This topic tells you how to troubleshoot issues encountered when installing Tanzu Developer Portal. The topic is divided into sections:
- General issues
- Runtime Resources tab issues
- Accelerators page issues
- Supporting ImageVulnerabilityScan issues
- Security Analysis plug-in issues
- Supply Chain Choreographer plug-in issues
- DORA plug-in issues
The following are general issues:
You provided a full URL in a backend.reading.allow entry, as in this example tap-values.yaml snippet:
tap_gui:
app_config:
backend:
reading:
allow:
- host: http://gitlab.example.com/some-group/some-repo/-/blob/main/catalog-info.yamland you see the following error message:
Backend failed to start up, Error: Port range is not valid: //gitlab.example.com/some-group/some-repo/-/blob/main/catalog-info.yamlTanzu Developer Portal expects a host name to be passed into the field backend.reading.allow[].host.
Edit your tap-values.yaml file as in the following example:
tap_gui:
app_config:
backend:
reading:
allow:
- host: gitlab.example.com
paths: ['/some-group/some-repo/']You are able to visit Tanzu Developer Portal, but it does not load the catalog and you see the following error message.
> Error: Could not fetch catalog entities.
> TypeError: Failed to fetchWhen viewing your network tab you see that your browser has not downloaded mixed content. This might look different on different browsers.
Chrome
: In the Status column you see (blocked:mixed-content)
Firefox
: In the Transferred column you see Mixed Block
As of Tanzu Application Platform v1.5, Tanzu Developer Portal provides TLS connections by default. Because of this, if you visit a Tanzu Developer Portal site your connection is automatically upgraded to https.
You might have manually set the fields app.baseUrl, backend.baseUrl, and backend.cors.origin
in your tap-values.yaml file.
Tanzu Developer Portal uses the baseUrl to determine how to create links to fetch from its
APIs. The combination of these two factors causes your browser to attempt to fetch mixed content.
The solution is to delete these fields or update your values in tap-values.yaml to reflect that your
Tanzu Developer Portal instance is serving https, as in the following example:
tap_gui:
app_config:
app:
baseUrl: https://tap-gui.INGRESS-DOMAIN/
backend:
baseUrl: https://tap-gui.INGRESS-DOMAIN/
cors:
origin: https://tap-gui.INGRESS-DOMAIN/Where INGRESS-DOMAIN is the ingress domain you have configured for Tanzu Application Platform.
The installer determines acceptable values based on your tap_gui.ingressDomain or
shared.ingress_domain and the TLS status of the installation.
Updating a supply chain causes an error (Can not create edge...) when an existing workload
is clicked in the Workloads table and that supply chain is no longer present.
Recreate the same workload to execute through the new or updated supply chain.
When you pull up Tanzu Developer Portal, you get the error Catalog Not Found.
The catalog plug-in can't read the Git location of your catalog definition files.
-
Ensure you have built your own Backstage-compatible catalog or that you have downloaded one of the Tanzu Developer Portal catalogs from VMware Tanzu Network.
-
Ensure you defined the catalog in the values file that you input as part of installation. To update this location, change the definition file:
- Change the Tanzu Application Platform profile file if installed by using a profile.
- Change the standalone Tanzu Developer Portal values file if you're only installing that package on its own.
namespace: tap-gui service_type: SERVICE-TYPE app_config: catalog: locations: - type: url target: https://GIT-CATALOG-URL/catalog-info.yaml
-
Provide the proper integration information for the Git location you specified earlier.
namespace: tap-gui service_type: SERVICE-TYPE app_config: app: baseUrl: https://EXTERNAL-IP:PORT integrations: gitlab: # Other integrations available - host: GITLAB-HOST apiBaseUrl: https://GITLAB-URL/api/v4 token: GITLAB-TOKEN
You can substitute for other integrations as defined in the Backstage documentation.
When you load Tanzu Developer Portal in a browser, the following message appears:
No configured authentication providers. Please configure at least one.You have not configured any authentication providers and you have not allowed guest access.
Configure an authentication provider or allow guest access.
After updating the configuration of Tanzu Developer Portal, either by using a profile or as a standalone package installation, you don't know whether the configuration has reloaded.
-
Get the name you need by running:
kubectl get pods -n tap-guiFor example:
$ kubectl get pods -n tap-gui NAME READY STATUS RESTARTS AGE server-6b9ff657bd-hllq9 1/1 Running 0 13m
-
Read the log of the pod to see if the configuration reloaded by running:
kubectl logs NAME -n tap-guiWhere
NAMEis the value you recorded earlier, such asserver-6b9ff657bd-hllq9. -
Search for a line similar to this one:
2021-10-29T15:08:49.725Z backstage info Reloaded config from app-config.yaml, app-config.yaml -
If need be, delete and re-instantiate the pod.
Caution Depending on your database configuration, deleting, and re-instantiating the pod might cause the loss of user preferences and manually registered entities. If you have configured an external PostgreSQL database,
tap-guipods are not stateful. In most cases, state is held in ConfigMaps, Secrets, or the database. For more information, see Configuring the Tanzu Developer Portal database and Register components.To delete and re-instantiate the pod, run:
kubectl delete pod -l app=backstage -n tap-gui
You have a problem with Tanzu Developer Portal, such as Catalog: Not Found, and don't have
enough information to diagnose it.
Get timestamped logs from the running pod and review the logs:
-
Pull the logs by using the pod label by running:
kubectl logs -l app=backstage -n tap-gui -
Review the logs.
One or both of the following is true:
- You cannot access some, or all, of Tanzu Developer Portal.
- Telemetry collection within the VMware Customer Experience Improvement Program is failing.
Your ad-blocking browser extension or standalone ad-blocking software is causing interference.
Add Tanzu Developer Portal to your ad-blocking allowlist. Alternatively, deactivate the ad-blocking software or turn off Pendo telemetry collection.
Here are some common troubleshooting steps for errors presented in the Runtime Resources tab.
When accessing the Runtime Resource Visibility tab, the system displays
Error communicating with TAP GUI back end.
- An interrupted Internet connection
- Error with the back end service
- Confirm that you have Internet access.
- Confirm that the back-end service is running correctly.
- Confirm the cluster configuration is correct.
When accessing the Runtime Resource Visibility tab, the system displays
One or more resources are missing. This could be due to a label mismatch. \
Please make sure your resources have the label(s) "LABEL_SELECTOR".No communications error has occurred, but no resources were found.
Confirm that you are using the correct label:
-
Verify the Component definition includes the annotation
backstage.io/kubernetes-label-selector. -
Confirm your Kubernetes resources correspond to that label drop-down menu.
When opening the Runtime Resource Visibility tab, the system displays
One or more resources might be missing because of cluster query errors.
The reported errors might not indicate a real problem. A build cluster might not have runtime CRDs installed, such as Knative Service, and a run cluster might not have build CRDs installed, such as a Cartographer workload. In these cases, 403 and 404 errors might be false positives.
You might receive the following error messages because these resources might not be required for your specific Tanzu Application Platform profile. These error messages are known issues:
Access error when querying cluster CLUSTER_NAME for resource KUBERNETES_RESOURCE_PATH (status: 401). Contact your administrator.Access error when querying cluster CLUSTER_NAME for resource KUBERNETES_RESOURCE_PATH (status: 403). Contact your administrator.Knative is not installed on CLUSTER_NAME (status: 404). Contact your administrator.Error when querying cluster CLUSTER_NAME for resource KUBERNETES_RESOURCE_PATH (status: 404). Contact your administrator.
Here are some common troubleshooting steps for errors displayed on the Accelerators page.
When the app_config.backend.reading.allow section is configured in the tap-values.yaml file
during the tap-gui package installation, there are no accelerators on the Accelerators page.
This section in tap-values.yaml overrides the default configuration that gives
Tanzu Developer Portal access to the accelerators.
As a workaround, provide a value for Application Accelerator in this section. For example:
app_config:
# Existing tap-values yaml above
backend:
reading:
allow:
- host: acc-server.accelerator-system.svc.cluster.localThe following troubleshooting issues concern ImageVulnerabilityScan.
SCST - Scan 2.0 is enabled and there is no vulnerability data on the Security Analysis and Supply Chain Choreographer dashboards.
Tanzu Developer Portal lacks the required access to detect the new ImageVulnerabilityScan
custom resource.
As a workaround, you can apply a ytt overlay to add permissions to the Kubernetes role that
is used to access the ImageVulnerabilityScan resource. For more information about how
overlays work with Tanzu Application Platform, see
Customize your package installation.
-
Create a
secret.ymlfile with aSecretthat contains your ytt overlay. For example:kind: Secret metadata: name: add-tap-portal-ivs-permissions namespace: tap-install annotations: kapp.k14s.io/change-group: "tap-overlays" type: Opaque stringData: add-tap-portal-ivs-permissions.yaml: | #@ load("@ytt:overlay", "overlay") #@overlay/match by=overlay.subset({"metadata":{"name":"k8s-reader"}, "kind": "ClusterRole"}) --- rules: #@overlay/append - apiGroups: - app-scanning.apps.tanzu.vmware.com resources: - imagevulnerabilityscans verbs: - get - watch - list
-
Apply the
Secretto your cluster by running:kubectl apply -f secret.yml -
Update your values file to include a
package_overlaysfield:package_overlays: - name: tap-gui secrets: - name: add-tap-portal-ivs-permissions
-
Update Tanzu Developer Portal with the new Tanzu Application Platform values by running:
tanzu package installed update tap -p tap.tanzu.vmware.com -n tap-install --values-file tap-values.yaml
SCST - Scan 2.0 is enabled and the scanner name in the Security Analysis and Supply Chain Choreographer dashboards does not appear.
The ImageVulnerabilityScan custom resource lacks the required annotation for Tanzu Developer Portal
to detect it.
Add the app-scanning.apps.tanzu.vmware.com/scanner-name annotation to ImageVulnerabilityScan:
apiVersion: app-scanning.apps.tanzu.vmware.com/v1alpha1
kind: ImageVulnerabilityScan
metadata:
annotations:
app-scanning.apps.tanzu.vmware.com/scanner-name: SCANNER-NAMEWhere SCANNER-NAME is the name that is reported in Tanzu Developer Portal.
These are troubleshooting issues for the Security Analysis plug-in.
The Impacted Workloads table is empty on the CVE and Package Details pages.
The relevant CVE belongs to a workload that has only completed one type of vulnerability scan (either image or source).
A fix is planned for Tanzu Developer Portal v1.5.1.
These are troubleshooting issues for the Supply Chain Choreographer plug-in.
{{> 'partials/tap-gui/ts-err-load-metadata-store' }}
The auto configuration between Tanzu Developer Portal and SCST - Store prevents the SBOM feature from working. The SBOM feature was introduced in Tanzu Application Platform v1.6.
Backstage expects allowedHeaders values for SCST - Store to reply with proper XML and JSON SBOM
responses. The allowedHeaders values are missing.
Edit your tap-values.yaml file so that allowedHeaders and the accompanying values are included:
tap_gui:
app_config:
proxy:
/metadata-store:
target: https://metadata-store-app.metadata-store:8443/api/v1
changeOrigin: true
secure: false
allowedHeaders: ['Accept', 'Report-Type-Format']
headers:
Authorization: "Bearer ACCESS-TOKEN"
X-Custom-Source: project-starWhere ACCESS-TOKEN is the token you obtained after creating a read-write service account.
For more information, see
Manually connect Tanzu Developer Portal to Metadata Store.
These are troubleshooting issues for the DORA plug-in.
When you click the DORA tab in the software catalog the following error appears:
Request failed with 401 , {"error":{"name":"AuthenticationError","message":"No Backstage token"},\
"request":{"method":"POST","url":"/api/kubernetes/resources/custom/query"},"response":{"statusCode":401}}The DORA plug-in expects at least one configured Backstage authentication provider. This feature does not work with Guest mode enabled.
Add an authentication provider to your Tanzu Developer Portal configuration and then re-apply
tap-values.yaml. For how to configure an authentication provider, see
Set up authentication for Tanzu Developer Portal.