RSS
 

Prerequisites for installing Tanzu Application Platform

The following are required to install Tanzu Application Platform (commonly known as TAP):

VMware Tanzu Network and container image registry requirements

Installation requires:

  • Access to VMware Tanzu Network:

    • A Tanzu Network account to download Tanzu Application Platform packages.
    • Network access to https://registry.tanzu.vmware.com.

  • Cluster-specific registry:

    • A container image registry, such as Harbor or Docker Hub for application images, base images, and runtime dependencies. When available, VMware recommends using a paid registry account to avoid potential rate-limiting associated with some free registry offerings.

    • Recommended storage space for container image registry:

      • 1 GB of available storage if installing Tanzu Build Service with the lite set of dependencies.
      • 10 GB of available storage if installing Tanzu Build Service with the full set of dependencies, which are suitable for offline environments.
      Note

      For production environments, full dependencies are recommended to optimize security and performance. For more information about Tanzu Build Service dependencies, see About lite and full dependencies.

  • Registry credentials with read and write access available to Tanzu Application Platform to store images.

  • Network access to your chosen container image registry.

DNS Records

There are some optional but recommended DNS records you must allocate if you decide to use these particular components:

  • Cloud Native Runtimes (Knative): Allocate a wildcard subdomain for your developer’s applications. This is specified in the shared.ingress_domain key of the tap-values.yaml configuration file that you input with the installation. This wildcard must be pointed at the external IP address of the tanzu-system-ingress’s envoy service. See Access with the shared Ingress method for more information about tanzu-system-ingress.

  • Tanzu Learning Center: Similar to Cloud Native Runtimes, allocate a wildcard subdomain for your workshops and content. This is also specified by the shared.ingress_domain key of the tap-values.yaml configuration file that you input with the installation. This wildcard must be pointed at the external IP address of the tanzu-system-ingress’s envoy service.

  • Tanzu Application Platform GUI: If you decide to implement the shared ingress and include Tanzu Application Platform GUI, allocate a fully Qualified Domain Name (FQDN) that can be pointed at the tanzu-system-ingress service. The default host name consists of tap-gui and the shared.ingress_domain value. For example, tap-gui.example.com.

  • Supply Chain Security Tools - Store: Similar to Tanzu Application Platform GUI, allocate a fully Qualified Domain Name (FQDN) that can be pointed at the tanzu-system-ingress service. The default host name consists of metadata-store and the shared.ingress_domain value. For example, metadata-store.example.com.

  • Application Live View: If you select the ingressEnabled option, allocate a corresponding fully Qualified Domain Name (FQDN) that can be pointed at the tanzu-system-ingress service. The default host name consists of appliveview and the shared.ingress_domain value. For example, appliveview.example.com.

Tanzu Application Platform GUI

For Tanzu Application Platform GUI, you must have:

  • Latest version of Chrome, Firefox, or Edge. Tanzu Application Platform GUI currently does not support Safari browser.
  • Git repository for Tanzu Application Platform GUI’s software catalogs, with a token allowing read access. For more information about how to use your Git repository, see Create an application accelerator. Supported Git infrastructure includes:
    • GitHub
    • GitLab
    • Azure DevOps
  • Tanzu Application Platform GUI Blank Catalog from the Tanzu Application section of VMware Tanzu Network.
    • To install, navigate to Tanzu Network. Under the list of available files to download, there is a folder titled tap-gui-catalogs-latest. Inside that folder is a compressed archive titled Tanzu Application Platform GUI Blank Catalog. You must extract that catalog to the preceding Git repository of choice. This serves as the configuration location for your organization’s catalog inside Tanzu Application Platform GUI.
  • The Tanzu Application Platform GUI catalog allows for two approaches to store catalog information:
    • The default option uses an in-memory database and is suitable for test and development scenarios. This reads the catalog data from Git URLs that you specify in the tap-values.yaml file. This data is temporary. Any operations that cause the server pod in the tap-gui namespace to be re-created also cause this data to be rebuilt from the Git location. This can cause issues when you manually register entities by using the UI, because they only exist in the database and are lost when that in-memory database gets rebuilt.
    • For production use cases, use a PostgreSQL database that exists outside the Tanzu Application Platform packaging. The PostgreSQL database stores all the catalog data persistently both from the Git locations and the UI manual entity registrations. For more information, see Configure the Tanzu Application Platform GUI database

Kubernetes cluster requirements

Installation requires Kubernetes cluster v1.24, v1.25 or v1.26 on one of the following Kubernetes providers:

  • Azure Kubernetes Service.
  • Amazon Elastic Kubernetes Service.
    • containerd must be used as the Container Runtime Interface (CRI). Some versions of EKS default to Docker as the container runtime and must be changed to containerd.
    • EKS clusters on Kubernetes version 1.23 and above require the Amazon EBS CSI Driver due to CSIMigrationAWS is enabled by default in Kubernetes version 1.23 and above.
      • Users currently on EKS Kubernetes version 1.22 must install the Amazon EBS CSI Driver before upgrading to Kubernetes version 1.23 and above. See AWS documentation for more information.
    • AWS Fargate is not supported.
  • Google Kubernetes Engine.
    • GKE Autopilot clusters do not have the required features enabled.
    • GKE clusters that are set up in zonal mode might detect Kubernetes API errors when the GKE control plane is resized after traffic increases. Users can mitigate this by creating a regional cluster with three control-plane nodes right from the start.
  • Minikube.
    • Reference the resource requirements in the following section.
    • Hyperkit driver is supported on macOS only. Docker driver is not supported.
  • Red Hat OpenShift Container Platform v4.11 or v4.12.
    • vSphere
    • Baremetal
  • Tanzu Kubernetes Grid multicloud.

  • vSphere with Tanzu v8.0.1 or later.

    • For vSphere with Tanzu, you must configure pod security policies so Tanzu Application Platform controller pods can run as root. For more information, see Kubernetes documentation.

      To set the pod security policies, run:

      kubectl create clusterrolebinding default-tkg-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated

      For more information about pod security policies on Tanzu for vSphere, see VMware vSphere Product Documentation.

For more information about the supported Kubernetes versions, see Kubernetes version support for Tanzu Application Platform.

Resource requirements

  • To deploy Tanzu Application Platform packages iterate profile on local Minikube cluster, your cluster must have at least:
    • 8 vCPUs for i9 (or equivalent) available to Tanzu Application Platform components on Mac OS.
    • 12 vCPUs for i7 (or equivalent) available to Tanzu Application Platform components on Mac OS.
    • 8 vCPUs available to Tanzu Application Platform components on Linux and Windows.
    • 12 GB of RAM available to Tanzu Application Platform components on Mac OS, Linux and Windows.
    • 70 GB of disk space available per node.
  • To deploy Tanzu Application Platform packages full profile, your cluster must have at least:
    • 8 GB of RAM available per node to Tanzu Application Platform.
    • 16 vCPUs available across all nodes to Tanzu Application Platform.
    • 100 GB of disk space available per node.
  • To deploy Tanzu Application Platform packages build, run and iterate (shared) profile, your cluster must have at least:
    • 8 GB of RAM available per node to Tanzu Application Platform.
    • 12 vCPUs available across all nodes to Tanzu Application Platform.
    • 100 GB of disk space available per node.
  • To deploy Tanzu Application Platform packages view profile, your cluster must have at least:
    • 8 GB of RAM available per node to Tanzu Application Platform.
    • 8 vCPUs available across all nodes to Tanzu Application Platform.
    • 100 GB of disk space available per node.

  • For the full profile or use of Security Chain Security Tools - Store, your cluster must have a configured default StorageClass.

  • Pod security policies must be configured so that Tanzu Application Platform controller pods can run as root in the following optional configurations:

    • Tanzu Build Service, in which CustomStacks require root privileges. For more information, see Tanzu Build Service documentation.
    • Supply Chain, in which Kaniko usage requires root privileges to build containers.
    • Tanzu Learning Center, which requires root privileges.

    For more information about pod security policies, see Kubernetes documentation.

Tools and CLI requirements

Installation requires:

  • The Kubernetes CLI (kubectl) v1.24, v1.25, or v1.26 installed and authenticated with admin rights for your target cluster. See Install Tools in the Kubernetes documentation.

Next steps

check-circle-line exclamation-circle-line close-line
Scroll to top icon