This topic tells you how to install Tanzu Build Service on a Kubernetes cluster and registry that are air-gapped from external traffic.
Use this topic if you do not want to use a Tanzu Application Platform profile that includes Tanzu Build Service.
The Full, Iterate, and Build profiles include Tanzu Build Service. For more information about profiles, see Components and installation profiles.
Before installing Tanzu Build Service:
Complete all prerequisites to install Tanzu Application Platform. For more information, see Prerequisites.
You must have access to a Docker registry that Tanzu Build Service can use to create builder images. Approximately 10 GB of registry space is required when using the full
dependencies.
Your Docker registry must be accessible with user name and password credentials.
The Cloud Native Buildpack Bill of Materials (CNB BOM) format has been removed.
These steps assume that you have installed the Tanzu Application Platform packages in your air-gapped environment.
To install the Tanzu Build Service package on an air-gapped environment:
Get the latest version of the Tanzu Build Service package by running:
tanzu package available list buildservice.tanzu.vmware.com --namespace tap-install
Gather the values schema by running:
tanzu package available get buildservice.tanzu.vmware.com/VERSION --values-schema --namespace tap-install
Where VERSION
is the version of the Tanzu Build Service package you retrieved in the previous step.
Create a tbs-values.yaml
file. The required fields for an air-gapped installation are as follows:
---
kp_default_repository: REPO-NAME
kp_default_repository_secret:
name: "SECRET_NAME"
namespace: "SECRET_NAMESPACE"
ca_cert_data: CA-CERT-CONTENTS
exclude_dependencies: true
Where:
REPO-NAME
is the fully qualified path to a writeable repository in your internal registry. Tanzu Build Service dependencies are written to this location. For example:
harbor.io/my-project/build-service
artifactory.com/my-project/build-service
SECRET_NAME
is the name of the secret containing credentials that can write to REPO-NAME
.SECRET_NAMESPACE
is the namespace of the secret containing credentials that can write to REPO-NAME
.CA-CERT-CONTENTS
are the contents of the PEM-encoded CA certificate for the internal registry.Install the package by running:
tanzu package install tbs \
--package buildservice.tanzu.vmware.com \
--version VERSION \
--namespace tap-install \
--values-file tbs-values.yaml
Where VERSION
is the version of the Tanzu Build Service package you retrieved earlier.
For example:
$ tanzu package install tbs \
--package buildservice.tanzu.vmware.com \
--version 1.12.4 \
--namespace tap-install \
--values-file tbs-values.yaml
| Installing package 'buildservice.tanzu.vmware.com'
| Getting namespace 'tap-install'
| Getting package metadata for 'buildservice.tanzu.vmware.com'
| Creating service account 'tbs-tap-install-sa'
| Creating cluster admin role 'tbs-tap-install-cluster-role'
| Creating cluster role binding 'tbs-tap-install-cluster-rolebinding'
| Creating secret 'tbs-tap-install-values'
- Creating package resource
- Package install status: Reconciling
Added installed package 'tbs' in namespace 'tap-install'
ImportantBy default, Tanzu Build Service is installed with the
lite
dependencies.
When installing Tanzu Build Service in an air-gapped environment, the lite
dependencies are not available because they require Internet access. You must install the full
dependencies.
To install full
dependencies:
Get the latest version of the Tanzu Application Platform package by running:
tanzu package available list tap.tanzu.vmware.com --namespace tap-install
If you have not done so already, you must exclude the default dependencies by adding the key-value pair exclude_dependencies: true
to your tap-values.yaml
file under the buildservice
section. For example:
buildservice:
exclude_dependencies: true
If you have not updated your Tanzu Application Platform package installation after adding the key-value pair exclude_dependencies: true
to your values file, perform the update by running:
tanzu package installed update tap --namespace tap-install --values-file VALUES-FILE
Where VALUES-FILE
is the path to the tap-values.yaml
file you edited earlier.
Relocate the Tanzu Build Service full
dependencies package repository by doing one of the following:
Relocate the images directly for online installation:
imgpkg copy \
-b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
--to-repo ${INSTALL_REGISTRY_HOSTNAME}/full-deps-package-repo
Where VERSION
is the version of the Tanzu Application Platform package you retrieved earlier.
Relocate the images to an external storage device and then to the registry in the air-gapped environment:
imgpkg copy \
-b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
--to-tar=full-deps-package-repo.tar
# move full-deps-package-repo.tar to environment with registry access
imgpkg copy \
--tar full-deps-package-repo.tar \
--to-repo=INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo
Where:
VERSION
is the version of the Tanzu Application Platform package you retrieved earlier.INSTALL-REGISTRY-HOSTNAME
is your container registry.TARGET-REPOSITORY
is your target repository.Add the Tanzu Build Service full
dependencies package repository by running:
tanzu package repository add full-deps-package-repo \
--url INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo:VERSION \
--namespace tap-install
Where:
INSTALL-REGISTRY-HOSTNAME
is your container registry.TARGET-REPOSITORY
is your target repository.VERSION
is the version of the Tanzu Application Platform package you retrieved earlier.Create a new tbs-full-deps-values.yaml
and copy the kp_default_repository
key-value pair from your tap-values.yaml
or tbs-values.yaml
:
---
kp_default_repository: "REPO-NAME"
kp_default_repository_secret:
name: kp-default-repository-creds
namespace: tap-install
Where REPO-NAME
is copied from the buildservice.kp_default_repository
field in your tap-values.yaml
or tbs-values.yaml
.
(Optional) Install the UBI builder.
The UBI builder uses Red Hat Universal Base Image (UBI) v8 for both build and run images. This builder only supports Java and Node.js. To install the UBI builder, add the key-value pair enable_ubi_builder: true
to your tbs-full-deps-values.yaml
.
---
enable_ubi_builder: true
(Optional) Install the Static builder.
The Static builder uses Ubuntu Jammy for both build images and a minimal static run image. This builder only supports Golang. To install the Static builder, add the key-value pair enable_static_builder: true
to your tbs-full-deps-values.yaml
.
---
enable_static_builder: true
Install the full
dependencies package by running:
tanzu package install full-deps \
--package full-deps.buildservice.tanzu.vmware.com \
--version "> 0.0.0" \
--namespace tap-install \
--values-file VALUES-FILE
Where VALUES-FILE
is the path to the tbs-full-deps-values.yaml
you created earlier.