Skip to content

Latest commit

 

History

History
47 lines (31 loc) · 2.58 KB

README.md

File metadata and controls

47 lines (31 loc) · 2.58 KB

TAP Ingress Script

This script is intended to be paired with an install of Tanzu Application Platform 0.3 beta to provide Contour Ingress to the installed components.

Prerequisites

You will need a DNS domain for your ingress. For our example, we'll use tap.example.com. You'll need to provision a TLS Cert for the associated wilcard domain (e.g. *.tap.example.com) and also create a DNS A Record for this wilcard domain (e.g. *.tap.example.com) that can be resolved to the IP Address of the load balancer endpoint for your Contour installation.

Create a Kubernetes TLS Secret for your TLS cert.

Clone this repo, and customize the values-ingress.yaml file in the root directory. Set the domain value to your wildcard domain, and the tls values to the namespace and secret name of the Kubernetes TLS Secret you created.

You will need YTT installed on your local machine.

Installing TAP

When using the package installer for Tanzu Application Platform, you will be asked to create a separate tap-values.yml file to configure the installation. You will want to add the following entries to the file:

tap_gui:
  namespace: tap-gui
  service_type: ClusterIP
  app-config:
    app:
      baseUrl: http://tap-gui.tap.example.com  # DNS Suffix should match 'domain' in values-ingress.yaml
learningcenter:
  ingressDomain: "tap.example.com"             # Should match 'domain' in values-ingress.yaml
  ingressSecret:
    secretName: tls                            # Should match 'tls.secretName' in values-ingress.yaml
  server:
    service_type: ClusterIP

Running the script

Once you have completed the Tanzu Application Platform install, and all the packages are showing a state of Reconcile succeeded, you are ready to run the script to configure Ingress. From the root directory of this repo, run:

./configure-ingress.sh values-ingress.yaml

This will apply a TLSCertificateDelegation, set up multiple HttpProxy resources, and modify your Cloud Native Runtimes install so that deployed workloads will be addressable.

Learning Center

If you want to access Learning Center, there is one additional step. Learning Center does not support TLSCertificateDelegation, so you will need to create a copy of your wildcard domain TLS secret into the namespace where Learning Center was installed (educates by default).

Accessing TAP

Once the script is complete, execute kubectl get httpproxy -A to see all of the HTTPS endpoints for the TAP components