Skip to content

making/tap-automation-on-aks

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.gitignore
 
 
README.md
 
 
tap-automation.yaml
 
 
TAP Automation on AKS Prerequisites Create Service Principal Create a Kind Cluster Install Tekton on the kind cluster Configure Secrets Configure Service Principal Configure TanzuNet credentials Install the tap-automation pipeline Install TAP using the tap-automation pipeline Deploy a workload Uninstall TAP using the tap-automation pipeline

README.md

TAP Automation on AKS

A tekton pipeline that provision an AKS cluster and install TAP full profile with HTTPS (Let's Encrypt) enabled on the cluster.

Prerequisites

Create Service Principal

SP_NAME=tap-automation                                                                              
SP=$(az ad sp create-for-rbac --name ${SP_NAME} --years 10)
SP_APP_ID=$(echo ${SP} | jq -r '.appId')
SP_PASSWORD=$(echo ${SP} | jq -r '.password')
AZURE_TENANT_ID=$(echo ${SP} | jq -r '.tenant')
AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv)

az role assignment create --assignee ${SP_APP_ID} --role "Contributor"
az role assignment create --assignee ${SP_APP_ID} --role "User Access Administrator"

Create a Kind Cluster

kind create cluster --name tap-automation

Install Tekton on the kind cluster

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml

Configure Secrets

kubectl create ns tap-automation

Configure Service Principal

kubectl create secret generic azure-service-principal \
  --from-literal client_id=${SP_APP_ID} \
  --from-literal client_secret=${SP_PASSWORD} \
  --from-literal tenant_id=${AZURE_TENANT_ID} \
  --from-literal subscription_id=${AZURE_SUBSCRIPTION_ID} \
  --dry-run=client \
  -o yaml > azure-service-principal.yaml
kubectl apply -f azure-service-principal.yaml -n tap-automation

Configure TanzuNet credentials

Prepare username, password and api token for TanzuNet

TANZUNET_API_TOKEN=...
TANZUNET_USERNAME=...
TANZUNET_PASSWORD=...

kubectl create secret generic tanzunet \
  --from-literal api_token="${TANZUNET_API_TOKEN}" \
  --from-literal username="${TANZUNET_USERNAME}" \
  --from-literal password="${TANZUNET_PASSWORD}" \
  --dry-run=client \
  -o yaml > tanzunet.yaml
kubectl apply -f tanzunet.yaml -n tap-automation

Install the tap-automation pipeline

kubectl apply -f https://github.com/making/tap-automation-on-aks/raw/main/tap-automation.yaml -n tap-automation

$ kubectl get -n tap-automation pipeline,task
NAME                                        AGE
pipeline.tekton.dev/tap-automation-create   20s
pipeline.tekton.dev/tap-automation-delete   20s

NAME                                         AGE
task.tekton.dev/az-login                     20s
task.tekton.dev/create-acr                   20s
task.tekton.dev/create-aks                   20s
task.tekton.dev/create-envoy-ip              20s
task.tekton.dev/create-resource-group        20s
task.tekton.dev/delete-acr                   20s
task.tekton.dev/delete-aks                   20s
task.tekton.dev/delete-envoy-ip              20s
task.tekton.dev/delete-resource-group        20s
task.tekton.dev/delete-tap                   20s
task.tekton.dev/download-from-pivnet         20s
task.tekton.dev/install-cluster-essentials   20s
task.tekton.dev/install-tap                  20s

Install TAP using the tap-automation pipeline

tkn pipeline start tap-automation-create --showlog -w name=config,claimName=tap-automation-config --use-param-defaults -n tap-automation

you can override the following parameters with -p option

Name Default
resource_group tap-rg
location japaneast
cluster_name tap-sandbox
vm_size standard_f4s_v2
node_count 3 (subject to change by cluster-autoscaler)
tap_version 1.2.0
tbs_version 1.6.0
cluster_essentials_version 1.2.0

Log Example

After the installation, you can access the TAP GUI, The url should be https://tap-gui.***-***-***-***.sslip.io <<-- check the url in the log.

image

You can see the result of the pipelinerun on the tekton dashboard

kubectl port-forward -n tekton-pipelines service/tekton-dashboard 9097:9097

image

Deploy a workload

az aks get-credentials --resource-group tap-rg --name tap-sandbox --overwrite-existing --admin 

tanzu apps workload apply spring-music \
  --app spring-music \
  --git-repo https://github.com/scottfrederick/spring-music \
  --git-branch tanzu \
  --type web \
  --annotation autoscaling.knative.dev/minScale=1 \
  -n demo \
  -y
tanzu apps workload tail spring-music -n demo

tanzu apps workload get -n demo spring-music

image

image

image

How to retrieve tap-values.yml

kubectl get secret -n tap-install tap-tap-install-values -otemplate='{{(index .data "tap-values.yml") | base64decode}}'

Uninstall TAP using the tap-automation pipeline

Don't forget to set the context back to the kind cluster

kubectl config use-context kind-tap-automation

tkn pipeline start tap-automation-delete --showlog -w name=config,claimName=tap-automation-config --use-param-defaults -n tap-automation

you can override the following parameters with -p option

Name Default
resource_group tap-rg
cluster_name tap-sandbox
acr_name auto

About

TAP Automation on AKS

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published