# Tanzu Build Service (TBS) - Level 100 - Installation & Demo

# Agenda:

 - <a href=#install>Installation of TBS</a>
 - <a href=#validate>Validate and Create a Project in K8s cluster using TBS</a>
 - <a href=#configure>Configure and Test Application using TBS</a>



## <a name='install'/>Installation of Tanzu Build Service

These are two setups to get a kickstart. With the automated version, just fill out the configuration of your environment and run the command. The manual step is more towards following the Official documentation.

- <a href=#auto>Automated Setup</a>
- <a href=#manual>Manual Setup</a>

### <a name='auto'/>Automated - Using pbsetup on GKE

Use the following steps to setup Tanzu Build Service: https://github.com/mcnichol/build-service-lab

### <a name='manual'/>Manual Setup

In this setup, we will be using TKGI environment running on GCP provisioned by [Tanzu Toolsmith](https://environments.toolsmiths.cf-app.com/).

- <a href=#validate-pks>Validate PKS Environment</a>
- <a href=#tbs-pvc>Create PVC for Build Service</a>
- <a href=#tbs-bits>Prerequisites & Setup for Tanzu Build Service</a>
- <a href=#tbs-install>Install Tanzu Build Service</a>


#### <a name='validate-pks'/>Validate K8s Environment

Login to your PKS environment:

In [1]:
!pks login -u admin -p mEPoeWXsXC75IIP64dvbQUO4CEL-Xytr -a api.pks.ferndale.cf-app.com -k


API Endpoint: api.pks.ferndale.cf-app.com
User: admin
Login successful.



In [2]:
!pks plans


Name   ID                                    Description
small  8A0E21A8-8072-4D80-B365-D1F502085560  Example: This plan will configure a lightweight kubernetes cluster. Not recommended for production workloads.



In [4]:
!pks clusters


PKS Version     Name                    k8s Version  Plan Name  UUID                                  Status       Action
1.7.0-build.26  ferndale-pks-cluster-1  1.16.7       small      3c55c309-c9d8-4d07-a973-c0dc7491b9b9  succeeded    CREATE
1.7.0-build.26  tbs-cluster             1.16.7       small      68fec0f2-b8db-4e83-b419-cceaa3717102  in progress  DELETE



In [None]:
!pks create-cluster tbs-cluster --external-hostname tbs-cluster.ferndale.cf-app.com --plan small

In [5]:
!pks get-credentials ferndale-pks-cluster-1


Fetching credentials for cluster ferndale-pks-cluster-1.
Context set for cluster ferndale-pks-cluster-1.

You can now switch between clusters by using:
$kubectl config use-context <cluster-name>


In [6]:
!pks cluster ferndale-pks-cluster-1


PKS Version:              1.7.0-build.26
Name:                     ferndale-pks-cluster-1
K8s Version:              1.16.7
Plan Name:                small
UUID:                     3c55c309-c9d8-4d07-a973-c0dc7491b9b9
Last Action:              CREATE
Last Action State:        succeeded
Last Action Description:  Instance provisioning completed
Kubernetes Master Host:   cluster-1.ferndale.cf-app.com
Kubernetes Master Port:   8443
Worker Nodes:             3
Kubernetes Master IP(s):  10.0.11.10
Network Profile Name:     



In [8]:
!kubectl get po -A

NAMESPACE     NAME                                                              READY   STATUS      RESTARTS   AGE
kube-system   coredns-5b6649768f-5tfd5                                          1/1     Running     0          24h
kube-system   coredns-5b6649768f-j4vfx                                          1/1     Running     0          24h
kube-system   coredns-5b6649768f-vtwfq                                          1/1     Running     0          24h
kube-system   metrics-server-5d9d8b9889-vjfkk                                   1/1     Running     0          24h
node-todo     i-ode-todo-latest-d6d3ca66d11b48f4115ee0cc41b71fb49ac-build-pod   0/1     Completed   0          108m
pks-system    cert-generator-1311f65a5dfa4bf6774ba070152672eacdb3e6b2-mgsp5     0/1     Completed   0          24h
pks-system    event-controller-6969f56f88-l76d6                                 2/2     Running     0          24h
pks-system    fluent-bit-hnb99                                         

#### <a name='tbs-pvc'/>Create Persistent Volume and Claim for TBS

Persistent Volume:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: fast
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
provisioner: kubernetes.io/vsphere-volume
parameters:
  datastore: datastore1
  diskformat: thin
  fstype: ext3


In [None]:
!pwd

In [None]:
!kubectl get StorageClasses

In [None]:
!kubectl apply -f tmp/tbs-pcv.yaml

In [None]:
!kubectl get pv

In [None]:
!kubectl get pvc

#### <a name='tbs-bits'/>Prerequisites & Setup for Tanzu Build Service


##### Login to https://network.pivotal.io and download the following:

    - Tanzu Build Service: build-service-0.1.0.tgz
    - Duffle
    - PB CLI
    - Login to Docker Registry
    
    Steps to install CLIs

    - rename duffle-0.0.4-darwin to duffle
    - rename pb-0.1.0-darwin to pb
    - chmod +x duffle
    - chmod +x pb
    - mv duffle /usr/local/bin
    - mv pb /usr/local/bin

In [None]:
!duffle version

In [None]:
!pb version

In [11]:
ls ../

README.md        [1m[36mimg[m[m/             [1m[36mtmp[m[m/
[1m[36mconfig[m[m/          [1m[36mjupyter-scripts[m[m/


##### Build Tanzu Build Service - credentials files

The credential.yml file is already built and for index.docker.io, we don't need to add the CA Cert. Also in the repo, we have added another credentials.yml as an example for harbor.

In [17]:
cat ../tmp/build-service-credentials.yml

name: build-service-credentials
credentials:
  - name: kube_config
    source:
      path: "/Users/shashmi/.kube/config"
    destination:
      path: "/root/.kube/config"


##### Login to Docker Registry and push Tanzu Build Service Bundle to Docker Hub

For this example we are using index.docker.io

In [18]:
!docker login docker.io

Authenticating with existing credentials...
Login Succeeded


Push the TBS Bundle to docker hub using the below command:

duffle relocate -f build-service-0.1.0.tgz -m relocated.json -p index.docker.io/<username>

Give the **path** where you have downloaded build-service-0.1.0.tgz or run it from that location

In [None]:
!duffle relocate -f ./tmp/build-service-0.1.0.tgz -m ./tmp/relocated.json --repository-prefix=sameerhashmi

Once you run the above command, **relocated.json** will be created and a builder package will be created inside your DockerHub Repository.

![HARBOR-Buildservice](../img/dockerhub-snapshot.png)

#### <a name='tbs-install'/>Install Build Service

Create a credentials.yml file with your kube confiog information and CA certs for registry

In [20]:
cat ../tmp/build-service-credentials.yml

name: build-service-credentials
credentials:
  - name: kube_config
    source:
      path: "/Users/shashmi/.kube/config"
    destination:
      path: "/root/.kube/config"


#### As above in the directory above where you have the following:

- build-service-credentials.yml
- buildserver tar file (build-service.0.1.0.tgz)
- relocated.json (generated in the above steps)

Fill out the remaining as per your environment and run the duffle command:


duffle install pbs-demo -c ./tmp/build-service-credentials.yml  \
    --set kubernetes_env=<k8s-cluster-name> \
    --set docker_registry=<DOCKER_REGISTRY> \
    --set docker_repository=<DOCKER_REPO> \
    --set registry_username=<REGISTYRY_USER_NAME> \
    --set registry_password=<REGISTYRY_PASSWORD> \
    --set custom_builder_image=default-builder \
    -f ./tmp/build-service-0.1.0.tgz \
    -m ./tmp/relocated.json


Avoiding duffle error: claim already exists
If an install fails or if you prefer to reset your Kubernetes cluster rather than uninstalling, you can remove existing duffle claims by deleting the files in ~/.duffle/claims. This will allow you to re-install without encountering the “claim already exists” error.



In [32]:
!duffle install pbs-demo -c ./tmp/build-service-credentials.yml  \
    --set kubernetes_env=ferndale-pks-cluster-1 \
    --set docker_registry=index.docker.io \
    --set docker_repository=index.docker.io/sameerhashmi \
    --set registry_username="sameerhashmi" \
    --set registry_password="aa59054b-a169-4398-93c8-b2219a4ef734" \
    --set custom_builder_image=sameerhashmi/default-builder \
    -f ./tmp/build-service-0.1.0.tgz \
    -m ./tmp/relocated.json

Error: untar failed: unexpected EOF


If the duffle claim exisits, you might have to remove it and run the above command again.

In [23]:
rm ~/.duffle/claims/pbs-demo.json

rm: /Users/shashmi/.duffle/claims/pbs-demo.json: No such file or directory


In [35]:
!kubectl get ns

NAME               STATUS   AGE
build-service      Active   28s
default            Active   25h
kpack              Active   28s
kube-node-lease    Active   25h
kube-public        Active   25h
kube-system        Active   25h
node-todo          Active   18s
pks-system         Active   25h
project-operator   Active   28s


## <a name='validate'/> Validate and Create a Project in K8s cluster using TBS</a>

- Validate TBS Build
- Create Project in TBS


In [36]:
!pb version

CLI Version: 0.1.0 (e9b0e13a)


In [37]:
!pb stack status

Stack ID:    org.cloudfoundry.stacks.cflinuxfs3
Run Image:   docker.io/sameerhashmi/tbs-dependencies-run-fa566eed03f50368e2ff40858f61b6d5@sha256:e64856ed89a096486c9bce1590414ccb7d81542bbf56dc68e5477cf09abb3523
Build Image: docker.io/sameerhashmi/tbs-dependencies-build-adb6d35d10815f4cc483514bca657e8c@sha256:111ab5e7ab965dc43d839dbc02413f2fcfac784b407d8b4808d9c905080b8d65


In [38]:
!pb store list

docker.io/sameerhashmi/tbs-dependencies-iopivotaljava-0730e66a380a80f8e40e4d814dd3c4c2@sha256:24dda610b7772cbce580296c4ad2c80510c8363ae2b3614458fb76c664c34393
    - io.pivotal.appdynamics@1.2.15
    - io.pivotal.aspectj@1.1.12
    - io.pivotal.azureapplicationinsights@1.1.12
    - io.pivotal.buildsystem@1.1.15
    - io.pivotal.caintroscope@1.1.12
    - io.pivotal.clientcertificatemapper@1.1.12
    - io.pivotal.containersecurityprovider@1.1.11
    - io.pivotal.contrastsecurity@0.2.18
    - io.pivotal.debug@1.2.11
    - io.pivotal.distzip@1.1.12
    - io.pivotal.dynatrace@0.1.12
    - io.pivotal.elasticapm@1.1.13
    - io.pivotal.gemalto@1.1.11
    - io.pivotal.googlestackdriver@1.1.11
    - io.pivotal.groovy@1.1.14
    - io.pivotal.jacoco@1.1.11
    - io.pivotal.java@v2.1.272
    - io.pivotal.jdbc@1.1.13
    - io.pivotal.jmx@1.1.12
    - io.pivotal.jprofiler@1.1.13
    - io.pivotal.jrebel@1.1.11
    - io.pivotal.jvmapplication@1.1.13
    - io.pivotal.newrelic@1.1.

### Create a project in TBS

Creating a project will also create a namespace in your Kubernetes cluster where your local image will run. 

In [39]:
!pb project list

Projects
--------


In [123]:
!pb project create node-todo


ERROR: Failed to create project: admission webhook "project.projects.pivotal.io" denied the request: cannot create project over existing namespace 'node-todo'
Error: admission webhook "project.projects.pivotal.io" denied the request: cannot create project over existing namespace 'node-todo'
Usage:
  pb project create <project-name> [flags]

Flags:
  -h, --help   help for create




In [124]:
!kubectl get ns

NAME               STATUS   AGE
build-service      Active   87m
default            Active   27h
kpack              Active   87m
kube-node-lease    Active   27h
kube-public        Active   27h
kube-system        Active   27h
node-todo          Active   87m
pks-system         Active   27h
project-operator   Active   87m
spring-music       Active   12m
spring-petclinic   Active   36m


Target the Project:

By targeting, this means that all subsequent pb commands will be against this project, including configuring secrets and adding users. 


In [125]:
!pb project target node-todo

Successfully set 'node-todo' as target. Subsequent commands will assume you are targeting 'node-todo'.


## <a name='configure'/>Configure and Test Application using TBS</a>

For demo purpose, we will first fork a spring-petclinic repository so that we can commit and push changes to github. Once configured with Tanzu Build Service, it will start building as soon any changes are made to the repo and push it to your configured docker registry

- Fork the repo https://github.com/migmartri/node-todo and clone it.
- Configure Secrets
- Configure Image on TBS
- Validate and Test


In [127]:
cd ../../

/Users/shashmi/workspace/TANZU/TBS


In [128]:
ls

[1m[36mbuild-service-lab[m[m/ [1m[36mspring-music[m[m/      [1m[36mspring-petclinic[m[m/  [1m[36mtbs-deep-dive[m[m/


In [129]:
!git clone https://github.com/sameerhashmi/node-todo.git

Cloning into 'node-todo'...
remote: Enumerating objects: 10, done.[K
remote: Counting objects: 100% (10/10), done.[K
remote: Compressing objects: 100% (10/10), done.[K
remote: Total 658 (delta 0), reused 5 (delta 0), pack-reused 648[K
Receiving objects: 100% (658/658), 85.01 KiB | 743.00 KiB/s, done.
Resolving deltas: 100% (257/257), done.


In [130]:
cd node-todo

/Users/shashmi/workspace/TANZU/TBS/node-todo


### Configure Secrets

TBS will communicate to your version control system and your image registry. In this step we will create configurations and pass these credentials to Tanzu Build Service using the pb secrets command.

 - Github Repo
 - Docker Hub 
 
 These will apply the secrets to the project targeted. In our case, spring-petclinic

In [None]:
mkdir tbs-config

Create two Files:

1 - Docker Hub Config name "dockerhub-config.yml" and fill in the details:

project: spring-petclinic
registry: https://index.docker.io/v1/
username: <username>
password: <password-or-token>
    
    
2 - Github Config name "github-config.yml" and fill in the details:    

project: spring-petclinic
repository: github.com/sameerhashmi/spring-petclinic
username: <username>
password: <password-or-token>
    

In [101]:
cat ./config/dockerhub-config.yml

project: spring-music
registry: https://index.docker.io/v1/
username: sameerhashmi
password: aa59054b-a169-4398-93c8-b2219a4ef734


In [102]:
cat ./config/github-config.yml

project: spring-music
repository: github.com/sameerhashmi/spring-music
username: sameerhashmi
password: 92e978c852f75a508fcbafaaf2541b7fe0998bf4


In [76]:
!pb secrets

Secret commands

Usage:
  pb secrets [command]

Available Commands:
  git         Secret image git commands
  registry    Secret image registry commands

Flags:
  -h, --help   help for secrets

Use "pb secrets [command] --help" for more information about a command.


In [103]:
!pb secrets git apply -f ./config/github-config.yml

Successfully created git secret for 'github.com/sameerhashmi/spring-music' in project 'spring-music'


In [104]:
!pb secrets registry apply -f ./config/dockerhub-config.yml

Successfully created registry secret for 'https://index.docker.io/v1/' in project 'spring-music'


### Configure an Image


Final step is to configure Tanzu Build Service about what code we want to monitor and build. 

We will add another configuration for TBS to know which App it needs to build.

Create a configuration named spring-petclinic-config.yml and fill in the details:

source:
  git:
    url: <github-url>
    revision: master
image:
  tag: <docker-registry-url>


In [106]:
cat ./config/spring-music-config.yml

source:
  git:
    url: https://github.com/sameerhashmi/spring-music
    revision: master
image:
  tag: index.docker.io/sameerhashmi/spring-music


Once the image configuration has been applied, Tanzu Build Service will scan the repo and start building your image. You can see this happening by running the pb command below to list all of the builds associated with an image tag. 

In [108]:
!pb image apply -f config/spring-music-config.yml

Successfully applied image configuration 'index.docker.io/sameerhashmi/spring-music' in project 'spring-music'


In [122]:
!pb image builds index.docker.io/sameerhashmi/spring-music

Build    Status      Started Time           Finished Time    Reason    Digest
-----    ------      ------------           -------------    ------    ------
    1    BUILDING    2020-06-09 17:16:04    --               CONFIG    --



Verify the image in index.docker.io/sameerhashmi

In [121]:
!pb image status index.docker.io/sameerhashmi/spring-music

Image
-----
Status:          BUILDING
Message:         N/A
Latest Image:    N/A

Last Successful Build
---------------------
ID:        N/A
Reason:    N/A

Last Failed Build
-----------------
ID:        N/A
Reason:    N/A


In [116]:
!pb image list

Project: spring-music

Images
------
index.docker.io/sameerhashmi/spring-music:latest


In [117]:
!pb project list

Projects
--------
spring-music
spring-petclinic
