Install Tanzu Application Platform Iterate profile

This topic tells you how to install Iterate profile cluster by using a reduced values file.

The following is the YAML file sample for the iterate-profile:

profile: iterate

shared:
  ingress_domain: "INGRESS-DOMAIN"
  kubernetes_distribution: "openshift" # To be passed only for OpenShift. Defaults to "".
  kubernetes_version: "K8S-VERSION"
  image_registry:
    project_path: "SERVER-NAME/REPO-NAME" # To be used by Build Service by appending "/buildservice" and used by Supply chain by appending "/workloads"
    username: "KP-DEFAULT-REPO-USERNAME"
    password: "KP-DEFAULT-REPO-PASSWORD"
  ca_cert_data: | # To be passed if using custom certificates
  -----BEGIN CERTIFICATE-----
  MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY...
  -----END CERTIFICATE-----

ceip_policy_disclosed: FALSE-OR-TRUE-VALUE # Installation fails if this is not set to true. Not a string.

# The above shared keys may be overridden in the below section.

buildservice: # Optional if the corresponding shared keys are provided.
  kp_default_repository: "KP-DEFAULT-REPO"
  kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME"
  kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD"

supply_chain: basic
ootb_supply_chain_basic: # Optional if the shared above mentioned shared keys are provided.
  source:
    credentials_secret: "GIT-SOURCE-CREDENTIAL-SECRET-NAME" # (Optional) Defaults to "".
  registry:
    server: "SERVER-NAME"
    repository: "REPO-NAME"
  gitops:
    credentials_secret: "GITOPS-CREDENTIAL-SECRET-NAME" # (Optional) Defaults to "".

image_policy_webhook:
  allow_unmatched_tags: true

contour:
  envoy:
    service:
      type: LoadBalancer # (Optional) Defaults to LoadBalancer.

cnrs:
  domain_name: "TAP-ITERATE-CNR-DOMAIN" # Optional if the shared.ingress_domain is provided.

appliveview_connector:
  backend:
    sslDeactivated: TRUE-OR-FALSE-VALUE
    ingressEnabled: true
    host: appliveview.VIEW-CLUSTER-INGRESS-DOMAIN

tap_telemetry:
  customer_entitlement_account_number: "CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER" # (Optional) Identify data for creating Tanzu Application Platform usage reports.

Where:

  • K8S-VERSION is the Kubernetes version used by your OpenShift cluster. It must be in the form of 1.23.x or 1.24.x, where x stands for the patch version. Examples:
    • Red Hat OpenShift Container Platform v4.10 uses the Kubernetes version 1.23.3.
    • Red Hat OpenShift Container Platform v4.11 uses the Kubernetes version 1.24.1.
  • KP-DEFAULT-REPO is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
    • Harbor has the form kp_default_repository: "my-harbor.io/my-project/build-service".
    • Docker Hub has the form kp_default_repository: "my-dockerhub-user/build-service" or kp_default_repository: "index.docker.io/my-user/build-service".
    • Google Cloud Registry has the form kp_default_repository: "gcr.io/my-project/build-service".
  • KP-DEFAULT-REPO-USERNAME is the user name that can write to KP-DEFAULT-REPO. You can docker push to this location with this credential.
    • For Google Cloud Registry, use kp_default_repository_username: _json_key.
  • KP-DEFAULT-REPO-PASSWORD is the password for the user that can write to KP-DEFAULT-REPO. You can docker push to this location with this credential. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service for details.
    • For Google Cloud Registry, use the contents of the service account JSON file.
  • SERVER-NAME is the host name of the registry server. Examples:
    • Harbor has the form server: "my-harbor.io".
    • Docker Hub has the form server: "index.docker.io".
    • Google Cloud Registry has the form server: "gcr.io".
  • REPO-NAME is where workload images are stored in the registry. Images are written to SERVER-NAME/REPO-NAME/workload-name. Examples:
    • Harbor has the form repository: "my-project/supply-chain".
    • Docker Hub has the form repository: "my-dockerhub-user".
    • Google Cloud Registry has the form repository: "my-project/supply-chain".
  • GIT-SOURCE-CREDENTIAL-SECRET-NAME is the name of the Kubernetes secret in the developer namespace that supplies the Git credentials for the supply chain to fetch source code from. See Git authentication for more information.
  • GITOPS-CREDENTIAL-SECRET-NAME is the name of the Kubernetes secret in the developer namespace that supplies the Git credentials for the supply chain to push configuration to. See Git authentication for more information.
  • TAP-ITERATE-CNR-DOMAIN is the iterate cluster Cloud Native Runtimes domain.
  • VIEW-CLUSTER-INGRESS-DOMAIN is the subdomain you setup on the View profile cluster. This matches the value key appliveview.ingressDomain or shared.ingress_domain on the view cluster. Include the default host name appliveview. ahead of the domain.
  • CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER (optional) refers to the Entitlement Account Number (EAN), which is a unique identifier VMware assigns to its customers. Tanzu Application Platform telemetry uses this number to identify data that belongs to a particular customers and prepare usage reports.

If you use custom CA certificates, you must provide one or more PEM-encoded CA certificates under the ca_cert_data key. If you configured shared.ca_cert_data, Tanzu Application Platform component packages inherit that value by default.

If you set shared.ingress_domain in the iterate profile, the appliveview_connector.backend.host is automatically configured as host: appliveview.INGRESS-DOMAIN. To override the shared ingress for Application Live View to connect to the view cluster, set the appliveview_connector.backend.host key to appliveview.VIEW-CLUSTER-INGRESS-DOMAIN.

check-circle-line exclamation-circle-line close-line
Scroll to top icon