TAP GitOps¶
We can install the Tanzu Application Platform, or TAP, in one of two supported ways.
In the Scripted way, we run CLI and Shell commands to configure the prerequisites, configure the installation values, and install the TAP package. This is the original and currently only GA method.
The GitOps manner leverages the increasingly more common way of having a Kubernetes Controller synchronizing Kubernetes Manifests from a Git Repository.
TAP uses the Git synchronization feature of the KAPP Controller to manage the TAP package installation. Continuously synchronizing a bootstrapped Git repository containing all the TAP installation values to update the installation.
Goals of this Guide¶
The goals of this are the following:
- Provide a more prescriptive guide for installing TAP with GitOps than the official documentation provides
- Provide concrete examples of the repositories involved (for TAP installation and the application management after)
- Provide an example of how to create a complete environment setup, leveraging GitOps for resources outside of the TAP Install scope
In other words, we want to ensure we can install TAP via its GitOps install. And explore how to do so in the broader context of managing an environment spanning multiple clusters with some dedicated to running applications.
The difference between this and the official documentation is that this guide is prescriptive. It makes choices and chooses a singular path.
More paths and options exist and are equally valid.
One such choice is where to store secrets that need to end up in the Kubernetes clusters used by TAP components and applications.
Choose Secrets Management¶
TAP currently supports two ways of managing the secrets the installation requires.
The External Secrets Operator5 is a Kubernetes operator that synchronizes secrets from external secret management systems into Kubernetes.
Warning
TAP 1.5 only supports AWS's KMS when using the ESO.
Secrets OPerationS6 is a tool for managing your secrets within your Git repository.
Both options are solid solutions used by many.
For this guide, we'll work with SOPS.
Environment To Build¶
Through this guide, we build an environment consisting of five clusters:
- Shared Services: this cluster houses services that all the other clusters need, such as the image registry (Harbor), Git server (GitLab), and more.
- Build: where we install TAP with a Build profile to build and test our software.
- View: where we install TAP with a View profile to explore the workloads in the other clusters.
- Run-01: where we install TAP with a Run profile. We consider this our Staging environment.
- Run-02: where we install TAP with a Run profile. We consider this our Production environment.