A note about deploying apps from source code on the Private Git Repository on the Tanzu Application Platform (TAP).
⚠️ This is not the case if
ootb_supply_chain_basic.gitops.commit_strategy
ispull_request
.
documentations are following:
- https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.3/tap/GUID-scc-building-from-source.html#private-gitrepository-1
- https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.3/tap/GUID-scc-git-auth.html
Use basic authentication instead of ssh here.
table of contents
For GitHub
Create an access token for the repo as shown below.
Create the following Secret in the target namespace.
GIT_SERVER=github.com
GIT_USERNAME=making
GIT_PASSWORD=ghp_Nnh*******
cat <<EOF > git-basic.yaml
apiVersion: v1
kind: Secret
metadata:
name: git-basic
annotations:
tekton.dev/git-0: https://${GIT_SERVER}
type: kubernetes.io/basic-auth
stringData:
username: ${GIT_USERNAME}
password: ${GIT_PASSWORD}
EOF
kubectl apply -f git-basic.yaml -n demo
Also set this Secret for the Service Account used by Workload.
kubectl patch serviceaccount default -p "{\"secrets\":[{\"name\":\"git-basic\"}]}" -n demo
Prepare source code on Private Git Repository. I will use the following repositories:
https://github.com/making/helloworld
Pass this secret to the gitops_ssh_secret
parameter when creating a workload like this:
tanzu apps workload apply helloworld \
--app helloworld \
--git-repo https://github.com/making/helloworld \
--git-branch main \
--type web \
--param gitops_ssh_secret=git-basic \
--build-env BP_JVM_VERSION=17 \
-n demo \
-y
You can set the default value of the
gitops_ssh_secret
parameter inootb_supply_chain_(basic|testing|testing_scanning).gitops.ssh_secret
intap-values.yaml
when installing TAP
Look at the gitrepo resource and if READY is True, you can get the source code.
$ kubectl get gitrepo -n demo helloworld
NAME URL READY STATUS AGE
helloworld https://github.com/making/helloworld True Fetched revision: main/78e806b95a842748c1f6f3db13212330e120f80d 26s
It's OK if the workload is successfully deployed.
$ tanzu apps workload get -n demo helloworld
---
# helloworld: Ready
---
Source
type: git
url: https://github.com/making/helloworld
branch: main
Supply Chain
name: source-to-url
last update: 94s
ready: True
RESOURCE READY TIME
source-provider True 10m
deliverable True 10m
image-provider True 2m3s
config-provider True 114s
app-config True 114s
config-writer True 94s
Issues
No issues reported.
Pods
NAME STATUS RESTARTS AGE
helloworld-00001-deployment-58f7fd4764-2m5dx Running 0 49s
helloworld-build-1-build-pod Succeeded 0 10m
helloworld-config-writer-cgv7d-pod Succeeded 0 110s
Knative Services
NAME READY URL
helloworld Ready http://helloworld-demo.vcap.me
To see logs: "tanzu apps workload tail helloworld --namespace demo"
For Bitbucket
Create an access token for the repo as shown below.
If you just want to get the source code from the Git Repository, only Read permission is fine, but this Secret is also used when writing the manifest with GitOps, so it is better to have Write permission as well.
Create the following Secret in the target namespace.
GIT_SERVER=bitbucket.org
GIT_USERNAME=tmaki_vmware
GIT_PASSWORD=ATBBg************
cat <<EOF > git-basic.yaml
apiVersion: v1
kind: Secret
metadata:
name: git-basic
annotations:
tekton.dev/git-0: https://${GIT_SERVER}
type: kubernetes.io/basic-auth
stringData:
username: ${GIT_USERNAME}
password: ${GIT_PASSWORD}
EOF
kubectl apply -f git-basic.yaml -n demo
Also set this Secret for the Service Account used by Workload.
kubectl patch serviceaccount default -p "{\"secrets\":[{\"name\":\"git-basic\"}]}" -n demo
Prepare source code on Private Git Repository. I will use the following repositories:
https://bitbucket.org/tmaki_vmware/helloworld
Pass this secret to the gitops_ssh_secret
parameter when creating a workload like this:
tanzu apps workload apply helloworld \
--app helloworld \
--git-repo https://bitbucket.org/tmaki_vmware/helloworld \
--git-branch main \
--type web \
--param gitops_ssh_secret=git-basic \
--build-env BP_JVM_VERSION=17 \
-n demo \
-y
You can set the default value of the
gitops_ssh_secret
parameter inootb_supply_chain_(basic|testing|testing_scanning).gitops.ssh_secret
intap-values.yaml
when installing TAP
Look at the gitrepo resource and if READY is True, you can get the source code.
$ kubectl get gitrepo -n demo helloworld
NAME URL READY STATUS AGE
helloworld https://bitbucket.org/tmaki_vmware/helloworld True Fetched revision: main/78e806b95a842748c1f6f3db13212330e120f80d 26s
It's OK if the workload is successfully deployed.
$ tanzu apps workload get -n demo helloworld
---
# helloworld: Ready
---
Source
type: git
url: https://bitbucket.org/tmaki_vmware/helloworld
branch: main
Supply Chain
name: source-to-url
last update: 94s
ready: True
RESOURCE READY TIME
source-provider True 10m
deliverable True 10m
image-provider True 2m3s
config-provider True 114s
app-config True 114s
config-writer True 94s
Issues
No issues reported.
Pods
NAME STATUS RESTARTS AGE
helloworld-00001-deployment-58f7fd4764-2m5dx Running 0 49s
helloworld-build-1-build-pod Succeeded 0 10m
helloworld-config-writer-cgv7d-pod Succeeded 0 110s
Knative Services
NAME READY URL
helloworld Ready http://helloworld-demo.vcap.me
To see logs: "tanzu apps workload tail helloworld --namespace demo"