Configuring Installation Values for Tanzu Application Service for Kubernetes
This topic describes how to configure the Tanzu Application Service for Kubernetes installation resources before deploying to the Kubernetes cluster.
Before proceeding, review the Preparing to Install TAS for Kubernetes topic for details about:
- Preparing the Tanzu Application Service for Kubernetes installation resources on your local workstation,
- Installing required command-line tools,
- Preparing the Kubernetes cluster and application-image registry dependencies, and
- Choosing a system domain DNS name.
Configuring Tanzu Application Service for Kubernetes for installation entails several steps:
- Generating internal configuration values using a helper script,
- Configuring values for the system component registry,
- Configuring the application image registry,
- Optionally using a Kubernetes LoadBalancer service for the ingress gateway.
The following sections and topics explain these steps in detail.
Tanzu Application Service for Kubernetes requires a small set of credentials and certificates to coordinate its components, along with a certificate to terminate TLS at the ingress gateway. A helper script in the installation resources generates these credentials and certificates to be supplied to the installation script.
Create a directory named
configuration-valuesin the same directory as the
tanzu-application-servicedirectory. You will use this directory to store configuration values for this installation.
Change into the
tanzu-application-servicedirectory in your terminal.
Run the value-generation script with the system domain you selected previously and store its output in the
$ ./bin/generate-values.sh -d "PLACEHOLDER-SYSTEM-DOMAIN" > ../configuration-values/deployment-values.yml
Note: The TLS certificate that the value-generation script generates to terminate TLS traffic at the system ingress gateway is self-signed.
If your Kubernetes cluster supports Kubernetes Services of type LoadBalancer, you may use that type of service to provision a load balancer automatically for the Istio ingress gateway in the Tanzu Application Service for Kubernetes deployment.
This option is recommended when deploying Tanzu Application Service for Kubernetes to VMware Enterprise PKS on AWS, Azure, or GCP, or on vSphere with NSX-T container networking.
This option is not compatible with VMware Enterprise PKS to vSphere with Flannel container networking.
To enable Tanzu Application Service for Kubernetes to use a LoadBalancer service for ingress:
In your terminal, change into the
tanzu-application-servicedirectory containing the installation resources.
replace-loadbalancer-with-clusterip.yamlfile from the
custom-overlaysdirectory to the
$ mv custom-overlays/replace-loadbalancer-with-clusterip.yaml config-optional
To configure Tanzu Application Service for Kubernetes with these values:
Change into the
configuration-valuesdirectory you created earlier.
Create a file named
system-registry-values.ymlin that directory with the contents below, replacing the placeholder values with the Tanzu Network user credentials you wish to use:
#@data/values --- system_registry: hostname: registry.pivotal.io username: "PLACEHOLDER-TANZU-NETWORK-REGISTRY-USERNAME" password: "PLACEHOLDER-TANZU-NETWORK-REGISTRY-PASSWORD"
Tanzu Application Service for Kubernetes depends on an external image registry to store the images it builds for buildpack-based applications. Proceed to the Configuring the Application Image Registry topic for details on configuring Harbor, GCR, or Dockerhub as this registry for the installation.