You can minimally configure VMware Tanzu Application Service for VMs (TAS for VMs) for evaluation or testing purposes. It does not include optional configurations such as external databases or external file storage.
For production deployments, VMware recommends following the procedure starting with Prerequisites.
Before you begin, ensure that you have successfully completed the steps to prepare your environment for Operations Manager and install and configure the BOSH Director.
To add TAS for VMs to Tanzu Operations Manager:
If you have not already downloaded TAS for VMs, log in to Broadcom Support and click VMware Tanzu Application Service for VMs.
From the Releases drop-down menu, select the release to install and choose one of the following:
.pivotal
file.Click Small Footprint TAS for VMs to download the Small Footprint TAS for VMs .pivotal
file.
Go to the Tanzu Operations Manager Installation Dashboard.
Click Import a Product to add your tile to Tanzu Operations Manager. For more information, see Adding and Deleting Products.
Click the TAS for VMs tile.
To install TAS for VMs with minimal configuration:
Follow the procedure in Assign AZs and Networks in Add TAS for VMs to Tanzu Operations Manager.
Follow the procedure in Configure Domains.
Select Networking.
Under Certificates and private keys for the Gorouter, you must provide at least one certificate and private key name and certificate key pair for the Gorouter. The Gorouter is activated to receive TLS communication by default. You can configure multiple certificates for the Gorouter.
Important When providing custom certificates, enter them in this order: wildcard
, Intermediate
, CA
. For more information, see Creating a .pem File for SSL Certificate Installations in the DigiCert documentation.
Click Add to add a name for the certificate chain and its private key pair. This certificate is the default used by the Gorouter. You can either provide a certificate signed by a Certificate Authority (CA) or click Generate RSA Certificate to generate a self-signed certificate in Tanzu Operations Manager.
If you configured Tanzu Operations Manager Front End without a certificate, you can use this new certificate to complete your Tanzu Operations Manager configuration. To configure your Tanzu Operations Manager Front End certificate, see Configure Front End in Preparing to Deploy Tanzu Operations Manager on GCP.
Ensure that you add any certificates that you generate in this pane to your infrastructure load balancer.
Setting appropriate ASGs is critical for a secure deployment.
Follow these steps to set ASGs:
Click Save.
For more information about ASGs, see App Security Groups and Restricting app access to internal TAS for VMs components.
Under SAML service provider credentials, enter a certificate and private key for the User Account and Authentication (UAA) server to use as a SAML service provider for signing outgoing SAML authentication requests. You can provide an existing certificate and private key from your trusted CA or generate a self-signed certificate. The domain *.login.SYSTEM-DOMAIN
must be associated with the certificate, where SYSTEM-DOMAIN
is the system domain you configured in the Domains pane.
Important The Single Sign-On for VMware Tanzu service and Spring Cloud Services for VMware Tanzu tiles require the *.login.SYSTEM-DOMAIN
.
Select UAA.
If the private key specified under SAML service provider credentials is password-protected, enter the password in Private key password.
Select CredHub.
Under Internal encryption provider keys, specify one or more keys to use for encrypting and decrypting the values stored in the CredHub database:
Primary: This check box is used for marking the key you specified as the primary encryption key. You must mark one key as Primary. Do not mark more than one key as Primary.
Go to the Internal MySQL pane.
In the Email address field, enter the email address where the MySQL service sends alerts when the cluster experiences a replication issue or when a node is not allowed to auto rejoin the cluster.
Select Resource Config.
In the Resource Config pane, you must associate load balancers with the VMs in your deployment to activate traffic. For more information, see Configure Load Balancing for TAS for VMs.
To complete the TAS for VMs installation:
Click the Installation Dashboard link to return to the Tanzu Operations Manager Installation Dashboard.
Click Review Pending Changes, then Apply Changes.