this cmd: $ eksctl utils associate-iam-oidc-provider --cluster $EKS_CLUSTER_NAME --approve 2. Creating the Amazon EBS CSI driver IAM role for service accounts $ eksctl create iamserviceaccount --name ebs-csi-controller-sa --namespace kube-system --cluster $EKS_CLUSTER_NAME --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --approve --role-only --role-name AmazonEKS_EBS_CSI_DriverRole **note:-** AmazonEBSCSIDriverPolicy is built in and AmazonEKS_EBS_CSI_DriverRole can be your own role (you can name it with your choice). 3. Adding the Amazon EBS CSI add-on $ eksctl create addon --name aws-ebs-csi-driver --cluster $EKS_CLUSTER_NAME --service-account-role-arn arn:aws:iam::$AWS_ACCOUNT_ID:role/AmazonEKS_EBS_CSI_DriverRole --force ``` ### Deploy Cluster Essentials: Followed [doc](https://docs.vmware.com/en/Cluster-Essentials-for-VMware-Tanzu/1.4/cluster-essentials/deploy.html) ### Image relocation, building tap-values.yaml and TAP installation: Followed [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/install-aws.html) **tap-values.yaml** ``` shared: ingress_domain: taptest.carvelind.cloudfocused.in ceip_policy_disclosed: true profile: full excluded_packages: - policy.apps.tanzu.vmware.com supply_chain: basic ootb_supply_chain_basic: registry: server: ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com repository: tanzu-application-platform contour: envoy: service: type: LoadBalancer buildservice: kp_default_repository: 665112446684.dkr.ecr.ap-northeast-1.amazonaws.com/tap-build-service kp_default_repository_aws_iam_role_arn: "arn:aws:iam::665112446684:role/tap-build-service" ootb_templates: iaas_auth: true tap_gui: service_type: ClusterIP app_config: catalog: locations: - type: url target: "https://github.com/kumaritanushree/tap-catalog/blob/master/catalog-info.yaml" metadata_store: ns_for_export_app_cert: "tap-dev" app_service_type: ClusterIP scanning: metadataStore: url: "" ``` ### DNS configuration: Note:- Should have public domain which we can buy from public domain registry like GoDaddy. I have created subdomain under domain "cloudfocused.in" which is owned by DAP delivery team. **How to create subdomain?** 1. On AWS console search for Route 53. 1. Click on hosted zone and then click on created hosted zone. 1. Fill the form: *  Domain Name → *.xyz.cloudfocused.in ( xyz.cloudfocused.in will be used in tap-values.yaml as ingress-domain) *  Type → public 1. Click on create hosted zone. 1. Now you can see your subdomain under hosted zones list.  1. Go to your subdomain and copy nameserver route list and share same with the owner of cloudfocused.in (Those routes will be added under cloudfocused.in to serve your subdomain) 1. Now you can access tap-gui by typing tap-gui.xyz.cloudfocused.in in browser. ### Issues reported: 1. ENVs were not used properly, `$` was missing in every cmd in [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/install-tanzu-cli.html#cli-plugin-install). Reported same in [slack](https://vmware.slack.com/archives/C02P2UZHJ4F/p1676630991447549) -> done 2. Redirection of cluster essentials page for 1.4 was going to 1.3 page. Reported same in [slack](https://vmware.slack.com/archives/C02P2UZHJ4F/p1676909468903959?thread_ts=1676630991.447549&cid=C02P2UZHJ4F) -> done 3. Wrong node type was used in cluster creation command. Reported same in [slack](https://vmware.slack.com/archives/C024ELN9YU8/p1676894547216929) -> done ## AZURE (AKS cluster) * Installed TAP using a pre-provisioned cluster by DAP Delivery Pipelines(TAP-test-bed) without TAP installed. * Configuration: 4 Standard_D4as_v4 nodes, 4 vCPUs and 16 GB RAM each ### Prerequisites: **1. Cluster-specific registry:** Created on azure using azure [portal](https://portal.azure.com/#home) (Note: First create resource group and then resources like registry, cluster in it) **Cluster creation:** Used [tap-test-bed](https://tap-test-bed.svc.eng.vmware.com/job/create-tap-testbed/) **Persistent Volumes:** Not created ### Deploy Cluster Essentials: Followed [doc](https://docs.vmware.com/en/Cluster-Essentials-for-VMware-Tanzu/1.4/cluster-essentials/deploy.html) ### Image relocation, building tap-values.yaml and TAP installation: **Image relocation:** Followed [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/install.html) **tap-values.yaml:** ``` # tap-values.yaml shared: ingress_domain: taptest.carvelind.cloudfocused.in image_registry: project_path: "index.docker.io/ktanushree/tap-repo-for-baseline1.4.1" username: "XXX" password: "XXX" kubernetes_distribution: "" # "openshift", To be passed only for OpenShift. Defaults to "" kubernetes_version: "1.25.4" # passed server version ceip_policy_disclosed: TRUE profile: full supply_chain: basic ootb_supply_chain_basic: # have bit confusion, what will be value if supply chain is basic registry: server: "index.docker.io" repository: "ktanushree/tap-repo-for-baseline1.4.1" gitops: ssh_secret: "" contour: # Not sure about working of this section envoy: service: type: LoadBalancer buildservice: kp_default_repository: "index.docker.io/ktanushree/tap-repo-for-baseline1.4.1-buildservice" kp_default_repository_username: "XXX" kp_default_repository_password: "XXX" #tap will not configure tap_gui: service_type: ClusterIP # If the shared.ingress_domain is set as above, this must be set to ClusterIP. app_config: integrations: github: # Other integrations available see NOTE below - host: github.com token: XXXXXX catalog: locations: - type: url target: https://github.com/kumaritanushree/tap-catalog/blob/master/catalog-info.yaml metadata_store: ns_for_export_app_cert: "tap-dev" app_service_type: ClusterIP scanning: metadataStore: url: "" # Configuration is moved, so set this string to empty. grype: namespace: "tap-dev" targetImagePullSecret: "index.docker.io" policy: tuf_enabled: false ``` **TAP installation:** Followed [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/install.html) ### Issues reported: 1. ytt error thrown in case of wrong version format used for kubernete in tap-values.yaml, shared with soumik and he reported same with colby and kalechi. Error: ``` $ tanzu package install tap -p tap.tanzu.vmware.com -v $TAP_VERSION --values-file tap-values1.4.0.yaml -n tap-install Installing package 'tap.tanzu.vmware.com' Getting package metadata for 'tap.tanzu.vmware.com' Creating service account 'tap-tap-install-sa' Creating cluster admin role 'tap-tap-install-cluster-role' Creating cluster role binding 'tap-tap-install-cluster-rolebinding' Creating secret 'tap-tap-install-values' Creating package resource Waiting for 'PackageInstall' reconciliation for 'tap' 'PackageInstall' resource install status: Reconciling | 'PackageInstall' resource install status: ReconcileFailed Please consider using 'tanzu package installed update' to update the installed package with correct settings Error: resource reconciliation failed: warning: The key sslDisabled has been deprecated in TAP 1.4.0 and will be removed in TAP 1.X+Y.0 of TAP, please migrate to the key sslDeactivated warning: The key sslDisabled has been deprecated in TAP 1.4.0 and will be removed in TAP 1.X+Y.0 of TAP, please migrate to the key sslDeactivated None ytt: Error: - int: invalid literal with base 10: v1 in parse_ver learning-center.yaml:18 | #@ return [int(x) for x in trimmed_ver.split(".")] in collect_values learning-center.yaml:39 | #@ if hasattr(data_values.shared, "kubernetes_version") and data_values.shared.kubernetes_version and parse_ver(data_values.shared.kubernetes_version) >= parse_ver("1.25.0"): in <toplevel> learning-center.yaml:81 | values.yaml: #@ yaml.encode(collect_values(data.values)) . Reconcile failed: Error (see .status.usefulErrorMessage for details) Error: exit status 1 ✖ exit status 1 ``` ## TKGm ### Prerequisites: **1. Cluster-specific registry:** Did not created registry for it and used tanzu-net only. **Cluster creation:** Used [tap-test-bed](https://tap-test-bed.svc.eng.vmware.com/job/create-tap-testbed/) **Persistent Volumes:** Not created ### Deploy Cluster Essentials: Followed [doc](https://docs.vmware.com/en/Cluster-Essentials-for-VMware-Tanzu/1.4/cluster-essentials/deploy.html) ### Image relocation, building tap-values.yaml and TAP installation: **Image relocation:** Not done **tap-values.yaml:** ``` shared: ingress_domain: "taptest.carvelind.cloudfocused.in" image_registry: project_path: "index.docker.io/ktanushree/tap-repo-for-baseline1.4.1" username: "XXX" password: "XXX" kubernetes_distribution: "" kubernetes_version: "1.23.0" ceip_policy_disclosed: TRUE profile: full supply_chain: basic ootb_supply_chain_basic: registry: server: "index.docker.io" repository: "ktanushree/tap-repo-for-baseline1.4.1" contour: envoy: service: type: LoadBalancer buildservice: kp_default_repository: "index.docker.io/ktanushree/tap-repo-for-baseline1.4.1" kp_default_repository_username: "XXX" kp_default_repository_password: "XXX" tap_gui: service_type: ClusterIP app_config: catalog: locations: - type: url target: "https://github.com/kumaritanushree/tap-catalog/blob/master/catalog-info.yaml" metadata_store: ns_for_export_app_cert: "tap-dev" app_service_type: ClusterIP scanning: metadataStore: url: "" grype: namespace: "tap-dev" targetImagePullSecret: "" policy: tuf_enabled: false ``` **TAP installation:** Followed [doc](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.4/tap/install.html) ### Issues reported: None