Configuring Installation Values for Tanzu Application Service for Kubernetes

This topic describes how to configure the Tanzu Application Service for Kubernetes installation resources before deploying to the Kubernetes cluster.

Before proceeding, review the Preparing to Install TAS for Kubernetes topic for details about:

  • Preparing the Tanzu Application Service for Kubernetes installation resources on your local workstation,
  • Installing required command-line tools,
  • Preparing the Kubernetes cluster and application-image registry dependencies, and
  • Choosing a system domain DNS name.


Configuring Tanzu Application Service for Kubernetes for installation entails several steps:

  • Generating internal configuration values using a helper script,
  • Configuring values for the system component registry,
  • Configuring the application image registry,
  • Optionally using a Kubernetes LoadBalancer service for the ingress gateway.

The following sections and topics explain these steps in detail.

Generate Configuration Values

Tanzu Application Service for Kubernetes requires a small set of credentials and certificates to coordinate its components, along with a certificate to terminate TLS at the ingress gateway. A helper script in the installation resources generates these credentials and certificates to be supplied to the installation script.

  1. Create a directory named configuration-values in the same directory as the tanzu-application-service directory. You will use this directory to store configuration values for this installation.

  2. Change into the tanzu-application-service directory in your terminal.

  3. Run the value-generation script with the system domain you selected previously and store its output in the configuration-values directory:

$ ./bin/ -d "PLACEHOLDER-SYSTEM-DOMAIN" > ../configuration-values/deployment-values.yml

Note: The TLS certificate that the value-generation script generates to terminate TLS traffic at the system ingress gateway is self-signed.

(Optional) Use Load Balancer Service for Ingress Gateway

If your Kubernetes cluster supports Kubernetes Services of type LoadBalancer, you may use that type of service to provision a load balancer automatically for the Istio ingress gateway in the Tanzu Application Service for Kubernetes deployment.

This option is recommended when deploying Tanzu Application Service for Kubernetes to VMware Enterprise PKS on AWS, Azure, or GCP, or on vSphere with NSX-T container networking.

This option is not compatible with VMware Enterprise PKS to vSphere with Flannel container networking.

To enable Tanzu Application Service for Kubernetes to use a LoadBalancer service for ingress:

  1. In your terminal, change into the tanzu-application-service directory containing the installation resources.

  2. Move the replace-loadbalancer-with-clusterip.yaml file from the custom-overlays directory to the config-optional directory:

    $ mv custom-overlays/replace-loadbalancer-with-clusterip.yaml config-optional

Configure System Registry Values

Tanzu Application Service for Kubernetes pulls the container images for system components from the Tanzu Network container registry, using the credentials from a user registered with Tanzu Network.

To configure Tanzu Application Service for Kubernetes with these values:

  1. Change into the configuration-values directory you created earlier.

  2. Create a file named system-registry-values.yml in that directory with the contents below, replacing the placeholder values with the Tanzu Network user credentials you wish to use:


Next: Configure App Registry Values

Tanzu Application Service for Kubernetes depends on an external image registry to store the images it builds for buildpack-based applications. Proceed to the Configuring the Application Image Registry topic for details on configuring Harbor, GCR, or Dockerhub as this registry for the installation.