Install Tanzu Build Service on an air-gapped environment

This topic tells you how to install Tanzu Build Service on a Kubernetes cluster and registry that are air-gapped from external traffic.

Before you begin

Use this topic if you do not want to use a Tanzu Application Platform profile that includes Tanzu Build Service.

The Full, Iterate, and Build profiles include Tanzu Build Service. For more information about profiles, see Components and installation profiles.

Prerequisites

Before installing Tanzu Build Service:

  • Complete all prerequisites to install Tanzu Application Platform. For more information, see Prerequisites.

  • You must have access to a Docker registry that Tanzu Build Service can use to create builder images. Approximately 10 GB of registry space is required when using the full dependencies.

  • Your Docker registry must be accessible with user name and password credentials.

Deprecated Features

The Cloud Native Buildpack Bill of Materials (CNB BOM) format has been removed.

Install the Tanzu Build Service package

These steps assume that you have installed the Tanzu Application Platform packages in your air-gapped environment.

To install the Tanzu Build Service package on an air-gapped environment:

  1. Get the latest version of the Tanzu Build Service package by running:

    tanzu package available list buildservice.tanzu.vmware.com --namespace tap-install
    
  2. Gather the values schema by running:

    tanzu package available get buildservice.tanzu.vmware.com/VERSION --values-schema --namespace tap-install
    

    Where VERSION is the version of the Tanzu Build Service package you retrieved in the previous step.

  3. Create a tbs-values.yaml file. The required fields for an air-gapped installation are as follows:

    ---
    kp_default_repository: REPO-NAME
    kp_default_repository_secret:
      name: "SECRET_NAME"
      namespace: "SECRET_NAMESPACE"
    ca_cert_data: CA-CERT-CONTENTS
    exclude_dependencies: true
    

    Where:

    • REPO-NAME is the fully qualified path to a writeable repository in your internal registry. Tanzu Build Service dependencies are written to this location. For example:
      • For Harbor: harbor.io/my-project/build-service
      • For Artifactory: artifactory.com/my-project/build-service
    • SECRET_NAME is the name of the secret containing credentials that can write to REPO-NAME.
    • SECRET_NAMESPACE is the namespace of the secret containing credentials that can write to REPO-NAME.
    • CA-CERT-CONTENTS are the contents of the PEM-encoded CA certificate for the internal registry.
  4. Install the package by running:

    tanzu package install tbs \
      --package buildservice.tanzu.vmware.com \
      --version VERSION \
      --namespace tap-install \
      --values-file tbs-values.yaml
    

    Where VERSION is the version of the Tanzu Build Service package you retrieved earlier.

    For example:

    $ tanzu package install tbs \
        --package buildservice.tanzu.vmware.com \
        --version 1.12.4 \
        --namespace tap-install \
        --values-file tbs-values.yaml
    
    | Installing package 'buildservice.tanzu.vmware.com'
    | Getting namespace 'tap-install'
    | Getting package metadata for 'buildservice.tanzu.vmware.com'
    | Creating service account 'tbs-tap-install-sa'
    | Creating cluster admin role 'tbs-tap-install-cluster-role'
    | Creating cluster role binding 'tbs-tap-install-cluster-rolebinding'
    | Creating secret 'tbs-tap-install-values'
    - Creating package resource
    - Package install status: Reconciling
     Added installed package 'tbs' in namespace 'tap-install'
    

Install the Tanzu Build Service dependencies

Important

By default, Tanzu Build Service is installed with the lite dependencies.

When installing Tanzu Build Service in an air-gapped environment, the lite dependencies are not available because they require Internet access. You must install the full dependencies.

To install full dependencies:

  1. Get the latest version of the Tanzu Application Platform package by running:

    tanzu package available list tap.tanzu.vmware.com --namespace tap-install
    
  2. If you have not done so already, you must exclude the default dependencies by adding the key-value pair exclude_dependencies: true to your tap-values.yaml file under the buildservice section. For example:

    buildservice:
      exclude_dependencies: true
    
  3. If you have not updated your Tanzu Application Platform package installation after adding the key-value pair exclude_dependencies: true to your values file, perform the update by running:

    tanzu package installed update tap --namespace tap-install --values-file VALUES-FILE
    

    Where VALUES-FILE is the path to the tap-values.yaml file you edited earlier.

  4. Relocate the Tanzu Build Service full dependencies package repository by doing one of the following:

    • Relocate the images directly for online installation:

      imgpkg copy \
        -b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
        --to-repo ${INSTALL_REGISTRY_HOSTNAME}/full-deps-package-repo
      

      Where VERSION is the version of the Tanzu Application Platform package you retrieved earlier.

    • Relocate the images to an external storage device and then to the registry in the air-gapped environment:

      imgpkg copy \
        -b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
        --to-tar=full-deps-package-repo.tar
      
      # move full-deps-package-repo.tar to environment with registry access
      imgpkg copy \
        --tar full-deps-package-repo.tar \
        --to-repo=INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo
      

      Where:

      • VERSION is the version of the Tanzu Application Platform package you retrieved earlier.
      • INSTALL-REGISTRY-HOSTNAME is your container registry.
      • TARGET-REPOSITORY is your target repository.
  5. Add the Tanzu Build Service full dependencies package repository by running:

    tanzu package repository add full-deps-package-repo \
      --url INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo:VERSION \
      --namespace tap-install
    

    Where:

    • INSTALL-REGISTRY-HOSTNAME is your container registry.
    • TARGET-REPOSITORY is your target repository.
    • VERSION is the version of the Tanzu Application Platform package you retrieved earlier.
  6. Create a new tbs-full-deps-values.yaml and copy the kp_default_repository key-value pair from your tap-values.yaml or tbs-values.yaml:

    ---
     kp_default_repository: "REPO-NAME"
     kp_default_repository_secret:
       name: kp-default-repository-creds
       namespace: tap-install
    

    Where REPO-NAME is copied from the buildservice.kp_default_repository field in your tap-values.yaml or tbs-values.yaml.

    1. (Optional) Install the UBI builder.

      The UBI builder uses Red Hat Universal Base Image (UBI) v8 for both build and run images. This builder only supports Java and Node.js. To install the UBI builder, add the key-value pair enable_ubi_builder: true to your tbs-full-deps-values.yaml.

      ---
      enable_ubi_builder: true
      
    2. (Optional) Install the Static builder.

      The Static builder uses Ubuntu Jammy for both build images and a minimal static run image. This builder only supports Golang. To install the Static builder, add the key-value pair enable_static_builder: true to your tbs-full-deps-values.yaml.

      ---
      enable_static_builder: true
      
  7. Install the full dependencies package by running:

    tanzu package install full-deps \
      --package full-deps.buildservice.tanzu.vmware.com \
      --version "> 0.0.0" \
      --namespace tap-install \
      --values-file VALUES-FILE
    

    Where VALUES-FILE is the path to the tbs-full-deps-values.yaml you created earlier.

check-circle-line exclamation-circle-line close-line
Scroll to top icon