Install Tanzu Application Platform Iterate profile

This topic tells you how to install Iterate profile cluster by using a reduced values file.

The following is the YAML file sample for the iterate-profile:

profile: iterate

shared:
  ingress_domain: "INGRESS-DOMAIN"
  kubernetes_distribution: "openshift" # To be passed only for OpenShift. Defaults to "".
  kubernetes_version: "K8S-VERSION"
  image_registry:
    project_path: "SERVER-NAME/REPO-NAME" # To be used by Build Service by appending "/buildservice" and used by Supply chain by appending "/workloads"
    username: "KP-DEFAULT-REPO-USERNAME"
    password: "KP-DEFAULT-REPO-PASSWORD"
  ca_cert_data: | # To be passed if using custom certificates
  -----BEGIN CERTIFICATE-----
  MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY...
  -----END CERTIFICATE-----

ceip_policy_disclosed: FALSE-OR-TRUE-VALUE # Installation fails if this is not set to true. Not a string.

# The above shared keys may be overridden in the below section.

buildservice: # Optional if the corresponding shared keys are provided.
  kp_default_repository: "KP-DEFAULT-REPO"
  kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME"
  kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD"

supply_chain: basic
ootb_supply_chain_basic: # Optional if the shared above mentioned shared keys are provided.
  registry:
    server: "SERVER-NAME"
    repository: "REPO-NAME"
  gitops:
    ssh_secret: "SSH-SECRET-KEY" # (Optional) Defaults to "".

image_policy_webhook:
  allow_unmatched_tags: true

contour:
  envoy:
    service:
      type: LoadBalancer # (Optional) Defaults to LoadBalancer.

cnrs:
  domain_name: "TAP-ITERATE-CNR-DOMAIN" # Optional if the shared.ingress_domain is provided.

appliveview_connector:
  backend:
    sslDeactivated: TRUE-OR-FALSE-VALUE
    ingressEnabled: true
    host: appliveview.VIEW-CLUSTER-INGRESS-DOMAIN

tap_telemetry:
  customer_entitlement_account_number: "CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER" # (Optional) Identify data for creating Tanzu Application Platform usage reports.

Where:

  • K8S-VERSION is the Kubernetes version used by your OpenShift cluster. It must be in the form of 1.23.x or 1.24.x, where x stands for the patch version. Examples:
    • Red Hat OpenShift Container Platform v4.10 uses the Kubernetes version 1.23.3.
    • Red Hat OpenShift Container Platform v4.11 uses the Kubernetes version 1.24.1.
  • KP-DEFAULT-REPO is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
    • Harbor has the form kp_default_repository: "my-harbor.io/my-project/build-service".
    • Docker Hub has the form kp_default_repository: "my-dockerhub-user/build-service" or kp_default_repository: "index.docker.io/my-user/build-service".
    • Google Cloud Registry has the form kp_default_repository: "gcr.io/my-project/build-service".
  • KP-DEFAULT-REPO-USERNAME is the user name that can write to KP-DEFAULT-REPO. You can docker push to this location with this credential.
    • For Google Cloud Registry, use kp_default_repository_username: _json_key.
  • KP-DEFAULT-REPO-PASSWORD is the password for the user that can write to KP-DEFAULT-REPO. You can docker push to this location with this credential. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service for details.
    • For Google Cloud Registry, use the contents of the service account JSON file.
  • SERVER-NAME is the host name of the registry server. Examples:
    • Harbor has the form server: "my-harbor.io".
    • Docker Hub has the form server: "index.docker.io".
    • Google Cloud Registry has the form server: "gcr.io".
  • REPO-NAME is where workload images are stored in the registry. Images are written to SERVER-NAME/REPO-NAME/workload-name. Examples:
    • Harbor has the form repository: "my-project/supply-chain".
    • Docker Hub has the form repository: "my-dockerhub-user".
    • Google Cloud Registry has the form repository: "my-project/supply-chain".
  • SSH-SECRET-KEY is the SSH secret key in the developer namespace for the supply chain to fetch source code from and push configuration to. See Git authentication for more information.
  • TAP-ITERATE-CNR-DOMAIN is the iterate cluster Cloud Native Runtimes domain.
  • VIEW-CLUSTER-INGRESS-DOMAIN is the subdomain you setup on the View profile cluster. This matches the value key appliveview.ingressDomain or shared.ingress_domain on the view cluster. Include the default host name appliveview. ahead of the domain.
  • CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER (optional) refers to the Entitlement Account Number (EAN), which is a unique identifier VMware assigns to its customers. Tanzu Application Platform telemetry uses this number to identify data that belongs to a particular customers and prepare usage reports.

If you use custom CA certificates, you must provide one or more PEM-encoded CA certificates under the ca_cert_data key. If you configured shared.ca_cert_data, Tanzu Application Platform component packages inherit that value by default.

If you set shared.ingress_domain in the iterate profile, the appliveview_connector.backend.host is automatically configured as host: appliveview.INGRESS-DOMAIN. To override the shared ingress for Application Live View to connect to the view cluster, set the appliveview_connector.backend.host key to appliveview.VIEW-CLUSTER-INGRESS-DOMAIN.

check-circle-line exclamation-circle-line close-line
Scroll to top icon