This topic tells you how to integrate the Tanzu Apps CLI with Local Source Proxy.
You can configure workloads to push local source code to a registry that is predefined using the Local Source Proxy component.
For more information about Local Source Proxy, see Overview of Local Source Proxy and Create a workload from Local Source.
To check the installation and health of Local Source Proxy and determine if failures originate from the Local Source Proxy or the upstream registry, run:
tanzu apps local-source-proxy health
This returns an overview of the health of the Local Source Proxy. This information is obtained directly from the Local Source Proxy and provides a status code and message.
Use the --output
flag to specify one of the following formats: yaml
, yml
, and json
. The default format is yaml
.
The API is called at the /health
endpoint, and there are five possible outputs based on the response received:
All checks pass. Format is yaml
.
user_has_permission: true
reachable: true
upstream_authenticated: true
overall_health: true
message: "All health checks passed"
You do not have permission to list the service. The possible reason is a 403 error from the Kubernetes API Server. Format is yaml
.
user_has_permission: false
reachable: false
upstream_authenticated: false
overall_health: false
message: "The current user does not have permission to access the local source proxy"
You can list the services, but itโs not there. The possible reason is a 404 error from the Kubernetes API Server. Format is Source-Controller
user_has_permission: true
reachable: false
upstream_authenticated: false
overall_health: false
message: "Local source proxy is not installed on the cluster"
/health
from Local Source Proxy returns a 5xx. Format is yaml
.
user_has_permission: true
reachable: true
upstream_authenticated: false
overall_health: false
message: "Local source proxy is not healthy. Error: <error>"
/health
from upstream returns a non-2xx, 4xx, 5xx. /health
from Local Source Proxy will still be 2xx. Format is yaml
.
user_has_permission: true
reachable: true
upstream_authenticated: false
overall_health: false
message: "Local source proxy was unable to authenticate against the target registry. Error: <error>"
All checks pass. Format is json
.
{
"user_has_permission": true
"reachable": true
"upstream_authenticated": true
"overall_health": true
"message": ""
}
To create a workload from local source code, there are two options available:
--source-image
flag to specify a registry. You must be authenticated to access the registry.To distinguish whether a workload was created with the Local Source Proxy or the --source-image
flag, check if the workload contains the local-source-proxy.apps.tanzu.vmware.com
annotation. This annotation indicates the method used to create the workload.
For more information, see Create a workload from Local Source.
After a workload is created using the --source-image
flag, it is not possible to update it to use Local Source Proxy. However, you do not need to repeatedly specify the --source-image
flag during subsequent updates, as it is retrieved from the existing workload specification within the cluster. If you do want to change the registry or storage location for the source code, specify the --source-image
flag again with a new value.
# create a workload using source image
# inside the local source code folder
tanzu apps workload apply java-web-app --local-path . -s my-registry.io/my-project/java-app
The files and/or directories listed in the .tanzuignore file are being excluded from the uploaded source code.
Publishing source in "." to "my-registry.io/my-project/java-app"...
๐ฅ Published source
๐ Create workload:
1 + |---
2 + |apiVersion: carto.run/v1alpha1
3 + |kind: Workload
4 + |metadata:
5 + | labels:
6 + | apps.tanzu.vmware.com/workload-type: web
7 + | name: java-web-app
8 + | namespace: default
9 + |spec:
10 + | source:
11 + | image: my-registry.io/my-project/java-app:latest@sha256:447db92e289dbe3a6969521917496ff2b6b0a1d6fbff1beec3af726430ce8493
โ Do you want to create this workload? [yN]: y
๐ Created workload "java-web-app"
To see logs: "tanzu apps workload tail java-web-app --timestamp --since 1h"
To get status: "tanzu apps workload get java-web-app"
# update the workload and check the source image is not changed to use Local Source Proxy
tanzu apps workload apply java-web-app --label hello=world
๐ Update workload:
...
3, 3 |kind: Workload
4, 4 |metadata:
5, 5 | labels:
6, 6 | apps.tanzu.vmware.com/workload-type: web
7 + | hello: world
7, 8 | name: java-web-app
8, 9 | namespace: default
9, 10 |spec:
10, 11 | source:
...
โ Really update the workload "java-web-app"? [yN]:
If a workload was initially created using the Local Source Proxy, it can be updated to use the --source-image
flag. The workload transitions to use the specified source image. As a result, the annotation that establishes the connection between the workload and the Local Source Proxy is removed.
# inside the folder that contains the local source code
tanzu apps workload apply java-web-app --local-path .
The files and/or directories listed in the .tanzuignore file are being excluded from the uploaded source code.
Publishing source in "." to "local-source-proxy.tap-local-source-system.svc.cluster.local/source:default-java-web-app"...
๐ฅ Published source
๐ Create workload:
1 + |---
2 + |apiVersion: carto.run/v1alpha1
3 + |kind: Workload
4 + |metadata:
5 + | annotations:
6 + | local-source-proxy.apps.tanzu.vmware.com: my-registry.io/my-project/source:default-java-web-app@sha256:447db92e289dbe3a6969521917496ff2b6b0a1d6fbff1beec3af726430ce8493
7 + | labels:
8 + | apps.tanzu.vmware.com/workload-type: web
9 + | name: java-web-app
10 + | namespace: default
11 + |spec:
12 + | source:
13 + | image: my-registry.io/my-project/source:default-java-web-app@sha256:447db92e289dbe3a6969521917496ff2b6b0a1d6fbff1beec3af726430ce8493
โ Do you want to create this workload? [yN]: y
๐ Created workload "java-web-app"
To see logs: "tanzu apps workload tail java-web-app --timestamp --since 1h"
To get status: "tanzu apps workload get java-web-app"
# update to use a source image and see how the Local Source Proxy annotation is removed
# and the spec.source.image field also changes
tanzu apps workload apply java-web-app --local-path . -s my-registry.io/my-project/java-web-app
The files and/or directories listed in the .tanzuignore file are being excluded from the uploaded source code.
Publishing source in "." to "gcr.io/tanzu-framework-playground/java-web-app"...
37.58 kB / 37.16 kB [---------------------------------------------------------------------------------------------------------------------------------------------] 101.14% 31.94 kB p/s
๐ฅ Published source
๐ Update workload:
1, 1 |---
2, 2 |apiVersion: carto.run/v1alpha1
3, 3 |kind: Workload
4, 4 |metadata:
5 - | annotations:
6 - | local-source-proxy.apps.tanzu.vmware.com: my-registry.io/my-project/source:default-java-web-app@sha256:447db92e289dbe3a6969521917496ff2b6b0a1d6fbff1beec3af726430ce8493
7, 5 | labels:
8, 6 | apps.tanzu.vmware.com/workload-type: web
9, 7 | name: java-web-app
10, 8 | namespace: default
11, 9 |spec:
12, 10 | source:
13 - | image: my-registry.io/my-project/source:default-java-web-app@sha256:447db92e289dbe3a6969521917496ff2b6b0a1d6fbff1beec3af726430ce8493
11 + | image: my-registry.io/my-project/java-web-app:latest@sha256:447db92e289dbe3a6969521917496ff2b6b0a1d6fbff1beec3af726430ce8493
โ Really update the workload "java-web-app"? [yN]: