IK.AM

@making's tech note


Deploy Source Code on Private Git Repository on Tanzu Application Platform

🗃 {Dev/CaaS/Kubernetes/TAP}
🏷 Kubernetes 🏷 Cartographer 🏷 Tanzu 🏷 TAP 
🗓 Updated at 2022-12-21T11:35:32Z  🗓 Created at 2022-12-21T11:35:32Z   🇯🇵 Original entry

⚠️ The content of this article is not supported by VMware. Any issues arising from the content of this article are your responsibility and please do not contact VMware Support.

A note about deploying apps from source code on the Private Git Repository on the Tanzu Application Platform (TAP).

⚠️ This is not the case if ootb_supply_chain_basic.gitops.commit_strategy is pull_request.

documentations are following:

Use basic authentication instead of ssh here.

table of contents

For GitHub

Create an access token for the repo as shown below.

image

Create the following Secret in the target namespace.

GIT_SERVER=github.com
GIT_USERNAME=making
GIT_PASSWORD=ghp_Nnh*******

cat <<EOF > git-basic.yaml
apiVersion: v1
kind: Secret
metadata:
  name: git-basic
  annotations:
    tekton.dev/git-0: https://${GIT_SERVER}
type: kubernetes.io/basic-auth
stringData:
  username: ${GIT_USERNAME}
  password: ${GIT_PASSWORD}
EOF

kubectl apply -f git-basic.yaml -n demo

Also set this Secret for the Service Account used by Workload.

kubectl patch serviceaccount default -p "{\"secrets\":[{\"name\":\"git-basic\"}]}" -n demo

Prepare source code on Private Git Repository. I will use the following repositories:

https://github.com/making/helloworld

image

Pass this secret to the gitops_ssh_secret parameter when creating a workload like this:

tanzu apps workload apply helloworld \
  --app helloworld \
  --git-repo https://github.com/making/helloworld \
  --git-branch main \
  --type web \
  --param gitops_ssh_secret=git-basic \
  --build-env BP_JVM_VERSION=17 \
  -n demo \
  -y

You can set the default value of the gitops_ssh_secret parameter in ootb_supply_chain_(basic|testing|testing_scanning).gitops.ssh_secret in tap-values.yaml when installing TAP

Look at the gitrepo resource and if READY is True, you can get the source code.

$ kubectl get gitrepo -n demo helloworld 
NAME         URL                                    READY   STATUS                                                            AGE
helloworld   https://github.com/making/helloworld   True    Fetched revision: main/78e806b95a842748c1f6f3db13212330e120f80d   26s

It's OK if the workload is successfully deployed.

$ tanzu apps workload get -n demo helloworld
---
# helloworld: Ready
---
Source
type:     git
url:      https://github.com/making/helloworld
branch:   main

Supply Chain
name:          source-to-url
last update:   94s
ready:         True

RESOURCE           READY   TIME
source-provider    True    10m
deliverable        True    10m
image-provider     True    2m3s
config-provider    True    114s
app-config         True    114s
config-writer      True    94s

Issues
No issues reported.

Pods
NAME                                           STATUS      RESTARTS   AGE
helloworld-00001-deployment-58f7fd4764-2m5dx   Running     0          49s
helloworld-build-1-build-pod                   Succeeded   0          10m
helloworld-config-writer-cgv7d-pod             Succeeded   0          110s

Knative Services
NAME         READY   URL
helloworld   Ready   http://helloworld-demo.vcap.me

To see logs: "tanzu apps workload tail helloworld --namespace demo"

For Bitbucket

Create an access token for the repo as shown below.

image

If you just want to get the source code from the Git Repository, only Read permission is fine, but this Secret is also used when writing the manifest with GitOps, so it is better to have Write permission as well.

Create the following Secret in the target namespace.

GIT_SERVER=bitbucket.org
GIT_USERNAME=tmaki_vmware
GIT_PASSWORD=ATBBg************

cat <<EOF > git-basic.yaml
apiVersion: v1
kind: Secret
metadata:
  name: git-basic
  annotations:
    tekton.dev/git-0: https://${GIT_SERVER}
type: kubernetes.io/basic-auth
stringData:
  username: ${GIT_USERNAME}
  password: ${GIT_PASSWORD}
EOF

kubectl apply -f git-basic.yaml -n demo

Also set this Secret for the Service Account used by Workload.

kubectl patch serviceaccount default -p "{\"secrets\":[{\"name\":\"git-basic\"}]}" -n demo

Prepare source code on Private Git Repository. I will use the following repositories:

https://bitbucket.org/tmaki_vmware/helloworld

image

Pass this secret to the gitops_ssh_secret parameter when creating a workload like this:

tanzu apps workload apply helloworld \
  --app helloworld \
  --git-repo https://bitbucket.org/tmaki_vmware/helloworld \
  --git-branch main \
  --type web \
  --param gitops_ssh_secret=git-basic \
  --build-env BP_JVM_VERSION=17 \
  -n demo \
  -y

You can set the default value of the gitops_ssh_secret parameter in ootb_supply_chain_(basic|testing|testing_scanning).gitops.ssh_secret in tap-values.yaml when installing TAP

Look at the gitrepo resource and if READY is True, you can get the source code.

$ kubectl get gitrepo -n demo helloworld 
NAME         URL                                             READY   STATUS                                                            AGE
helloworld   https://bitbucket.org/tmaki_vmware/helloworld   True    Fetched revision: main/78e806b95a842748c1f6f3db13212330e120f80d   26s

It's OK if the workload is successfully deployed.

$ tanzu apps workload get -n demo helloworld
---
# helloworld: Ready
---
Source
type:     git
url:      https://bitbucket.org/tmaki_vmware/helloworld
branch:   main

Supply Chain
name:          source-to-url
last update:   94s
ready:         True

RESOURCE           READY   TIME
source-provider    True    10m
deliverable        True    10m
image-provider     True    2m3s
config-provider    True    114s
app-config         True    114s
config-writer      True    94s

Issues
No issues reported.

Pods
NAME                                           STATUS      RESTARTS   AGE
helloworld-00001-deployment-58f7fd4764-2m5dx   Running     0          49s
helloworld-build-1-build-pod                   Succeeded   0          10m
helloworld-config-writer-cgv7d-pod             Succeeded   0          110s

Knative Services
NAME         READY   URL
helloworld   Ready   http://helloworld-demo.vcap.me

To see logs: "tanzu apps workload tail helloworld --namespace demo"

✒️️ Edit  ⏰ History  🗑 Delete