(DK) Tanzu Application Platform (3)

https://huntedhappy.github.io/tanzu-application-platform/

The Documentation TAP

TANZU RABAC 설정

## GCR 키 dockerconfigjson으로 변수 저장
dockerconfigjson="$(kubectl get secret tbs-builder-secret-gen-placeholder-secret -n tap-install -o jsonpath={.data.\\.dockerconfigjson})"

## 배포

cat <<EOF | tee rbac.yaml
apiVersion: v1
kind: Secret
metadata:
  name: tap-registry
  annotations:
    secretgen.carvel.dev/image-pull-secret: ""
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: $(echo $dockerconfigjson)
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: default
secrets:
  - name: registry-credentials
imagePullSecrets:
  - name: registry-credentials
  - name: tap-registry
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: default
rules:
- apiGroups: [source.toolkit.fluxcd.io]
  resources: [gitrepositories]
  verbs: ['*']
- apiGroups: [source.apps.tanzu.vmware.com]
  resources: [imagerepositories]
  verbs: ['*']
- apiGroups: [carto.run]
  resources: [deliverables, runnables]
  verbs: ['*']
- apiGroups: [kpack.io]
  resources: [images]
  verbs: ['*']
- apiGroups: [conventions.apps.tanzu.vmware.com]
  resources: [podintents]
  verbs: ['*']
- apiGroups: [""]
  resources: ['configmaps']
  verbs: ['*']
- apiGroups: [""]
  resources: ['pods']
  verbs: ['list']
- apiGroups: [tekton.dev]
  resources: [taskruns, pipelineruns]
  verbs: ['*']
- apiGroups: [tekton.dev]
  resources: [pipelines]
  verbs: ['list']
- apiGroups: [kappctrl.k14s.io]
  resources: [apps]
  verbs: ['*']
- apiGroups: [serving.knative.dev]
  resources: ['services']
  verbs: ['*']
- apiGroups: [servicebinding.io]
  resources: ['servicebindings']
  verbs: ['*']
- apiGroups: [services.apps.tanzu.vmware.com]
  resources: ['resourceclaims']
  verbs: ['*']
- apiGroups: [scanning.apps.tanzu.vmware.com]
  resources: ['imagescans', 'sourcescans']
  verbs: ['*']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: default
subjects:
  - kind: ServiceAccount
    name: default
EOF

WorkLoad 실행

## IngressIP 확인
kubectl get svc -n tap-install

kubectl get httpproxy -A

Ingress 및 DNS 확인

GUI 접속 수 테스트 web app 배포

GCR에 저장된 폴더 지정

### GIT PUSH

unzip tanzu-java-web-app.zip

git init
git remote add origin git@github.com:huntedhappy/tanzu-java-web-app
git add .
git commit -m 'first'
git push origin main


## workload 실행

tanzu apps workload create tanzu-java-web-app \
 --git-repo https://github.com/huntedhappy/tanzu-java-web-app \
 --git-branch main \
 --type web \
 --label apps.tanzu.vmware.com/has-tests=true \
 --yes \
 -n tap-install


## 배포상태 확인
tanzu apps cluster-supply-chain list

tanzu apps workload tail tanzu-java-web-app --since 10m --timestamp -n tap-install

kubectl get workload,gitrepository,pipelinerun,images.kpack,podintent,app,services.serving -n tap-install