This topic provides an overview of how to get started using the Application Service Adapter for Tanzu Application Platform:
After you install the Cloud Foundry command-line interface (cf CLI), log in to the Application Service Adapter and assign the admin role to an existing user in the Kubernetes cluster:
Target the cf CLI at the API endpoint.
cf api API-FQDN --skip-ssl-validation
Where API-FQDN is the fully qualified domain name (FQDN) for the Application Service Adapter API.
Note: If you configured the Application Service Adapter with a globally trusted certificate during installation, you can omit the
--skip-ssl-validationflag.
Log in with the cf CLI.
cf login
The cf CLI detects the user authentication entries in your local Kubeconfig file and presents them for you to select one interactively. Select a user on your target cluster whom you want to act as an admin.
Use the cf curl command to verify the subject name of the logged-in user.
cf curl /whoami
The output looks like the following:
{"name":"my_user@example.com","kind":"User"}
The value of the name field in the response is the subject name of the user.
Note: The
kindfield in the output must have the valueUser. If it is some other value, such asServiceAccount, log into the Application Service Adapter with an account for a user in the Kubernetes cluster.
Create a tas-adapter-admin.yaml file with a RoleBinding definition for the admin user:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cf-admin
namespace: cf
subjects:
- kind: User
name: CF-ADMIN-USERNAME
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: korifi-controllers-admin
apiGroup: rbac.authorization.k8s.io
Where CF-ADMIN-USERNAME is the user name you verify earlier.
Create the admin RoleBinding in the target cluster.
kubectl apply -f tas-adapter-admin.yaml
You can use cf create-org and cf create-space the same way that you do with Tanzu Application Service for VMs. Under the hood, these commands create a Kubernetes namespace for each org and each space and propagate required resources into the namespace.
To create orgs and spaces:
Create the Cloud Foundry org and space.
cf create-org ORG-NAME
cf target -o ORG-NAME
cf create-space SPACE-NAME
cf target -s SPACE-NAME
Where:
ORG-NAME is the name of the org you want to create.SPACE-NAME is the name of the space you want to create.(Optional) Assign the SpaceDeveloper role to other users in the Kubernetes cluster.
cf set-space-role USER-NAME ORG-NAME SPACE-NAME SpaceDeveloper
Where USER-NAME is the name of another user in the Kubernetes cluster.
Use the cf CLI to deploy a sample app to the Application Service Adapter installation.
cf push APP-NAME
Where APP-NAME is the name of your app.
Applications automatically receive a default HTTP route unless pushed with the --no-route flag. This default route uses the name of the app as the route host name. To configure additional routes for the app that you pushed, use the cf CLI to map a route to your app.
cf map-route APP-NAME apps.example.com --hostname my-app
Service credentials are provided to apps through user-provided service instances. See User-Provided Service Instances in the Cloud Foundry documentation.
To create and bind user-provided service instances, do the following:
cf create-user-provided-service SERVICE-INSTANCE-NAME -p '{"credential-name": "credential-value"}'
Where SERVICE-INSTANCE-NAME is the name of your service instance.
cf bind-service APP-NAME SERVICE-INSTANCE-NAME
cf restart APP-NAME
User-provided service instance credentials is provided to the app and staging tasks in two ways to support both existing TAS applications and next-generation frameworks, such as Spring Cloud Bindings:
