There are two approaches to provisioning namespace-scoped resources supported:
controller
tap value key is set to true
(Default is true
)The registry-credentials
secret referenced by the Tanzu Build Service is added to tap-install and exported to all namespaces. If you don’t want to export this secret to all namespaces for any reason, you must complete an additional step to create this secret in each namespace you want to provision.
tanzu secret registry add tbs-registry-credentials --server REGISTRY-SERVER --username REGISTRY-USERNAME --password REGISTRY-PASSWORD --export-to-all-namespaces --yes --namespace tap-install
tanzu secret registry add tbs-registry-credentials --server REGISTRY-SERVER --username REGISTRY-USERNAME --password REGISTRY-PASSWORD --yes --namespace YOUR-NEW-DEVELOPER-NAMESPACE
Create a namespace using kubectl or any other means
kubectl create namespace YOUR-NEW-DEVELOPER-NAMESPACE
Label your new developer namespace with the label selector apps.tanzu.vmware.com/tap-ns=""
*
kubectl label namespaces YOUR-NEW-DEVELOPER-NAMESPACE apps.tanzu.vmware.com/tap-ns=""
desired-namespaces
ConfigMap.namespace_selector
property/value in tap-values for Namespace Provisioner.Optional - this step is only required if the registry-credentials
secret that was created during Tanzu Application Platform Installation was not exported to all namespaces (see the Prerequisites section above for details).
Add the registry-credentials secret referenced by the Tanzu Build Service to the new namespace and patch the service account that will be used by the workload to refer to this new secret.
tanzu secret registry add registry-credentials --server REGISTRY-SERVER --username REGISTRY-USERNAME --password REGISTRY-PASSWORD --yes --namespace YOUR-NEW-DEVELOPER-NAMESPACE
Run the following command to verify the correct resources have been created in the namespace:
kubectl get secrets,serviceaccount,rolebinding,pods,workload,configmap -n YOUR-NEW-DEVELOPER-NAMESPACE
tap-values.yaml
file, see Default resources mapping.For more information about provisioning namespaces with GitOps, see Control the desired-namespaces
ConfigMap with GitOps.