This topic tells you how to install the Tanzu Build Service (TBS) full dependencies on Tanzu Application Platform (commonly known as TAP).
ImportantBy default, Tanzu Build Service is installed with
lite
dependencies.
When installing Tanzu Build Service in an air-gapped environment, the lite
dependencies are not available because they require Internet access. You must install the full
dependencies.
To install full
dependencies:
Get the latest version of the Tanzu Application Platform package by running:
tanzu package available list tap.tanzu.vmware.com --namespace tap-install
If you have not done so already, you must exclude the default dependencies by adding the key-value pair exclude_dependencies: true
to your tap-values.yaml
file under the buildservice
section. For example:
buildservice:
exclude_dependencies: true
If you have not updated your Tanzu Application Platform package installation after adding the key-value pair exclude_dependencies: true
to your values file, perform the update by running:
tanzu package installed update tap --namespace tap-install --values-file VALUES-FILE
Where VALUES-FILE
is the path to the tap-values.yaml
file you edited earlier.
Relocate the Tanzu Build Service full
dependencies package repository by doing one of the following:
Relocate the images directly for online installation:
imgpkg copy \
-b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
--to-repo ${INSTALL_REGISTRY_HOSTNAME}/full-deps-package-repo
Where VERSION
is the version of the Tanzu Application Platform package you retrieved earlier.
Relocate the images to an external storage device and then to the registry in the air-gapped environment:
imgpkg copy \
-b tanzu.packages.broadcom.com/tanzu-application-platform/full-deps-package-repo:VERSION \
--to-tar=full-deps-package-repo.tar
# move full-deps-package-repo.tar to environment with registry access
imgpkg copy \
--tar full-deps-package-repo.tar \
--to-repo=INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo
Where:
VERSION
is the version of the Tanzu Application Platform package you retrieved earlier.INSTALL-REGISTRY-HOSTNAME
is your container registry.TARGET-REPOSITORY
is your target repository.Add the Tanzu Build Service full
dependencies package repository by running:
tanzu package repository add full-deps-package-repo \
--url INSTALL-REGISTRY-HOSTNAME/TARGET-REPOSITORY/full-deps-package-repo:VERSION \
--namespace tap-install
Where:
INSTALL-REGISTRY-HOSTNAME
is your container registry.TARGET-REPOSITORY
is your target repository.VERSION
is the version of the Tanzu Application Platform package you retrieved earlier.Create a new tbs-full-deps-values.yaml
and copy the kp_default_repository
key-value pair from your tap-values.yaml
or tbs-values.yaml
:
---
kp_default_repository: "REPO-NAME"
kp_default_repository_secret:
name: kp-default-repository-creds
namespace: tap-install
Where REPO-NAME
is copied from the buildservice.kp_default_repository
field in your tap-values.yaml
or tbs-values.yaml
.
(Optional) Install the UBI builder.
The UBI builder uses Red Hat Universal Base Image (UBI) v8 for both build and run images. This builder only supports Java and Node.js. To install the UBI builder, add the key-value pair enable_ubi_builder: true
to your tbs-full-deps-values.yaml
.
---
enable_ubi_builder: true
(Optional) Install the Static builder.
The Static builder uses Ubuntu Jammy for both build images and a minimal static run image. This builder only supports Golang. To install the Static builder, add the key-value pair enable_static_builder: true
to your tbs-full-deps-values.yaml
.
---
enable_static_builder: true
Install the full
dependencies package by running:
tanzu package install full-deps \
--package full-deps.buildservice.tanzu.vmware.com \
--version "> 0.0.0" \
--namespace tap-install \
--values-file VALUES-FILE
Where VALUES-FILE
is the path to the tbs-full-deps-values.yaml
you created earlier.
Tanzu Build Service dependencies might be upgraded between Tanzu Application Platform releases, for example, if a CVE is discovered in the OS (stack update) or language (buildpack update).
Automatic dependency updates enable your cluster to consume the stack and buildpack updates immediately instead of waiting for the next Tanzu Application Platform patch release to pull in the updated dependencies.
tap-values.yaml
file or your full dependencies values.Prerequisites: These steps assume a registry secret already exists in the cluster for accessing tanzu-build.packages.broadcom.com
and your registry.
To enable automatic dependency updates:
Relocate the dependency updater package repository to the air-gapped container image registry:
If a machine with access to both the air-gapped registry and the internet is available, you can copy the images directly by running:
imgpkg copy \
-b tanzu-build.packages.broadcom.com/build-service-dependency-updater/package-repo:VERSION-CONSTRAINT \
--to-repo INTERNAL-REPO
Where:
VERSION-CONSTRAINT
is the Tanzu Application Platform version in the form of MAJOR.MINOR.x
. For example, 1.8.x
.INTERNAL-REPO
is your repository in the air-gapped container image registry. Examples:
MY-REGISTRY/REPO-NAME/tbs-dep-updater
.MY-REGISTRY/tbs-dep-updater
.MY-REGISTRY/MY-PROJECT/REPO-NAME/tbs-dep-updater
.If you can only transfer the data using a physical external storage device:
Copy the images into a .tar
file from tanzu.packages.broadcom.com
by running:
imgpkg copy \
-b tanzu-build.packages.broadcom.com/build-service-dependency-updater/package-repo:VERSION-CONSTRAINT \
--to-tar dependency-updater-VERSION-CONSTRAINT.tar \
--include-non-distributable-layers
Where VERSION-CONSTRAINT
is the Tanzu Application Platform version in the form of MAJOR.MINOR.x
. For example, 1.8.x
.
Import the .tar
files into the air-gapped container image registry by running:
imgpkg copy \
--tar dependency-updater-VERSION-CONSTRAINT.tar \
--to-repo INTERNAL-REPO \
--include-non-distributable-layers \
--registry-ca-cert-path $REGISTRY_CA_PATH
Where:
VERSION-CONSTRAINT
is the Tanzu Application Platform version in the form of MAJOR.MINOR.x
. For example, 1.8.x
.INTERNAL-REPO
is your repository in the air-gapped container image registry. Examples:
MY-REGISTRY/REPO-NAME/tbs-dep-updater
.MY-REGISTRY/tbs-dep-updater
.MY-REGISTRY/MY-PROJECT/REPO-NAME/tbs-dep-updater
.Add the following to your tap-values.yaml
file:
buildservice:
dependency_updates:
allow: true
scope: SCOPE
include_packages: [""]
exclude_packages: [""]
Where:
SCOPE
is the list of dependencies you want updated. The options are:
stacks-only
(default): Only stacks and builders are updated. This addresses CVEs in the base image or operating system.all
: Stacks, builders, and buildpacks are updated. This addresses CVEs in the base image or operating system and CVEs in the language toolchain such as compilers, interpreters, and standard libraries.custom
: This list is empty by default. Use the include_packages
key to add packages to be updated.NoteYou must update the Tanzu Application Platform package install and the Full Dependencies package install after changing the
tap-values.yaml
.
Add the Tanzu Build Service Dependency Updates package repository by running:
kubectl apply -f - <<EOF
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageRepository
metadata:
name: tbs-dependencies-package-repository
namespace: tap-install
spec:
fetch:
imgpkgBundle:
image: DEPENDENCY-UPDATER-PACKAGE-REPO
tagSelection:
semver:
constraints: VERSION-CONSTRAINT
EOF
Where:
DEPENDENCY-UPDATER-PACKAGE-REPO
is the location of the package repository. This is tanzu-build.packages.broadcom.com/build-service-dependency-updater/package-repo
for online installs and the internal container image registry for air-gapped installs.VERSION-CONSTRAINT
is the Tanzu Application Platform version in the form of MAJOR.MINOR.x
. For example, 1.8.x
.After completing this configuration, the repository you set with DEPENDENCY-UPDATER-PACKAGE-REPO
will be polled for updates and any new releases will automatically be made available to the cluster.