Getting started with VMware Tanzu Application Catalog

This guide will walk you through getting started with VMware Tanzu Application Catalog (Tanzu Application Catalog) environment.

In addition, you will learn how to consume the Tanzu Application Catalog content in the following ways:

• Consume the Tanzu Application Catalog artifacts in your local machine via Docker or Helm CLI
• Consume the Tanzu Application Catalog artifacts through Kubeapps
• Consume the Tanzu Application Catalog artifacts through Google Container Registry
• Consume the Tanzu Application Catalog artifacts through a private repository: Harbor

Enterprises can consume and deploy trusted and updated applications from a catalog tailored to their needs. This catalog is distributed through a private repository to internal customers.

What to do first

Ensure:

• You have a VMware Cloud Services account. This is also known as VMware Account.
• You have access to the VMware Cloud Services Portal (CSP).
• You have subscribed to Tanzu Application Catalog service. To subscribe to Tanzu Application Catalog, see Tanzu Application Catalog.
• You have the necessary roles assigned to create or view application requests and manage or view base images and registries. These roles are defined in your VMware Cloud Services account.
• You have a Docker environment installed and configured. For more information on installing Docker, see Install Docker Engine.
• You have a Kubernetes cluster. For more information, see Get Started with Bitnami Charts using Minikube.
• You have Helm v3.x installed in your local machine or the operator workstation.
• You have Kubeapps installed in your cluster and logged into the Kubeapps UI.
• You have a user account in Google Cloud Platform.

To get started with Tanzu Application Catalog, follow the steps as explained in the sections below:

1. Sign into Tanzu Application Catalog

2. Browse Tanzu Application Catalog

3. Create custom catalogs

4. Consume Tanzu Application Catalog artifacts

5. Delete applications from your catalog

Sign into Tanzu Application Catalog

Go to Tanzu Application Catalog and sign in using your VMware Account.

Browse Tanzu Application Catalog

Tanzu Application Catalog has an extensive collection of continuously maintained and tested container images and Helm charts.

Note

The actions you can perform after you log in are based on the roles assigned to your account. There are two types of roles:

1. App Catalog Admin: This role allows a user to manage the catalog and see all the information regarding it. A user with this role can create application requests and manage base images and registries.
2. App Catalog User: This role allows a user to see data through the catalog but not make any changes to it. They can’t perform application requests or manage registries and base images.

To view which role is assigned to you:

1. In your VMWare Cloud Services account, on the Cloud Services Console toolbar, click your user name and select “My Account”.
2. Click the “My Roles” tab.
3. Under Service Roles expand Tanzu Application Catalog to view the type of role assigned to you.

To browse the Tanzu Application Catalog:

1. After signing into Tanzu Application Catalog, from the left navigation page, click “Applications”.

A list of all the applications available on Tanzu Application Catalog display.

These applications are continuously updated, so that you can consume them for development and deployment.

Browse Containers

To browse the extensive list of container images available on Tanzu Application Catalog, on the left pane, click the Container Image filter. List of all the container images available on Tanzu Application Catalog is displayed with the following information:

• Base image
• Container image version
• Release status of the container
• Date of the most recent release

• “Details” link to view more information associated with that container image

  

  If a container has more than one released version, then all the versions are displayed.

  

You can use the following filters to search the container of your choice in the catalog:

• By Type
• By Status
• By Operating System

The following image shows the catalog filtered by type, status, and operating system:

You can view the following information when you click “Details” next to an application:

• Name of the container and whether the image is a part of a Helm chart
• Status of the release
• Image References:
  • Digest: Repository URL where the image is stored
  • Container tags: use these tags to run your container

• Build Time Reports: Click “Download” to save a copy of the available reports in your local machine. There are four types of reports for containers:

  • Asset Specification
  • Test Results
  • Antivirus Scan Result
  • CVE Scan Result, in both scanner-native and CVRF formats

  

Browse Helm Charts

To browse the extensive list of Helm charts available on Tanzu Application Catalog, on the left pane, click the Helm Chart filter. List of all the Helm charts available on Tanzu Application Catalog is displayed with the following information:

• Base image
• Chart version
• Status of chart’s release
• Date of the latest release
• Dependencies: container image included in the chart and its related information such as status, base image, and release version

• “Details” link to view more information associated with that chart or its container image

  

You can use the following filters to search the Helm charts of your choice in the catalog:

• By type
• By status
• By operating system

The following image shows the catalog filtered by type, status, and operating system:

You can view the following information when you click “Details” next to a Helm chart:

• Name of the Helm chart and if it has any container image as a dependency
• Status of the release
• Release information: commands to install the chart
• Chart information: digest, name, version, and repository URL
• Build Time Reports: Click “Download” to save a copy of the available reports in your local machine. There are two types of reports for charts:
  • Asset Specification
  • Test Results

• Dependencies: Container image included in the chart and its related information such as status, base image and release version

  

  You can inspect the chart dependencies by clicking the container image. You will see the information related to that container, showing a tag indicating that the selected container is a part of a Helm chart:

  

Create custom catalogs

Tanzu Application Catalog provides you with the option of creating your own custom catalog. To create a custom catalog:

1. In the left navigation pane, click “Applications”.

2. In the “My Applications” page, click “ADD NEW APPLICATIONS”.

   The “Add New Applications” page display.

   

3. Add new applications to Tanzu Application Catalog using either the Basic or Custom configuration. To know more about the configuration, see Configuration Select one configuration, and then click “NEXT”.

   Note

   By choosing the “Basic” configuration you can get the applications from the community edition of Bitnami Application Catalog in your private repository.

4. You can deploy Tanzu Application Catalog on Kubernetes or virtual machine platforms. Select one of the following platforms, the associated base image options, and then click “NEXT”:

   Important

   If you choose Basic configuration, you cannot select the VMware supported base image.

“Kubernetes” option

---

If you are deploying Tanzu Application Catalog on Kubernetes, click on the “Kubernetes” tile.

A list of all the VMware supported base images for Kubernetes appears. Select a base image from the list.

Important

You can select the base image only if you have chosen Custom configuration in step 3. If you select the “Custom Base Image” option, a list of all the custom base images that you would have added previously will appear. Select a base image from the list and then click “NEXT”. If you wish to add a new custom base image, then follow these instructions:

1. In the left navigation pane, click “Base Images”.

   The “Base Images” page appears.

2. On the “Add New Image” tile, click “ADD”.

3. In the “Add Custom Base Image” dialog, do the following and then click “ADD”:

   • Provide a name and description for the base image.

     • Select a registry that you have added to Tanzu Application Catalog.

       Note

       If you have not yet created any registry or if you do not want choose the existing registries and wish to add a new registry, see Adding a new Registry.

     • Enter the location or path to the base image in the chosen registry you configured previously. For example, base-images/debian:buster or just debian:buster depending on the registry URL you previously configured. If you don’t specify a version, then Tanzu Application Catalog considers the latest version.
     • Select an operating system for the base image.

     The base image that you added appears in the “My Custom Base Images” section.

     

“Virtual Machines” option

If you are deploying Tanzu Application Catalog on virtual machines, click on the “Virtual Machines” tile.

Note

Virtual machine image is provided in OVA format. Also, You can select the base image only if you have chosen Custom configuration in Step 3.

1. Select the applications for your catalog and then click “NEXT”.

   

   The “Active Artifacts” counter, below the application list, displays the number of artifacts selected, total number of artifacts eligible for your subscription quota, and the number of artifacts remaining in your subscription quota.

   Example At the time of adding a new application, your subscription entitles you to 25 artifacts. As you have already consumed five artifacts the Active Artifacts counter displays “25 (20 left)”. If you select five more applications from the list the Active Artifacts counter would display “25 (15 left)”.

   Note

   You will not be able to select an application in the following scenarios: - Application is not compatible with the base image that you have selected. - Application is already part of your catalog.

   

2. A list of all the registries that you would have added previously appears. Select an appropriate registry from the list and click “NEXT” . After your request is processed, all the applications and their updates will be pushed to this registry.

   Notes If you have not yet created any registry or if you do not want to choose the existing registries and want to add a new registry, see Adding a new Registry. Tanzu Application Catalog supports Google Container Registry, Google Artifact Registry, Azure Container Registry, Amazon Elastic Container Registry, Harbor, JFrog Container Registry, and GitHub Container Registry. Enter the configuration details based on your storage registry provider.

3. (Optional) Provide an appropriate name and description for your request and then click “NEXT”.

   

4. Review the summary of your request, make appropriate changes if required and, then click “SUBMIT”.

   A message appears confirming that your new application request has been successfully submitted.

   Note

   It may take up to two weeks to review and process your request. You can monitor the status of your request in the “My Requests” tab. It displays the list of all the requests you have submitted along with the status. It also displays the statistics of your active artifacts and requests. You can view the details by clicking the arrow next to each request.

   

After your request is processed, the application appears in the “My Applications” tab.

Consume Tanzu Application Catalog artifacts

Tanzu Application Catalog builds trusted and continuously maintained content that can be consumed in the following ways:

• In your local machine via Docker or Helm CLI
• Through Kubeapps
• Through Google Container Registry
• Through a private repository: Harbor

Consume the Tanzu Application Catalog Artifacts in your local machine

Tip For more information, see Consume Tanzu Application Catalog Helm charts in your local machine.

In this scenario, we will describe how to push the content to your local machine using the Docker or the Helm CLI depending on the type of content you want to use.

To run a container from Tanzu Application Catalog:

1. Navigate to a catalog and click the “Details” link of the container you want to run.
2. Copy any of the links you will find under the “Container Tags” section, depending on the base OS image you want to run.

3. Execute the docker run command followed by the container tag you selected. The below command is an example of how to download and run the container image for Chartmuseum (replace the example registry URL shown with the corresponding URL for your Tanzu Application Catalog container registry):

   docker run gcr.io/sys-2b0109it/demo/bitnami/chartmuseum:0-centos-7
   

To run a Helm chart from Tanzu Application Catalog:

1. Navigate to a catalog and click the “Details” link of the chart you want to deploy.

2. Copy the commands you will find in the “Helm Install” section and execute them in a terminal window on the machine you have your Kubernetes cluster running.

   

Consume the Tanzu Application Catalog artifacts through Kubeapps

Tip For more information, see Consume VMware Tanzu Application Catalog Helm charts using Kubeapps.

You can deploy the Helm charts available in your catalog using the Kubeapps user interface. To do so, you only need to add the Tanzu Application Catalog as a new package repository in Kubeapps.

1. Log in to Kubeapps.

2. Select the namespace by clicking on the context selector dropdown on the top right. Select the namespace you want, for instance, “my-namespace” or “default”, and click on “Change Context”.

   

3. In the “Administration” menu on the right panel, select the “Package Repositories” option.

   

4. Click on the “Add Package Repository” button and a form will be displayed.

   

   1. Inside the “Basic Information” tab:

      1. Enter a descriptive “Name”, for instance, vac.

      2. Enter a repository “URL” as follows:

         1. If you want to add the entire catalog to Kubeapps, use the Tanzu Application Catalog URL you already have with your subscription. For more information, contact your VMware representative. Note that the URL used in the screenshots is just a placeholder, not a real one.

         2. If you just want to add a specific chart to Kubeapps, add the chart URL you will find under the “Chart Information” section in the Tanzu Application Catalog:

         

         1. Select Helm Charts as the “Packaging Format”.

         2. Select Namespaced as the “Scope”, so that the repository becomes available just in the selected namespace.

         3. Select OCI Registry as the “Package Storage Type”.

      

   2. Inside the “Authentication” tab:

      1. Select Basic Auth for the “Repository Authorization”.

      2. In the “Username” and “Password” fields, enter the generated credentials for the application repository in the Tanzu Application Catalog. If unsure, contact your VMware representative.

      3. Use None (Public) for the “Container Registry Credentials”.

      4. Click on the “Install Repository” button.

      

5. The new repository is now created and being synchronized. This process may take a few minutes. It is normal to see an empty catalog while all the packages are being synced.

   

   To check the progress of the synchronization task, execute:

   # Replace "vac" with the repository name you chose, and "my-namespace" with the namespace you used
   
   kubectl logs -n my-namespace -l apprepositories.kubeapps.com/repo-name=vac
   

6. In the Catalog tab, you can find your packages ready to be used.

   

Consume the Tanzu Application Catalog artifacts through Google Container Registry

The Tanzu Application Catalog demo that you are accessing automatically pushes the content of the container catalogs to Google Container Registry (GCR), so it is very easy to check and manage a container image from the Google Cloud platform user interface.

1. Navigate to a container catalog and click the “Details” link of the container image you want to check.

2. Copy the URL you will find under the “Digest” section.

   

   • Log in to Google Cloud Platform if you aren’t, open a new tab of your browser and paste the URL in the navigation bar. You will be redirected to the Google Container Registry. You will see all the information related to the container image you selected:

     

3. To pull the image, click “Show Pull Command”, copy the commands and paste them into a terminal window or in the Google Cloud Shell.

   

Consume the Tanzu Application Catalog artifacts through a private repository: Harbor

Tip For more information, see Consume Tanzu Application Catalog Images using a Private Harbor Registry.

Delete applications from your catalog

If you are no longer using an application, you can delete it from your catalog. This decreases the active artifacts consumption in your subscription.

When you delete an application, it will be greyed out and marked as deleted in your catalog. Tanzu Application Catalog stops releasing new updates to the deleted application in your catalog. After two months from the date of deletion, the application will be marked as archived and moved to the “Archived” tab.

To delete applications from your catalog:

1. Go to “Applications”. In the “My Requests” tab, click “DELETE APPLICATIONS”.

   The Delete Application page appears.

2. Select the applications that you want to delete from your catalog and then click “DELETE APPLICATIONS”.

   Note

   The “Used” count in the Active Artifacts counter changes for each application that you select for deletion.

   A message appears prompting if you really want to delete the selected applications.

   

3. Click “CONFIRM”.

   A message appears confirming that your request for deleting the applications has been submitted.

4. Click “GO TO MY APPLICATIONS”.

   The “My Applications” tab is displayed. The “Release Status” of the applications that you deleted appears as “Deleting” and the “Released At” value will be “Stopped updates”. After two months, the deleted applications will no longer be listed in the “My Applications” tab. They will be moved to the “Archived” tab.

   

Adding a new registry

To add a new registry:

1. In the left navigation pane, click “Registries”.

   1. In the “Registries” page that appears, click “Add Registry” tile.

   2. In the “Add Registry” dialog, provide the following information and click “ADD”:

      • Provider
      • Name
      • Description
      • Registry URL
      • Username
      • Egress IP(s)

      Note

      The Egress IP(s) field appears only if your registry that trying to configure is either GCR or Harbor.

   3. The Tanzu Application Catalog validates the registry you are trying configure. After successful validation, a message appears confirming that your request to add a new registry has been successfully submitted.

   4. Click “OK”.

      The newly added registry appears in the “My Registries” section.

Google Container Registry (GCR)

To add GCR, do the following:

• Ensure that you have enabled the container registry in GCR. For more information, see Enabling and disabling the service.

• Enter the following configuration details:

  Field	Description
  Provider	Select the “Google Container Registry (GCR)” option.
  Name	Enter a name.
  Description	Enter a description.
  Registry URL	Enter the path to the GCR registry appended with https://. For example, https://gcr.io/myvacregistry. This corresponds to the base URL where the GCR instance resides. VAC pushes all the requested assets to this GCR instance. The registry URL contains the path to the repository. In GCR, repositories are created on the fly while pushing the subscribed assets for the first time.
  Credentials (JSON)	Copy and paste the contents of the Credentials.JSON file generated by GCR in the service account as shown in the image below. For more information on how to generate credentials in GCR, see JSON key file.

  

Google Artifact Registry (GAR)

To add GAR, do the following:

• Ensure that you have enabled the container registry in GAR. For more information, see Enabling and disabling the service.

• Enter the following configuration details:

  Field	Description
  Provider	Select the “Google Artifact Registry (GAR)” option.
  Name	Enter a name.
  Description	Enter a description.
  Registry URL	Enter the path to the GAR registry appended with https://. For example, https://us-east4-docker.pkg.dev/my-registry. This corresponds to the base URL where the GAR instance resides. VAC pushes all the requested assets to this GAR instance. The registry URL contains the path to the repository. In GAR, repositories are created on the fly while pushing the subscribed assets for the first time.
  Credentials (JSON)	Copy and paste the contents of the Credentials.JSON file generated by GAR in the service account as shown in the image below. For more information on how to generate credentials in GAR, see JSON key file.

  

Azure Container Registry

To add Azure Container Registry, do the following:

• Ensure that you have created an Azure container registry. For more information on how to create a registry, see Create an Azure container registry using the Azure portal.

• Enter the following configuration details:

  Field	Description
  Provider	Select the “Azure Container Registry” option.
  Name	Enter a name.
  Description	Enter a description.
  Registry URL	Enter the Azure login server path appended with https://. For example, https://myvacregistry.azurecr.io. This corresponds to the base URL where the Azure Container Registry instance resides. VAC pushes all the requested assets to this Azure container registry. The registry URL contains the path to the repository. In the Azure Container Registry, the repositories are created on the fly while pushing the subscribed assets for the first time.
  Access Key	Enter the username that corresponds to the username generated on the Azure portal. It is recommended to provide the registry access by generating a service principal with read and write access. For more information on how to generate service principal object, see Azure Container Registry authentication with service principals.
  Password	Enter the password that corresponds to the password generated on the Azure portal. It is recommended to provide registry access by generating a service principal with read and write access. For more information on how to generate service principal object, see Azure Container Registry authentication with service principals.

  

Amazon Elastic Container Registry

To add Amazon Elastic Container Registry, do the following:

• Ensure that you have created an IAM user with enough permissions to push and pull artifacts to the registry.

• Enter the following configuration details:

  Field	Description
  Provider	Select the “Amazon Elastic Container Registry” option.
  Name	Enter a name.
  Description	Enter a description.
  Registry URL	Enter the Amazon ECR login server path appended with https://. For example, https://456981234946.dkr.ecr.us-east-1.amazonaws.com. This corresponds to the base URL where the Amazon Elastic Container Registry instance resides. VAC pushes all the requested assets to this Amazon container registry. The registry URL contains the path to the repository. In the Amazon Elastic Container Registry, the repositories are created on the fly while pushing the subscribed assets for the first time.
  Access Key ID	Enter the Access Key ID created on the AWS portal. It is recommended to provide the registry access by generating an IAM user with read and write access. For more information on how to configure ECR access , see Identity and Access Management for Amazon Elastic Container Registry.
  Secret Access Key	Enter the Secret Access Key on the AWS portal. It is recommended to provide registry access by generating an IAM user with read and write access. For more information on how to configure ECR access, see Identity and Access Management for Amazon Elastic Container Registry.

  

Harbor

To add a Harbor registry, do the following:

• Ensure that you have created a project in Harbor. For more information on how to create a project, see Create Projects.

• Enter the following configuration details:

  Field	Description
  Provider	Select the “Harbor” option.
  Name	Enter a name.
  Description	Enter a description.
  Registry URL	Enter the path to the Harbor project appended with https://. For example, https:\\demo.goharbor.io\myproject. This corresponds to the base URL where the Harbor project instance resides. VAC pushes all the requested assets to this Harbor project. The registry URL contains the path to the repository. In Harbor, the repositories are created on the fly while pushing the subscribed assets for the first time.
  Access Key	Enter the username that corresponds to the username generated on the Harbor portal. It is recommended to provide registry access by generating a robot account with read and write access. For more information on robot accounts, see Create Project Robot Accounts.
  Password	Enter the password that corresponds to the password generated on the Harbor portal. It is recommended to provide registry access by generating a robot account with read and write access. For more information on robot accounts, see Create Project Robot Accounts.

  

JFrog Container Registry (JCR)

To add a JFrog Container Registry, do the following:

• Ensure that you have created an JFrog Container Registry. For more information on how to create a registry, see Getting Started With Artifactory as a Docker Registry.

• Enter the following configuration details:

  Field	Description
  Provider	Select the “JFrog Container Registry (JCR)” option.
  Name	Enter a name.
  Description	Enter a description.
  Registry URL	Enter the path to the JCR registry appended with https://. For example, https://myvacregistry-docker-local.artifactory.acme.com (the URL may vary depending on if the artifactory instance is on cloud or on-self-hosted). This corresponds to the base URL where the JCR instance resides. VAC pushes all the requested assets to this JCR instance. The registry URL contains path to the repository. In JCR, repositories are created on the fly while pushing the subscribed assets for the first time.
  Username	Enter the username that corresponds to the username generated on the JCR portal.
  Password	Enter the password that corresponds to the password generated on the JCR portal.

  

GitHub Container Registry (GHCR)

To add a GitHub Container Registry, do the following:

• Ensure that you have enabled the container registry in GHCR. For more information, see Working with the Container Registry.

• Enter the following configuration details:

  Field	Description
  Provider	Select the “GitHub Container Registry” option.
  Name	Enter a name.
  Description	Enter a description.
  Registry URL	Enter the GHCR login server path appended with https://. For example, https://ghcr.io/mygithubaccount. This corresponds to the base URL where the GitHub Container Registry instance resides. VAC pushes all the requested assets to this GitHub Container registry. The registry URL contains the path to the repository.
  Username	Enter the username of your GitHub account. (It could be an org, an enterprise or a user).
  Password	Provide the Personal Access Token with write packages permission. For more information on how to generate Personal Access Token, see Authenticating with a personal access token (classic).

  

Summary

After going through this section with your demo account, you should be able to see the catalog examples that we have built, how to view the anti-virus and CVE results, and how to consume the artifacts that are in the Tanzu Application Catalog.

For a customized experience for testing, contact VMware sales representative. They will work with you to create a POC that includes your target format, base image, and applications of your choice.

Useful links

• Tanzu Application Catalog
• Tanzu Application Catalog documentation
• Tanzu Application Catalog FAQs
• Consume VMware Tanzu Application Catalog Helm charts in your local machine
• Consume VMware Tanzu Application Catalog Helm charts using Kubeapps
• Consume VMware Tanzu Application Catalog Images using a Private Harbor Registry
• Transition Applications to VMware Tanzu Application Catalog
• VMware Cloud Services documentation
• VMware Cloud Services Portal (CSP)