Skip to content

TAP GitOps

We can install the Tanzu Application Platform, or TAP, in one of two supported ways.

  1. Scripted2
  2. GitOps1

In the Scripted way, we run CLI and Shell commands to configure the prerequisites, configure the installation values, and install the TAP package. This is the original and currently only GA method.

The GitOps manner leverages the increasingly more common way of having a Kubernetes Controller synchronizing Kubernetes Manifests from a Git Repository.

TAP uses the Git synchronization feature of the KAPP Controller to manage the TAP package installation. Continuously synchronizing a bootstrapped Git repository containing all the TAP installation values to update the installation.

Goals of this Guide

The goals of this are the following:

  1. Provide a more prescriptive guide for installing TAP with GitOps than the official documentation provides
  2. Provide concrete examples of the repositories involved (for TAP installation and the application management after)
  3. Provide an example of how to create a complete environment setup, leveraging GitOps for resources outside of the TAP Install scope

In other words, we want to ensure we can install TAP via its GitOps install. And explore how to do so in the broader context of managing an environment spanning multiple clusters with some dedicated to running applications.

The difference between this and the official documentation is that this guide is prescriptive. It makes choices and chooses a singular path.

More paths and options exist and are equally valid.

One such choice is where to store secrets that need to end up in the Kubernetes clusters used by TAP components and applications.

Choose Secrets Management

TAP currently supports two ways of managing the secrets the installation requires.

  1. TAP with External Secrets Operator3
  2. TAP with SOPS4

The External Secrets Operator5 is a Kubernetes operator that synchronizes secrets from external secret management systems into Kubernetes.

Warning

TAP 1.5 only supports AWS's KMS when using the ESO.

Secrets OPerationS6 is a tool for managing your secrets within your Git repository.

Both options are solid solutions used by many.

For this guide, we'll work with SOPS.

Environment To Build

Through this guide, we build an environment consisting of five clusters:

  1. Shared Services: this cluster houses services that all the other clusters need, such as the image registry (Harbor), Git server (GitLab), and more.
  2. Build: where we install TAP with a Build profile to build and test our software.
  3. View: where we install TAP with a View profile to explore the workloads in the other clusters.
  4. Run-01: where we install TAP with a Run profile. We consider this our Staging environment.
  5. Run-02: where we install TAP with a Run profile. We consider this our Production environment.

Clusters Overview

Tools and CLIs

References

  1. TAP 1.5 - GitOps Install introduction 

  2. TAP 1.5 - Online Install (scripted) 

  3. TAP 1.5 - GitOps with External Secrets Operator 

  4. TAP 1.5 - GitOps with SOPS 

  5. External Secrets Operator docs 

  6. SOPS GitHub and Docs 

  7. Tanzu CLI 

  8. yq - lightweight and portable command-line YAML, JSON and XML processor 

  9. jq - jq is like sed for JSON data 

  10. Flux CLI 

  11. Knative CLI 

  12. gnupg 

  13. age - simple, modern and secure file encryption tool 

  14. SOPS - Secret OPerationS 

Last update: 2023-11-17 18:30:34