This topic tells you how to install Iterate profile cluster by using a reduced values file.
The following is the YAML file sample for the iterate-profile:
profile: iterate
shared:
ingress_domain: "INGRESS-DOMAIN"
kubernetes_distribution: "openshift" # To be passed only for OpenShift. Defaults to "".
kubernetes_version: "K8S-VERSION"
image_registry:
project_path: "SERVER-NAME/REPO-NAME" # To be used by Build Service by appending "/buildservice" and used by Supply chain by appending "/workloads"
username: "KP-DEFAULT-REPO-USERNAME"
password: "KP-DEFAULT-REPO-PASSWORD"
ca_cert_data: | # To be passed if using custom certificates
-----BEGIN CERTIFICATE-----
MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY...
-----END CERTIFICATE-----
ceip_policy_disclosed: FALSE-OR-TRUE-VALUE # Installation fails if this is not set to true. Not a string.
# The above shared keys may be overridden in the below section.
buildservice: # Optional if the corresponding shared keys are provided.
kp_default_repository: "KP-DEFAULT-REPO"
kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME"
kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD"
supply_chain: basic
ootb_supply_chain_basic: # Optional if the shared above mentioned shared keys are provided.
source:
credentials_secret: "GIT-SOURCE-CREDENTIAL-SECRET-NAME" # (Optional) Defaults to "".
registry:
server: "SERVER-NAME"
repository: "REPO-NAME"
gitops:
credentials_secret: "GITOPS-CREDENTIAL-SECRET-NAME" # (Optional) Defaults to "".
image_policy_webhook:
allow_unmatched_tags: true
contour:
envoy:
service:
type: LoadBalancer # (Optional) Defaults to LoadBalancer.
cnrs:
domain_name: "TAP-ITERATE-CNRS-DOMAIN" # Optional if the shared.ingress_domain is provided.
appliveview_connector:
backend:
sslDeactivated: TRUE-OR-FALSE-VALUE
ingressEnabled: true
host: appliveview.VIEW-CLUSTER-INGRESS-DOMAIN
tap_telemetry:
customer_entitlement_account_number: "CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER" # (Optional) Identify data for creating Tanzu Application Platform usage reports.
Where:
K8S-VERSION
is the Kubernetes version used by your OpenShift cluster. It must be in the form of1.23.x
or1.24.x
, wherex
stands for the patch version. Examples:- Red Hat OpenShift Container Platform v4.10 uses the Kubernetes version
1.23.3
. - Red Hat OpenShift Container Platform v4.11 uses the Kubernetes version
1.24.1
.
- Red Hat OpenShift Container Platform v4.10 uses the Kubernetes version
KP-DEFAULT-REPO
is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:- Harbor has the form
kp_default_repository: "my-harbor.io/my-project/build-service"
. - Docker Hub has the form
kp_default_repository: "my-dockerhub-user/build-service"
orkp_default_repository: "index.docker.io/my-user/build-service"
. - Google Cloud Registry has the form
kp_default_repository: "gcr.io/my-project/build-service"
.
- Harbor has the form
KP-DEFAULT-REPO-USERNAME
is the user name that can write toKP-DEFAULT-REPO
. You candocker push
to this location with this credential.- For Google Cloud Registry, use
kp_default_repository_username: _json_key
.
- For Google Cloud Registry, use
KP-DEFAULT-REPO-PASSWORD
is the password for the user that can write toKP-DEFAULT-REPO
. You candocker push
to this location with this credential. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service for details.- For Google Cloud Registry, use the contents of the service account JSON file.
SERVER-NAME
is the host name of the registry server. Examples:- Harbor has the form
server: "my-harbor.io"
. - Docker Hub has the form
server: "index.docker.io"
. - Google Cloud Registry has the form
server: "gcr.io"
.
- Harbor has the form
REPO-NAME
is where workload images are stored in the registry. Images are written toSERVER-NAME/REPO-NAME/workload-name
. Examples:- Harbor has the form
repository: "my-project/supply-chain"
. - Docker Hub has the form
repository: "my-dockerhub-user"
. - Google Cloud Registry has the form
repository: "my-project/supply-chain"
.
- Harbor has the form
GIT-SOURCE-CREDENTIAL-SECRET-NAME
is the name of the Kubernetes secret in the developer namespace that supplies the Git credentials for the supply chain to fetch source code from. See Git authentication for more information.GITOPS-CREDENTIAL-SECRET-NAME
is the name of the Kubernetes secret in the developer namespace that supplies the Git credentials for the supply chain to push configuration to. See Git authentication for more information.TAP-ITERATE-CNRS-DOMAIN
is the iterate cluster CNRS domain.VIEW-CLUSTER-INGRESS-DOMAIN
is the subdomain you setup on the View profile cluster. This matches the value keyappliveview.ingressDomain
orshared.ingress_domain
on the view cluster. Include the default host nameappliveview.
ahead of the domain.CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER
(optional) refers to the Entitlement Account Number (EAN), which is a unique identifier VMware assigns to its customers. Tanzu Application Platform telemetry uses this number to identify data that belongs to a particular customers and prepare usage reports. See the Tanzu Kubernetes Grid documentation for more information about identifying the Entitlement Account Number.
If you use custom CA certificates, you must provide one or more PEM-encoded CA certificates under the ca_cert_data
key. If you configured shared.ca_cert_data
, Tanzu Application Platform component packages inherit that value by default.
If you set shared.ingress_domain
in the iterate profile, the appliveview_connector.backend.host
is automatically configured as host: appliveview.INGRESS-DOMAIN
. To override the shared ingress for Application Live View to connect to the view cluster, set the appliveview_connector.backend.host
key to appliveview.VIEW-CLUSTER-INGRESS-DOMAIN
.