├── .gitignore ├── LICENSE ├── README.md └── jumpbox-tools.sh /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | bin/ 3 | .gradle/ 4 | release.properties 5 | dependency-reduced-pom.xml 6 | buildNumber.properties 7 | .history/ 8 | .classpath 9 | .project 10 | .factorypath 11 | .settings/ 12 | logs/ 13 | scratch/ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # tanzu-dev-experience 2 | 3 | [![Generic badge](https://img.shields.io/badge/work%20in%20progress-walk%20in%20someone%20else's%20shoes-yellow)](https://shields.io/) 4 | 5 | 6 | A compendium of notes and links in order to reduce the time it takes to get an environment up-and-running to evaluate a continually evolving collection of open-source and commercial tooling within the Tanzu portfolio. 7 | 8 | Intent here is to document alternative, curated combinations of tools and products that I've had some experience with, and allow you to choose your own adventure through (a hopefully more expedient evaluation) installation and usage of them. 9 | 10 | ## Table of Contents 11 | 12 | * [Overview](#overview) 13 | * [Prerequisites](#prerequisites) 14 | * [Tanzu Portfolio](#tanzu-portfolio) 15 | * [Run](#run) 16 | * [TKG](#tkg) 17 | * [TKGi and Harbor](#tkgi-and-harbor) 18 | * [on AWS](#on-aws) 19 | * [on Azure](#on-azure) 20 | * [on GCP](#on-gcp) 21 | * [Activate additional plans for TKGi](#activate-additional-plans-for-tkgi) 22 | * [TAS](#tas) 23 | * [Configure](#configure) 24 | * [Integrate Harbor](#integrate-harbor) 25 | * [Rollout](#rollout) 26 | * [Build](#build) 27 | * [Use cf CLI to setup environment](#use-cf-cli-to-setup-environment) 28 | * [Build and deploy sample application](#build-and-deploy-sample-application) 29 | * [Clone](#clone-1) 30 | * [Assemble image](#assemble-image) 31 | * [Push image to Harbor](#push-image-to-harbor) 32 | * [Deploy image](#deploy-image) 33 | * [Build and deploy from source](#build-and-deploy-from-source) 34 | * [Brokered Services](#brokered-services) 35 | * [minibroker](#minibroker) 36 | * [gcp-service-broker](#gcp-service-broker) 37 | * [(KSM) Container Services Manager](#ksm-container-services-manager) 38 | * [(TAC) Tanzu Application Catalog](#tac-tanzu-application-catalog) 39 | * [kpack](#kpack) 40 | * [Update images](#update-images) 41 | * [(TBS) Tanzu Build Service](#tbs-tanzu-build-service) 42 | * [Manage](#manage) 43 | * [Velero](#velero) 44 | * [(TO) Tanzu Observability](#to-tanzu-observability) 45 | * [(TMC) Tanzu Mission Control](#tmc-tanzu-mission-control) 46 | * [Appendices](#appendices) 47 | * [Articles](#articles) 48 | * [Documentation](#documentation) 49 | 50 | ## Overview 51 | 52 | The following IaaS providers have been (or will soon be) tread. Documentation will be organized (and updated) accordingly. 53 | 54 | * AWS 55 | * Azure 56 | * GCP 57 | * VMWare 58 | 59 | ## Prerequisites 60 | 61 | The minimum complement of 62 | 63 | | CLIs | and | SDKs | 64 | |--------|--------|-----------| 65 | | aws | git | kubectl | 66 | | az | helm | leftovers | 67 | | bosh | httpie | pivnet | 68 | | cf | java | pks | 69 | | docker | jq | python | 70 | | gcloud | k14s | terraform | 71 | | | ksm | yq | 72 | 73 | Here's a [script](jumpbox-tools.sh) that will install the above on an Ubuntu Linux VM 74 | 75 | ## Tanzu Portfolio 76 | 77 | The following collection of open-source and commercial products are (or will soon be) reviewed and evaluated here 78 | 79 | * TKG (Tanzu Kubernetes Grid) 80 | * TKGi (formerly PKS) 81 | * Harbor 82 | * Velero 83 | * cf-for-k8s 84 | * TAS for K8s (Tanzu Application Service for Kubernetes) 85 | * kpack 86 | * TBS (Tanzu Build Service) 87 | * minibroker 88 | * gcp-service-broker 89 | * KSM (Container Services Manager) 90 | * TAC (Tanzu Application Catalog) 91 | * TO (Tanzu Observability, formerly Wavefront) 92 | * TMC (Tanzu Mission Control) 93 | 94 | 95 | ## Run 96 | 97 | ### TKG 98 | 99 | // TODO 100 | 101 | ### TKGi and Harbor 102 | 103 | Go visit [Niall Thomson](https://www.niallthomson.com)'s excellent [paasify-pks](https://github.com/niallthomson/paasify-pks) project. 104 | 105 | #### on AWS 106 | 107 | // TODO 108 | 109 | #### on Azure 110 | 111 | // TODO 112 | 113 | #### on GCP 114 | 115 | Be sure to peruse and follow the 116 | 117 | * [Pre](https://github.com/niallthomson/paasify-pks/blob/master/docs/pre-install/gcp.md) install instructions if you're looking to spin up a jumpbox VM and 118 | * [Post](https://github.com/niallthomson/paasify-pks/blob/master/docs/post-install/gcp.md) install instructions when you want to complete creating and configuring a Kubernetes cluster with a load balancer using the `pks` CLI 119 | * Be sure to follow the [Update Plans for PKS](#update-plans-for-pks) section below before attempting to complete step 3. You'll want to create a cluster that's sized to accommodate subsequent `cf-for-k8s` and `kpack` installations 120 | 121 | > Revisit the [prerequisites](#prerequisites) section above so you can successfully complete this phase of evaluation 122 | 123 | Make a note of the credentials for 124 | 125 | * Operations Manager 126 | * Use `terraform output` inside the `paasify-pks` directory 127 | * Harbor 128 | * Login to Operations Manager, visit the Harbor tile configuration, click on the `Credentials` tab, click on the `Admin Password` link 129 | 130 |
And don't forget to restart your jumpbox... you'll need to restart your compute instance in order for Docker to work appropriately.
sudo shutdown -r
131 | 132 | 133 | #### Activate additional plans for TKGi 134 | 135 | * Login to Operations Manager 136 | * Visit the `Enterprise PKS` tile and select `Plan 2` from the left-hand pane 137 | * Click on `Active` radio button underneath `Plan` heading in the right-hand pane 138 | * Set the drop-box option underneath the `Worker VM Type` heading to be `large.disk (cpu: 2, ram: 8 GB, disk: 64GB)` 139 | * Make sure the last 3 of 4 checkboxes of the `Plan 2` configuration have been checked, then click the `Save` button 140 | * Click on the `Installation Dashboard` link at top of page 141 | * Click on `Review Pending Changes` 142 | * Un-check the checkbox next to the product titled `VMWare Harbor Registry`, then click on the the `Apply Changes` button 143 | 144 | ### TAS 145 | 146 | 147 | **cf-for-k8s** 148 | 149 | An open-source project that's meant to deliver the `cf push` experience for developers who are deploying applications on Kubernetes. It's early days yet, so don't expect to show off a robust set of features. 150 | 151 | What we can do today is demonstrate 152 | 153 | * deploying a pre-built Docker image that originates from a secure, private Docker registry (e.g., Harbor) or 154 | * starting with source code, leveraging a cloud native [buildpack](https://buildpacks.io) to build and package it into an OCI image, and then deploying. 155 | 156 | Option 1: 157 | 158 | If you haven't yet installed PKS or TKG with Harbor on your IaaS of choice, you might consider a fast-track route for demo/evaluation purposes. Employ Niall Thomson's [Tanzu Playground](https://github.com/niallthomson/tanzu-playground) to quickly launch cf-for-k8s on GKE. You may ignore the configure, integrate Harbor, and rollout steps as these are handled. 159 | 160 |
Generate a kubeconfig entry
gcloud container clusters get-credentials {cluster-name} --zone {availability-zone}
161 | 162 | Option 2: 163 | 164 | ``` 165 | git clone https://github.com/cloudfoundry/cf-for-k8s.git 166 | cd cf-for-k8s 167 | ``` 168 | 169 | **(TAS) Tanzu Application Service for Kubernetes** 170 | 171 | The commercial distribution based on cf-for-k8s. It must be sourced from the [Pivotal Network](https://network.pivotal.io/products/pas-for-kubernetes). 172 | 173 | ``` 174 | mkdir tas-for-k8s 175 | pivnet download-product-files --product-slug='tas-for-kubernetes' --release-version='0.1.0-build.252' --product-file-id=660279 176 | tar xvf tanzu-application-service.0.1.0-build.252.tar -C tas-for-k8s 177 | cd tas-for-k8s 178 | ``` 179 | > Update `--release-version` and `--product-file-id` when later releases become available 180 | 181 | 182 | #### Configure 183 | 184 | If cf-for-k8s 185 | 186 | ``` 187 | ./hack/generate-values.sh -d {cf-domain} > /tmp/cf-values.yml 188 | ``` 189 | 190 | If TAS 191 | 192 | ``` 193 | ./config/cf-for-k8s/hack/generate-values.sh -d {cf-domain} > /tmp/cf-values.yml 194 | ``` 195 | 196 | > Replace `{cf-domain}` with `cf.` as the prefix to your PKS sub-domain (e.g., if your sub-domain was `hagrid.ironleg.me`, then `{cf-domain}` would be `cf.hagrid.ironleg.me`. 197 | 198 | ##### Integrate Harbor 199 | 200 | If cf-for-k8s 201 | 202 | Use `vi` or some other editor to append the following lines to `/tmp/cf-values.yml`. We're also enabling Cloud Native Buildpack support by doing this. 203 | 204 | ``` 205 | app_registry: 206 | hostname: harbor.{sub-domain} 207 | repository: library 208 | username: admin 209 | password: {harbor-password} 210 | ``` 211 | 212 | If TAS 213 | 214 | ``` 215 | export YTT_TAS_registry__server="harbor.{sub-domain}" 216 | export YTT_TAS_registry__username=admin 217 | export YTT_TAS_registry__password="{harbor-password}" 218 | ``` 219 | 220 | > Replace `{sub-domain}` with your PKS sub-domain. Replace `{harbor-password}` by logging into `Operations Manager`, clicking on the `VMWare Harbor Registry` tile, clicking on the `Credentials` tab, then clicking on `Link to Credential` next to the `Admin Password` label. 221 | 222 | #### Rollout 223 | 224 |
Install cf-for-k8s
./bin/install-cf.sh /tmp/cf-values.yml
225 | 226 |
Install TAS
./bin/install-tas.sh /tmp/cf-values.yml
227 | 228 |
(Optional) Add overlays
229 | 230 |
Determine IP Address of Istio Ingress Gateway
kubectl get svc -n istio-system istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[*].ip}'
231 | 232 |
Set DNS entry
# Sample A record in cloud provider DNS. The IP address below is the address of Ingress gateway's external IP
233 | Domain         Record Type  TTL  IP Address
234 | *.{cf-domain}  A            30   35.111.111.111
235 | 236 | #### Additional 237 | 238 |
Validate
kubectl get pods -n cf-system
239 | 240 |
Uninstall
kapp delete -a cf
241 | 242 | 243 | ## Build 244 | 245 | ### Use cf CLI to setup environment 246 | 247 | Target the cf-for-k8s API endpoint and authenticate 248 | 249 | ``` 250 | cf api --skip-ssl-validation https://{cf-api-endpoint} 251 | cf auth {username} {password} 252 | ``` 253 | > If you forgot any of the placeholder values above, just `cat /tmp/cf-values.yml`. Values for `{cf-api-endpoint}` and `{password}` should respectively equate to `app_domain` and `cf_admin_password` values. 254 | 255 | Enable Docker 256 | 257 | ``` 258 | cf enable-feature-flag diego_docker 259 | ``` 260 | 261 | Create a new organization and space 262 | 263 | ``` 264 | cf create-org {organization-name} 265 | cf t -o {organization-name} 266 | cf create-space {space-name} 267 | cf t -s {space-name} 268 | ``` 269 | > Replace placeholder values above with your own choices 270 | 271 | ### Build and deploy sample application 272 | 273 | We're going to clone the source of a [Spring Boot 2.3.0.M3](https://spring.io/blog/2020/03/12/spring-boot-2-3-0-m3-available-now) application which when built with [Gradle](https://gradle.org), will automatically assemble a Docker image employing a cloud-native [buildpack](https://hub.docker.com/r/cloudfoundry/cnb). 274 | 275 | #### Clone 276 | 277 | ``` 278 | git clone https://github.com/fastnsilver/primes 279 | ``` 280 | 281 | #### Assemble image 282 | 283 | ``` 284 | cd primes 285 | git checkout solution 286 | ./gradlew build -b build.boot-image.gradle 287 | ``` 288 | 289 |
If you see an exception like this you will want to restart your jumpbox. 290 | 
> Task :bootBuildImage FAILED
291 | Building image 'docker.io/library/primes:1.0-SNAPSHOT'
292 |  > Pulling builder image 'docker.io/cloudfoundry/cnb:0.0.53-bionic' ..................................................
293 | FAILURE: Build failed with an exception.
294 | * What went wrong:
295 | Execution failed for task ':bootBuildImage'.
296 | > Docker API call to 'docker://localhost/v1.24/images/create?fromImage=docker.io%2Fcloudfoundry%2Fcnb%3A0.0.53-bionic' failed with status code 500 "com.sun.jna.LastErrorException: [13] Permission denied"
297 | * Try:
298 | Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
299 | * Get more help at https://help.gradle.org
300 | 301 | 302 | #### Push image to Harbor 303 | 304 | We will need to login to our registry, tag the image, then push it 305 | 306 | ``` 307 | docker login -u admin https://{harbor-hostname} 308 | docker tag primes:1.0-SNAPSHOT {harbor-hostname}/library/primes:1.0-SNAPSHOT 309 | docker push {harbor-hostname}/library/primes:1.0-SNAPSHOT 310 | ``` 311 | > Fetch `{harbor-hostname}` bv visiting your Operations Manager instance, logging in, selecting the `VMWare Harbor Registry` tile, clicking on the `General` link in the left-hand pane and copying the value from the field titled `Hostname`. 312 | 313 | 314 | #### Deploy image 315 | 316 | Push it... real good 317 | 318 | ``` 319 | cf push primes -o {harbor-hostname}/library/primes:1.0-SNAPSHOT 320 | ``` 321 | 322 | Calculate some primes 323 | 324 | ``` 325 | http http://{app-url}/primes/1/10000 326 | ``` 327 | > Replace `{app-url}` above with the route to your freshly deployed application instance 328 | 329 |
Get environment variables
cf env primes
330 | 331 |
Show most recent logs
cf logs primes --recent
332 | 333 |
Tail the logs
cf tail primes
334 | 335 |
Scale up
cf scale primes -i 2
336 | 337 |
Inspect events
cf events primes
338 | 339 |
Show app health and status
cf app primes
340 | 341 | 342 | #### Build and deploy from source 343 | 344 | Why did we go through all that? What if all we really needed to do was bring our source code to the party; let the platform take care of building, packaging, deploying an up-to-date, secure image to our registry, then push that image out to an environment? 345 | 346 | Let's see how we do that. It's as simple as... 347 | 348 | ``` 349 | cf push primes 350 | ``` 351 | 352 | #### Deploy stratos 353 | 354 | [Stratos](https://github.com/cloudfoundry/stratos/tree/master/deploy/kubernetes/console) is a UI administrative console for managing Cloud Foundry 355 | 356 |
Add Helm repository
helm repo add stratos https://cloudfoundry.github.io/stratos
357 | 358 |
Create new namespace
kubectl create namespace stratos
359 | 360 |
Install
helm install console stratos/console --namespace=stratos --set console.service.type=LoadBalancer
361 | 362 |
Get Ingress
kubectl describe service console-ui-ext -n stratos | grep Ingress
363 | 364 |
Upgrade
helm repo update
365 | helm upgrade console stratos/console --namespace=stratos --recreate-pods
366 | 367 |
Uninstall
helm uninstall console --namespace=stratos
368 | kubectl delete namespace stratos
369 | 370 | ### Brokered Services 371 | 372 | No self-respecting enterprise application functions alone. It's typically integrated with an array of other services (e.g., credentials/secrets management, databases, and messaging queues, to name but a few). How do we curate, launch and integrate services (from a catalog/marketplace) with applications? 373 | 374 | #### minibroker 375 | 376 | [Minibroker](https://github.com/kubernetes-sigs/minibroker) is an implementation of the Open Service Broker API suited for local development and testing. Rather than provisioning services from a cloud provider, Minibroker provisions services in containers on the cluster. Minibroker uses Kubernetes Helm Charts as its source of provisionable services. 377 | 378 | Dan Baskette shared a short video [demo](https://youtu.be/B-h2yggVk8w) and Github [repository](https://github.com/dbbaskette/tas-on-kind#minibroker-install) where he shares the steps for installing and subsequently integrating minibroker with the TAS marketplace. 379 | 380 | #### gcp-service-broker 381 | 382 | [Google Cloud Service Broker](https://github.com/GoogleCloudPlatform/gcp-service-broker) adheres to Open Service Broker API v2.13 and may be installed either via a [Helm Chart](https://github.com/GoogleCloudPlatform/gcp-service-broker/tree/master/deployments/helm/gcp-service-broker) or with a cf push and subsequently integrated with the TAS marketplace. 383 | 384 | If you're considering the latter approach... 385 | 386 | ``` 387 | git clone https://github.com/GoogleCloudPlatform/gcp-service-broker.git 388 | cd gcp-service-broker 389 | ``` 390 | 391 | Consult and follow the `Installing as a Cloud Foundry Application` [instructions](https://github.com/GoogleCloudPlatform/gcp-service-broker/blob/master/docs/installation.md#installing-as-a-cloud-foundry-application). Pause your progress through these instructions once you've completed the section entitled `Set required environment variables`. 392 | 393 | Create and save a new file named `buildpack.yml` with contents as follows 394 | 395 | ``` 396 | --- 397 | go: 398 | import-path: github.com/GoogleCloudPlatform/gcp-service-broker 399 | ``` 400 | 401 | Update your `manifest.yml` to contain 402 | 403 | ``` 404 | --- 405 | applications: 406 | - name: gcp-service-broker 407 | memory: 1G 408 | env: 409 | GOPACKAGENAME: github.com/GoogleCloudPlatform/gcp-service-broker 410 | GOVERSION: go1.14 411 | ROOT_SERVICE_ACCOUNT_JSON: | 412 | { 413 | "type": "service_account", 414 | "project_id": "REPLACE_ME", 415 | "private_key_id": "REPLACE_ME", 416 | "private_key": "-----BEGIN PRIVATE KEY-----\nREPLACE_ME\n-----END PRIVATE KEY-----\n", 417 | "client_email": "REPLACE_ME", 418 | "client_id": "REPLACE_ME", 419 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 420 | "token_uri": "https://accounts.google.com/o/oauth2/token", 421 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 422 | "client_x509_cert_url": "REPLACE_ME" 423 | } 424 | SECURITY_USER_NAME: REPLACE_ME 425 | SECURITY_USER_PASSWORD: REPLACE_ME 426 | DB_HOST: REPLACE_ME 427 | DB_USERNAME: REPLACE_ME 428 | DB_PASSWORD: REPLACE_ME 429 | ``` 430 | > Note that `buildpack` has been explicitly removed because we're employing [Cloud Native Buildpacks](https://hub.docker.com/r/cloudfoundry/cnb) rather than the [go-buildpack](https://github.com/cloudfoundry/go-buildpack). Also note the [required environment variable values](https://github.com/GoogleCloudPlatform/gcp-service-broker/blob/master/docs/installation.md#set-required-environment-variables) that need to be replaced above. 431 | 432 | Deploy the app and create a service broker instance 433 | 434 | ``` 435 | cf push gcp-service-broker-backend 436 | cf create-service-broker gcp-service-broker {username} {password} {service broker url} 437 | ``` 438 | > Replace occurrences of `{username}` and `{password}` above with the values you respectively assigned to `SECURITY_USER_NAME`, `SECURITY_USER_PASSWORD` in your `manifest.yml`. 439 | 440 | > The occurrence of `{service broker url}` above should be replaced with the application route for `gcp-service-broker-backend`. 441 | 442 | > The aforementioned route should begin with `http://` until this [issue](https://github.com/cloudfoundry/cf-for-k8s/issues/46) is addressed. 443 | 444 | List the available (to be enabled) service offerings 445 | 446 | ``` 447 | cf service-access 448 | ``` 449 | 450 | Enable a complement of services in the TAS marketplace 451 | 452 | ``` 453 | cf enable-service-access google-spanner 454 | cf enable-service-access google-cloudsql-postgres 455 | cf enable-service-access google-pubsub 456 | cf enable-service-access google-storage 457 | ``` 458 | 459 | Verify the services appear in the marketplace 460 | 461 | ``` 462 | cf marketplace 463 | ``` 464 | 465 | Push a sample application 466 | 467 | Have a look at [spring-books](https://github.com/pacphi/spring-books) 468 | 469 | 470 | #### (KSM) Container Services Manager 471 | 472 | At a minimum a complement of Couchbase, Elasticsearch, Kafka, Mongo, MySQL, Neo4J, Postgres, and Vault offerings would be compelling to curate and deliver to enterprise developers. 473 | 474 | // TODO 475 | 476 | #### (TAC) Tanzu Application Catalog 477 | 478 | // TODO 479 | 480 | ### kpack 481 | 482 | Now that we've worked out how to build and deploy a Spring Boot application. What about everything else that could be containerized? And how do we offload the work of building images (and keeping them up-to-date) from our jumpbox to some sort of automated CI engine? Let's take a look at what [kpack](https://github.com/pivotal/kpack) and [kpack-viz](https://github.com/niallthomson/kpack-viz) can do for us. 483 | 484 | Seems pretty straight-forward to follow these [instructions](https://github.com/pivotal/kpack/blob/master/docs/install.md#installing-kpack-1). You'll want to download the [latest release](https://github.com/pivotal/kpack/releases/download/v0.0.8/release-0.0.8.yaml) first. 485 | 486 | // TODO Add more explicit post-installation instructions 487 | 488 | #### Update images 489 | 490 | // TODO Demonstrate a use-case where-in a sub-category of images are updated 491 | 492 | ### (TBS) Tanzu Build Service 493 | 494 | // TODO 495 | 496 | ## Manage 497 | 498 | ### Velero 499 | 500 | What about your backup and recovery needs? 501 | 502 | // TODO 503 | 504 | ### (TO) Tanzu Observability 505 | 506 | Great we've deployed workloads to Kubernetes. How are we able to troubleshoot issues in production? At a minimum we'd like to surface health and performance metrics. 507 | 508 | // TODO 509 | 510 | ### (TMC) Tanzu Mission Control 511 | 512 | All clusters are not created equally. Most enterprises struggle to apply consistent policies (security and compliance come to mind) across multiple runtime environments operating on-premise and/or in multiple public clouds. 513 | 514 | // TODO 515 | 516 | ## Appendices 517 | 518 | ### Articles 519 | 520 | * [How to Add Software Packaged as Helm Charts & Kubernetes Operators to Tanzu Application Service](https://tanzu.vmware.com/content/blog/how-to-add-software-packaged-as-helm-charts-kubernetes-operators-to-your-pivotal-platform) 521 | 522 | ### Documentation 523 | 524 | * [Cloud Foundry for Kubernetes](https://github.com/cloudfoundry/cf-for-k8s) 525 | * [(KSM) Container Services Manager](https://docs.pivotal.io/ksm/0-7/index.html) 526 | -------------------------------------------------------------------------------- /jumpbox-tools.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd ~ 4 | 5 | # Install prerequisites 6 | 7 | # This should be the value of Legacy API Token, found here: https://network.pivotal.io/users/dashboard/edit-profile 8 | PIVNET_UAA_REFRESH_TOKEN=change_me 9 | 10 | # Set versions of installed software 11 | AZ_REPO=$(lsb_release -cs) 12 | BOSH_VERSION=6.2.1 13 | CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" 14 | LEFTOVERS_VERSION=0.62.0 15 | PIVNET_VERSION=1.0.2 16 | TF_VERSION=0.12.24 17 | TF_K14S_PLUGIN_VERSION=0.4.0 18 | TF_K14SX_PLUGIN_VERSION=0.0.2 19 | 20 | # Add package sources and repositories 21 | echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | \ 22 | sudo tee /etc/apt/sources.list.d/azure-cli.list && \ 23 | sudo apt-key --keyring /etc/apt/trusted.gpg.d/Microsoft.gpg adv \ 24 | --keyserver packages.microsoft.com \ 25 | --recv-keys BC528686B50D79E339D3721CEB3E94ADBE1229CF 26 | 27 | echo "deb http://packages.cloud.google.com/apt ${CLOUD_SDK_REPO} main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \ 28 | curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \ 29 | sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 30 | 31 | sudo add-apt-repository ppa:rmescandon/yq -y 32 | 33 | # Download package information from all configured sources and install a complement of software 34 | sudo apt update --yes && \ 35 | sudo apt install --yes azure-cli build-essential curl default-jdk docker.io google-cloud-sdk httpie jq git python-pip python-dev unzip wget yq 36 | 37 | 38 | sudo pip install --upgrade pip 39 | pip install awscli 40 | 41 | wget -O bosh https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-${BOSH_VERSION}-linux-amd64 && \ 42 | chmod +x bosh && \ 43 | sudo mv bosh /usr/local/bin 44 | 45 | curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&source=github" | tar -zx && \ 46 | sudo mv cf /usr/local/bin 47 | 48 | curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=v7&source=github" | tar -zx && \ 49 | sudo mv cf7 /usr/local/bin 50 | 51 | cf install-plugin -r CF-Community "log-cache" -f 52 | 53 | sudo systemctl start docker && \ 54 | sudo systemctl enable docker && \ 55 | sudo usermod -aG docker ${USER} 56 | 57 | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash 58 | helm repo add stable https://kubernetes-charts.storage.googleapis.com/ 59 | 60 | curl -L https://k14s.io/install.sh | sudo bash 61 | mkdir -p ~/.terraform.d/plugins 62 | curl -LO https://github.com/k14s/terraform-provider-k14s/releases/download/v${TF_K14S_PLUGIN_VERSION}/terraform-provider-k14s-binaries.tgz 63 | tar xzvf terraform-provider-k14s-binaries.tgz -C ~/.terraform.d/plugins/ 64 | curl -LO https://github.com/niallthomson/terraform-provider-k14s/releases/download/v${TF_K14SX_PLUGIN_VERSION}/terraform-provider-k14sx-binaries.tgz 65 | tar xzvf terraform-provider-k14sx-binaries.tgz -C ~/.terraform.d/plugins/ 66 | 67 | wget -O pivnet https://github.com/pivotal-cf/pivnet-cli/releases/download/v${PIVNET_VERSION}/pivnet-linux-amd64-${PIVNET_VERSION} && \ 68 | chmod +x pivnet && \ 69 | sudo mv pivnet /usr/local/bin 70 | 71 | wget -O terraform.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip && \ 72 | unzip terraform.zip && \ 73 | sudo mv terraform /usr/local/bin && \ 74 | rm terraform.zip 75 | 76 | pivnet login --api-token="${PIVNET_UAA_REFRESH_TOKEN}" && \ 77 | pivnet download-product-files --product-slug='pivotal-container-service' --release-version='1.7.0' --product-file-id=649104 && \ 78 | mv pks-linux-amd64-1.7.0-build.26 pks && \ 79 | chmod +x pks && \ 80 | sudo mv pks /usr/local/bin 81 | 82 | pivnet download-product-files --product-slug='container-services-manager' --release-version='0.8.43' --product-file-id=662739 && \ 83 | mv ksm-0.8.43.linux ksm && \ 84 | chmod +x ksm && \ 85 | sudo mv ksm /usr/local/bin 86 | 87 | curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl && \ 88 | chmod +x kubectl && \ 89 | sudo mv kubectl /usr/local/bin 90 | 91 | wget https://github.com/genevieve/leftovers/releases/download/v${LEFTOVERS_VERSION}/leftovers-v${LEFTOVERS_VERSION}-linux-amd64 && \ 92 | mv leftovers-v${LEFTOVERS_VERSION}-linux-amd64 leftovers && \ 93 | chmod +x leftovers && \ 94 | sudo mv leftovers /usr/local/bin 95 | --------------------------------------------------------------------------------