This topic tells you how to install Iterate profile cluster by using a reduced values file.
The following is the YAML file sample for the iterate-profile:
profile: iterate
shared:
ingress_domain: "INGRESS-DOMAIN"
kubernetes_distribution: "openshift" # To be passed only for OpenShift. Defaults to "".
kubernetes_version: "K8S-VERSION"
image_registry:
project_path: "SERVER-NAME/REPO-NAME" # To be used by Build Service by appending "/buildservice" and used by Supply chain by appending "/workloads"
username: "KP-DEFAULT-REPO-USERNAME"
password: "KP-DEFAULT-REPO-PASSWORD"
ca_cert_data: | # To be passed if using custom certificates
-----BEGIN CERTIFICATE-----
MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY...
-----END CERTIFICATE-----
ceip_policy_disclosed: FALSE-OR-TRUE-VALUE # Installation fails if this is not set to true. Not a string.
# The above shared keys may be overridden in the below section.
buildservice: # Optional if the corresponding shared keys are provided.
kp_default_repository: "KP-DEFAULT-REPO"
kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME"
kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD"
supply_chain: basic
ootb_supply_chain_basic: # Optional if the shared above mentioned shared keys are provided.
source:
credentials_secret: "GIT-SOURCE-CREDENTIAL-SECRET-NAME" # (Optional) Defaults to "".
registry:
server: "SERVER-NAME"
repository: "REPO-NAME"
gitops:
credentials_secret: "GITOPS-CREDENTIAL-SECRET-NAME" # (Optional) Defaults to "".
image_policy_webhook:
allow_unmatched_tags: true
contour:
envoy:
service:
type: LoadBalancer # (Optional) Defaults to LoadBalancer.
cnrs:
domain_name: "TAP-ITERATE-CNR-DOMAIN" # Optional if the shared.ingress_domain is provided.
appliveview_connector:
backend:
sslDeactivated: TRUE-OR-FALSE-VALUE
ingressEnabled: true
host: appliveview.VIEW-CLUSTER-INGRESS-DOMAIN
tap_telemetry:
customer_entitlement_account_number: "CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER" # (Optional) Identify data for creating Tanzu Application Platform usage reports.
Where:
K8S-VERSION
is the Kubernetes version used by your OpenShift cluster. It must be in the form of 1.23.x
or 1.24.x
, where x
stands for the patch version. Examples:
1.23.3
.1.24.1
.KP-DEFAULT-REPO
is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
kp_default_repository: "my-harbor.io/my-project/build-service"
.kp_default_repository: "my-dockerhub-user/build-service"
or kp_default_repository: "index.docker.io/my-user/build-service"
.kp_default_repository: "gcr.io/my-project/build-service"
.KP-DEFAULT-REPO-USERNAME
is the user name that can write to KP-DEFAULT-REPO
. You can docker push
to this location with this credential.
kp_default_repository_username: _json_key
.KP-DEFAULT-REPO-PASSWORD
is the password for the user that can write to KP-DEFAULT-REPO
. You can docker push
to this location with this credential. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service for details.
SERVER-NAME
is the host name of the registry server. Examples:
server: "my-harbor.io"
.server: "index.docker.io"
.server: "gcr.io"
.REPO-NAME
is where workload images are stored in the registry. Images are written to SERVER-NAME/REPO-NAME/workload-name
. Examples:
repository: "my-project/supply-chain"
.repository: "my-dockerhub-user"
.repository: "my-project/supply-chain"
.GIT-SOURCE-CREDENTIAL-SECRET-NAME
is the name of the Kubernetes secret in the developer namespace that supplies the Git credentials for the supply chain to fetch source code from. See Git authentication for more information.GITOPS-CREDENTIAL-SECRET-NAME
is the name of the Kubernetes secret in the developer namespace that supplies the Git credentials for the supply chain to push configuration to. See Git authentication for more information.TAP-ITERATE-CNR-DOMAIN
is the iterate cluster Cloud Native Runtimes domain.VIEW-CLUSTER-INGRESS-DOMAIN
is the subdomain you setup on the View profile cluster. This matches the value key appliveview.ingressDomain
or shared.ingress_domain
on the view cluster. Include the default host name appliveview.
ahead of the domain.CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER
(optional) refers to the Entitlement Account Number (EAN), which is a unique identifier VMware assigns to its customers. Tanzu Application Platform telemetry uses this number to identify data that belongs to a particular customers and prepare usage reports.If you use custom CA certificates, you must provide one or more PEM-encoded CA certificates under the ca_cert_data
key. If you configured shared.ca_cert_data
, Tanzu Application Platform component packages inherit that value by default.
If you set shared.ingress_domain
in the iterate profile, the appliveview_connector.backend.host
is automatically configured as host: appliveview.INGRESS-DOMAIN
. To override the shared ingress for Application Live View to connect to the view cluster, set the appliveview_connector.backend.host
key to appliveview.VIEW-CLUSTER-INGRESS-DOMAIN
.