Install Tanzu Build Service

This topic describes how to install Tanzu Build Service from the Tanzu Application Platform (commonly known as TAP) package repository by using the Tanzu CLI.

Before you begin

Use this topic if you do not want to use a Tanzu Application Platform profile that includes Tanzu Build Service. The Full, Iterate, and Build profiles include Tanzu Build Service. For more information about profiles, see Components and installation profiles.

The following procedure might not include some configurations required for your environment. For advanced information about installing Tanzu Build Service, see the Tanzu Build Service documentation.

Prerequisites

Before installing Tanzu Build Service:

  • Complete all prerequisites to install Tanzu Application Platform. For more information, see Prerequisites.

  • You must have access to a Docker registry that Tanzu Build Service can use to create builder images. Approximately 10 GB of registry space is required when using the full dependencies.

  • Your Docker registry must be accessible with user name and password credentials.

Deprecated Features

The Cloud Native Buildpack Bill of Materials (CNB BOM) format has been removed.

Install the Tanzu Build Service package

To install Tanzu Build Service by using the Tanzu CLI:

  1. Get the latest version of the Tanzu Build Service package by running:

    tanzu package available list buildservice.tanzu.vmware.com --namespace tap-install
    
  2. Gather the values schema by running:

    tanzu package available get buildservice.tanzu.vmware.com/VERSION --values-schema --namespace tap-install
    

    Where VERSION is the version of the Tanzu Build Service package you retrieved earlier in this procedure.

  3. Create the secret for the kp-default-repository credentials using the tanzu cli:

    tanzu secret registry add kp-default-repository-creds \
      --server "${REGISTRY-HOSTNAME}" \
      --username "${REGISTRY-USERNAME}" \
      --password "${REGISTRY-PASSWORD}" \
      --namespace tap-install
    

    Where: - REGISTRY-HOST is the host name for the registry that contains your kp_default_repository. For example: - Harbor has the form server: "my-harbor.io". - Docker Hub has the form server: "index.docker.io". - Google Cloud Registry has the form server: "gcr.io". - REGISTRY-USERNAME and REGISTRY-PASSWORD are the user name and password for the user that can write to the repository used in the following step. For Google Cloud Registry, use _json_key as the user name and the contents of the service account JSON file for the password.

  4. Create a tbs-values.yaml file using the following template. If shared.image_registry.project_path and shared.image_registry.secret are configured in the tap-values.yaml file, Tanzu Build Service inherits all three values in that section. This can be disabled by setting any of the following three values.

    ---
    kp_default_repository: "REPO-NAME"
    kp_default_repository_secret:
      name: kp-default-repository-creds
      namespace: tap-install
    

    Where: - REPO-NAME is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples: - Harbor has the form "my-harbor.io/my-project/build-service". - Docker Hub has the form "my-dockerhub-user/build-service" or "index.docker.io/my-user/build-service". - Google Cloud Registry has the form "gcr.io/my-project/build-service".

  5. If you are running on OpenShift, add kubernetes_distribution: openshift to your tbs-values.yaml file.

  6. (Optional) Under the ca_cert_data key in the tbs-values.yaml file, provide a PEM-encoded CA certificate for Tanzu Build Service. This certificate is used for accessing the container image registry and is also provided to the build process.

    Note

    If shared.ca_cert_data is configured in the tap-values.yaml file, Tanzu Build Service inherits that value.

    Configuring ca_cert_data key in the tbs-values.yaml file adds the CA certificates at build time. To add CA certificates to the built image, see Configure custom CA certificates for a single workload using service bindings.

    For example:

    ---
    kp_default_repository: "REPO-NAME"
    kp_default_repository_secret:
      name: kp-default-repository-creds
      namespace: tap-install
    ca_cert_data: |
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
    
  7. (Optional) Tanzu Build Service is bootstrapped with the lite set of dependencies. To configure full dependencies, add the key-value pair exclude_dependencies: true to your tbs-values.yaml file. This is to exclude the default lite dependencies from the installation. For example:

    ---
    kp_default_repository: "REPO-NAME"
    kp_default_repository_secret:
      name: kp-default-repository-creds
      namespace: tap-install
    exclude_dependencies: true
    

    For more information about the differences between full and lite dependencies, see About lite and full dependencies.

  8. Install the Tanzu Build Service package by running:

    tanzu package install tbs \
      --package buildservice.tanzu.vmware.com \
      --version VERSION \
      --namespace tap-install \
      --values-file tbs-values.yaml
    

    Where VERSION is the version of the Tanzu Build Service package you retrieved earlier.

    For example:

    $ tanzu package install tbs \
        --package buildservice.tanzu.vmware.com \
        --version 1.12.4 \
        --namespace tap-install \
        --values-file tbs-values.yaml
    
    | Installing package 'buildservice.tanzu.vmware.com'
    | Getting namespace 'tap-install'
    | Getting package metadata for 'buildservice.tanzu.vmware.com'
    | Creating service account 'tbs-tap-install-sa'
    | Creating cluster admin role 'tbs-tap-install-cluster-role'
    | Creating cluster role binding 'tbs-tap-install-cluster-rolebinding'
    | Creating secret 'tbs-tap-install-values'
    - Creating package resource
    - Package install status: Reconciling
    
     Added installed package 'tbs' in namespace 'tap-install'
    
  9. (Optional) Verify the cluster builders that the Tanzu Build Service installation created by running:

    tanzu package installed get tbs -n tap-install
    
  10. If you configured full dependencies in your tbs-values.yaml file, install the full dependencies by following the procedure in Install full dependencies.

Use AWS IAM authentication for registry credentials

Tanzu Build Service supports using AWS IAM roles to authenticate with Amazon Elastic Container Registry (ECR) on Amazon Elastic Kubernetes Service (EKS) clusters.

To use AWS IAM authentication:

  1. Configure an AWS IAM role that has read and write access to the repository in the container image registry used when installing Tanzu Application Platform.

  2. Use the following alternative configuration for tbs-values.yaml:

    Note

    if you are installing Tanzu Build Service as part of a Tanzu Application Platform profile, you configure this in your tap-values.yaml file under the buildservice section.

    ---
      kp_default_repository: "REPO-NAME"
      kp_default_repository_aws_iam_role_arn: "IAM-ROLE-ARN"
    

    Where:

    • REPO-NAME is a writable repository in your registry. Tanzu Build Service dependencies are written to this location.
    • IAM-ROLE-ARN is the AWS IAM role Amazon Resource Name (ARN) for the role configured earlier in this procedure. For example, arn:aws:iam::xyz:role/my-install-role.
  3. The developer namespace requires configuration for Tanzu Application Platform to use AWS IAM authentication for ECR. Configure an AWS IAM role that has read and write access to the registry for storing workload images.

  4. Using the supply chain service account, add an annotation including the role ARN configured earlier by running:

    kubectl annotate serviceaccount -n DEVELOPER-NAMESPACE SERVICE-ACCOUNT-NAME \
      eks.amazonaws.com/role-arn=IAM-ROLE-ARN
    

    Where:

    • DEVELOPER-NAMESPACE is the namespace where workloads are created.
    • SERVICE-ACCOUNT-NAME is the supply chain service account. This is default if unset.
    • IAM-ROLE-ARN is the AWS IAM role ARN for the role configured earlier. For example, arn:aws:iam::xyz:role/my-developer-role.
  5. Apply this configuration by continuing the steps in Install the Tanzu Build Service package.

Install full dependencies

If you configured full dependencies in your tbs-values.yaml file, you must install the full dependencies package. For a more information about lite and full dependencies, see About lite and full dependencies.

To install full Tanzu Build Service dependencies:

  1. Get the latest version of the Tanzu Application Platform package by running:

    tanzu package available list tap.tanzu.vmware.com --namespace tap-install
    
  2. If you have not done so already, you must exclude the default dependencies by adding the key-value pair exclude_dependencies: true to your tap-values.yaml file under the buildservice section. For example:

    buildservice:
      exclude_dependencies: true
    
  3. If you have not updated your Tanzu Application Platform package installation after adding the key-value pair exclude_dependencies: true to your values file, perform the update by running:

    tanzu package installed update tap --namespace tap-install --values-file VALUES-FILE
    

    Where VALUES-FILE is the path to the tap-values.yaml file you edited earlier.

  4. Relocate the Tanzu Build Service full dependencies package repository by doing one of the following:

    • Relocate the images directly for online installation:

      imgpkg copy \
        -b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
        --to-repo ${INSTALL_REGISTRY_HOSTNAME}/full-deps-package-repo
      

      Where VERSION is the version of the Tanzu Application Platform package you retrieved earlier.

    • Relocate the images to an external storage device and then to the registry in the air-gapped environment:

      imgpkg copy \
        -b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
        --to-tar=full-deps-package-repo.tar
      
      # move full-deps-package-repo.tar to environment with registry access
      imgpkg copy \
        --tar full-deps-package-repo.tar \
        --to-repo=INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo
      

      Where:

      • VERSION is the version of the Tanzu Application Platform package you retrieved earlier.
      • INSTALL-REGISTRY-HOSTNAME is your container registry.
      • TARGET-REPOSITORY is your target repository.
  5. Add the Tanzu Build Service full dependencies package repository by running:

    tanzu package repository add full-deps-package-repo \
      --url INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo:VERSION \
      --namespace tap-install
    

    Where:

    • INSTALL-REGISTRY-HOSTNAME is your container registry.
    • TARGET-REPOSITORY is your target repository.
    • VERSION is the version of the Tanzu Application Platform package you retrieved earlier.
  6. Create a new tbs-full-deps-values.yaml and copy the kp_default_repository key-value pair from your tap-values.yaml or tbs-values.yaml:

    ---
     kp_default_repository: "REPO-NAME"
     kp_default_repository_secret:
       name: kp-default-repository-creds
       namespace: tap-install
    

    Where REPO-NAME is copied from the buildservice.kp_default_repository field in your tap-values.yaml or tbs-values.yaml.

    1. (Optional) Install the UBI builder.

      The UBI builder uses Red Hat Universal Base Image (UBI) v8 for both build and run images. This builder only supports Java and Node.js. To install the UBI builder, add the key-value pair enable_ubi_builder: true to your tbs-full-deps-values.yaml.

      ---
      enable_ubi_builder: true
      
    2. (Optional) Install the Static builder.

      The Static builder uses Ubuntu Jammy for both build images and a minimal static run image. This builder only supports Golang. To install the Static builder, add the key-value pair enable_static_builder: true to your tbs-full-deps-values.yaml.

      ---
      enable_static_builder: true
      
  7. Install the full dependencies package by running:

    tanzu package install full-deps \
      --package full-deps.buildservice.tanzu.vmware.com \
      --version "> 0.0.0" \
      --namespace tap-install \
      --values-file VALUES-FILE
    

    Where VALUES-FILE is the path to the tbs-full-deps-values.yaml you created earlier.

check-circle-line exclamation-circle-line close-line
Scroll to top icon