Tanzu Kubernetes Cluster(TKC) 上にHarbor をインストールし、Tanzu Build Service(TBS)をインストールする - その2
こちらの記事で作成した環境を元に、TKC 上にデプロイしたHarbor を利用し、Tanzu Build Service(TBS) をインストールします。TBS はソースコードからOCI 準拠のコンテナイメージを作成する、Kubernetes ネイティブなコンテナビルドソリューションです。TBS の中では利用されているOSS の技術スタックとしては、Cloud Native Buildpacks, paketo buildpacks, kpack になります。これに加えて、Tanzu Buildpacks というpaketo buildpacks にISV ソフトウェアとの連携、APM 連携やセキュリティ機能を取り込んだBuildpacks も含めて、商用版として提供しているのがTBS になります。
前提
- VMware Tanzu Network のアカウント
- TKC 上にHarbor がデプロイされている事
- TKC からHarbor にアクセス出来る事
手順
TBS インストール準備
TBS のバージョンによって、インストールステップが異なる可能性がありますので、実際にインストールする際は、公式ドキュメントを参照下さい。
TBS をインストールしていくために、準備を進めていきます。TKC にStorageClass が設定されている事を確認しておきます。
$ kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
default (default) csi.vsphere.vmware.com Delete Immediate true 6d16h
TBS をインストールする際に利用する端末から、Harbor へdocker login 出来る事を確認します。
また、Tanzu Network から必要なバイナリーをダウンロードしてくるので、
registry.pivotal.io へもログインしておきます。この際利用するのが、VMware Tanzu Network のアカウントになります。$ docker login harbor1.<MYDOMAIN> -u <harbor-user>
Password:
Login Succeeded
$ docker login registry.pivotal.io -u <tanzu-network-user>
Authenticating with existing credentials...
Login Succeeded
VMware Tanzu Network からTBS パッケージをダウンロードし、適当なディレクトリに展開しておきます。この記事では、TBS v1.1.1 を利用しています。
mkdir v1.1.1
tar xvf build-service-1.1.1.tar -C v1.1.1$ kbld version
kbld version 0.24.0
Succeeded
$ ytt version
ytt version 0.30.0$ kapp version
kapp version 0.33.0
Succeeded
TBS(kpack) を操作するための、CLI である
kp CLI もダウンロードし、インストールしておきます。以下のどちらかからダウンロード出来、インストール出来ます。$ kp version
0.2.0-build.1 e40192c
TBS インストール用イメージのRelocate
TBS に必要なコンテナイメージを
registy.pivotal.io から TKC 上にデプロイした、Harbor 上にリロケートします。$ kbld relocate -f images.lock --lock-output images-relocated.lock --repository harbor1.<MYDOMAIN>/tanzu/tbs
relocate | exporting 15 images...
relocate | will export registry.pivotal.io/build-service/kpack-build-init-windows@sha256:8a6d67db07938d1f7ee6ac711a3a8b1fefe7997e96d4b1db53570441485bc9b2
relocate | will export registry.pivotal.io/build-service/kpack-build-init@sha256:ee73f0c697c2c0f71c263cd5254fd02309fe7a07a8141290c63e37c9b401f817
relocate | will export registry.pivotal.io/build-service/kpack-completion-windows@sha256:4faaa2a46eeff8f225382e21703b0afcc3910b8453e7aa30830f3b615a0f3929
relocate | will export registry.pivotal.io/build-service/kpack-completion@sha256:798623b1715f35be5c2bf7951735c871b0ac58aaa7dc1bdd63084df7f2856a2b
relocate | will export registry.pivotal.io/build-service/kpack-controller@sha256:101143de3d1abe2d2f738ce96b5991cd085ecc6f0e8dc761b940dd1cd346b864
relocate | will export registry.pivotal.io/build-service/kpack-lifecycle@sha256:fb7e0916ea429697630743b34e858c3555ddfbb5940683754dfccd3bfa446e0a
relocate | will export registry.pivotal.io/build-service/kpack-rebase@sha256:a8c378ca28941ba8274185556aa901f9c723cbdca2b169a45ab37a17525820f5
relocate | will export registry.pivotal.io/build-service/kpack-webhook@sha256:5d053b1e85a910312cba59d6fd2019921fcd29e2854262c21e9ed1c6a0f575ff
relocate | will export registry.pivotal.io/build-service/pod-webhook@sha256:d40667df0d832800d894d4f9c1f662f96805de5dd5f6951d99ac0b56d56db2da
relocate | will export registry.pivotal.io/build-service/secret-syncer@sha256:bfe60f3ed34da87d5b07aad763512069f3b37a800a3d0b64fc89cd6d304ed195
relocate | will export registry.pivotal.io/build-service/setup-ca-certs@sha256:de52c865c102bb8ba65c2378a45ee6c080e95d7d8765f3f52555e763c797d300
relocate | will export registry.pivotal.io/build-service/sleeper@sha256:9e4b3c352ef900dd543b2ef0c2fa16041c2e1207ed356b56c9ccb00d1244ad01
relocate | will export registry.pivotal.io/build-service/smart-warmer@sha256:c8d3acb20048c7b9a4843235f785f2047007fc023c1a131b8da35f0771d28237
relocate | will export registry.pivotal.io/build-service/stackify@sha256:1b4d890741cd70eae4c7bf8fd08998f9e13de108b22973f1deb7bed2e838549f
relocate | will export registry.pivotal.io/build-service/stacks-operator-controller@sha256:0be2f03da1876d37f364094b8ca68cd0b82f086aa0f3eb9fd4463e0fb74ca052
relocate | exported 15 images
...SNIP...
relocate | imported 15 images
Succeeded
Harbor にイメージがインストールされている事を確認します。
TBS インストール
TKC 上にTBS をインストールします。
$ ytt -f values.yaml -f manifests/ -v docker_repository="harbor1.<MYDOMAIN>/tanzu/tbs" \
-v docker_username=<harbor-user> -v docker_password=<harbor-user-password> \
| kbld -f images-relocated.lock -f- |kapp deploy -a tbs -f- -y
...SNIP...
Namespace Name Kind Conds. Age Op Op st. Wait to Rs Ri
(cluster) build-service Namespace - - create - reconcile - -
^ build-service-admin-role ClusterRole - - create - reconcile - -
^ build-service-admin-role-binding ClusterRoleBinding - - create - reconcile - -
^ build-service-authenticated-role ClusterRole - - create - reconcile - -
^ build-service-authenticated-role-binding ClusterRoleBinding - - create - reconcile - -
^ build-service-secret-syncer-role ClusterRole - - create - reconcile - -
^ build-service-secret-syncer-role-binding ClusterRoleBinding - - create - reconcile - -
^ build-service-user-role ClusterRole - - create - reconcile - -
^ build-service-warmer-role ClusterRole - - create - reconcile - -
^ build-service-warmer-role-binding ClusterRoleBinding - - create - reconcile - -
^ builders.kpack.io CustomResourceDefinition - - create - reconcile - -
^ builds.kpack.io CustomResourceDefinition - - create - reconcile - -
^ cert-injection-webhook-cluster-role ClusterRole - - create - reconcile - -
^ cert-injection-webhook-cluster-role-binding ClusterRoleBinding - - create - reconcile - -
^ clusterbuilders.kpack.io CustomResourceDefinition - - create - reconcile - -
^ clusterstacks.kpack.io CustomResourceDefinition - - create - reconcile - -
^ clusterstores.kpack.io CustomResourceDefinition - - create - reconcile - -
^ custom-stack-editor-role ClusterRole - - create - reconcile - -
^ custom-stack-viewer-role ClusterRole - - create - reconcile - -
^ customstacks.stacks.stacks-operator.tanzu.vmware.com CustomResourceDefinition - - create - reconcile - -
^ defaults.webhook.cert-injection.tanzu.vmware.com MutatingWebhookConfiguration - - create - reconcile - -
^ defaults.webhook.kpack.io MutatingWebhookConfiguration - - create - reconcile - -
^ images.kpack.io CustomResourceDefinition - - create - reconcile - -
^ kpack Namespace - - create - reconcile - -
^ kpack-controller-admin ClusterRole - - create - reconcile - -
^ kpack-controller-admin-binding ClusterRoleBinding - - create - reconcile - -
^ kpack-webhook-certs-mutatingwebhookconfiguration-admin-binding ClusterRoleBinding - - create - reconcile - -
^ kpack-webhook-mutatingwebhookconfiguration-admin ClusterRole - - create - reconcile - -
^ metrics-reader ClusterRole - - create - reconcile - -
^ proxy-role ClusterRole - - create - reconcile - -
^ proxy-rolebinding ClusterRoleBinding - - create - reconcile - -
^ sourceresolvers.kpack.io CustomResourceDefinition - - create - reconcile - -
^ stacks-operator-manager-role ClusterRole - - create - reconcile - -
^ stacks-operator-manager-rolebinding ClusterRoleBinding - - create - reconcile - -
^ stacks-operator-system Namespace - - create - reconcile - -
^ validation.webhook.kpack.io ValidatingWebhookConfiguration - - create - reconcile - -
build-service build-pod-image-fetcher DaemonSet - - create - reconcile - -
^ build-service-warmer-namespace-role Role - - create - reconcile - -
^ build-service-warmer-namespace-role-binding RoleBinding - - create - reconcile - -
^ ca-cert ConfigMap - - create - reconcile - -
^ canonical-registry-secret Secret - - create - reconcile - -
^ cb-service-account ServiceAccount - - create - reconcile - -
^ cert-injection-webhook Deployment - - create - reconcile - -
^ cert-injection-webhook Service - - create - reconcile - -
^ cert-injection-webhook-role Role - - create - reconcile - -
^ cert-injection-webhook-role-binding RoleBinding - - create - reconcile - -
^ cert-injection-webhook-sa ServiceAccount - - create - reconcile - -
^ cert-injection-webhook-tls Secret - - create - reconcile - -
^ http-proxy ConfigMap - - create - reconcile - -
^ https-proxy ConfigMap - - create - reconcile - -
^ no-proxy ConfigMap - - create - reconcile - -
^ secret-syncer-controller Deployment - - create - reconcile - -
^ secret-syncer-service-account ServiceAccount - - create - reconcile - -
^ setup-ca-certs-image ConfigMap - - create - reconcile - -
^ sleeper-image ConfigMap - - create - reconcile - -
^ warmer-controller Deployment - - create - reconcile - -
^ warmer-service-account ServiceAccount - - create - reconcile - -
kpack build-init-image ConfigMap - - create - reconcile - -
^ build-init-windows-image ConfigMap - - create - reconcile - -
^ canonical-registry-secret Secret - - create - reconcile - -
^ canonical-registry-serviceaccount ServiceAccount - - create - reconcile - -
^ completion-image ConfigMap - - create - reconcile - -
^ completion-windows-image ConfigMap - - create - reconcile - -
^ controller ServiceAccount - - create - reconcile - -
^ kp-config ConfigMap - - create - reconcile - -
^ kpack-controller Deployment - - create - reconcile - -
^ kpack-controller-local-config Role - - create - reconcile - -
^ kpack-controller-local-config-binding RoleBinding - - create - reconcile - -
^ kpack-webhook Deployment - - create - reconcile - -
^ kpack-webhook Service - - create - reconcile - -
^ kpack-webhook-certs-admin Role - - create - reconcile - -
^ kpack-webhook-certs-admin-binding RoleBinding - - create - reconcile - -
^ lifecycle-image ConfigMap - - create - reconcile - -
^ rebase-image ConfigMap - - create - reconcile - -
^ webhook ServiceAccount - - create - reconcile - -
^ webhook-certs Secret - - create - reconcile - -
stacks-operator-system canonical-registry-secret Secret - - create - reconcile - -
^ controller-manager Deployment - - create - reconcile - -
^ controller-manager-metrics-service Service - - create - reconcile - -
^ leader-election-role Role - - create - reconcile - -
^ leader-election-rolebinding RoleBinding - - create - reconcile - -
^ stackify-image ConfigMap - - create - reconcile - -
Op: 82 create, 0 delete, 0 update, 0 noop
Wait to: 82 reconcile, 0 delete, 0 noop
3:32:22PM: ---- applying 36 changes [0/82 done] ----
3:32:23PM: create clusterrolebinding/build-service-warmer-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:23PM: create clusterrolebinding/build-service-authenticated-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:23PM: create validatingwebhookconfiguration/validation.webhook.kpack.io (admissionregistration.k8s.io/v1beta1) cluster
3:32:23PM: create namespace/kpack (v1) cluster
3:32:23PM: create clusterrole/build-service-user-role (rbac.authorization.k8s.io/v1) cluster
3:32:24PM: create namespace/build-service (v1) cluster
3:32:24PM: create clusterrolebinding/kpack-controller-admin-binding (rbac.authorization.k8s.io/v1) cluster
3:32:25PM: create clusterrole/kpack-controller-admin (rbac.authorization.k8s.io/v1) cluster
3:32:25PM: create namespace/stacks-operator-system (v1) cluster
3:32:25PM: create customresourcedefinition/builders.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:25PM: create clusterrole/kpack-webhook-mutatingwebhookconfiguration-admin (rbac.authorization.k8s.io/v1) cluster
3:32:26PM: create clusterrolebinding/kpack-webhook-certs-mutatingwebhookconfiguration-admin-binding (rbac.authorization.k8s.io/v1) cluster
3:32:26PM: create mutatingwebhookconfiguration/defaults.webhook.cert-injection.tanzu.vmware.com (admissionregistration.k8s.io/v1beta1) cluster
3:32:26PM: create clusterrole/cert-injection-webhook-cluster-role (rbac.authorization.k8s.io/v1) cluster
3:32:26PM: create customresourcedefinition/clusterbuilders.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:26PM: create clusterrole/build-service-secret-syncer-role (rbac.authorization.k8s.io/v1) cluster
3:32:26PM: create clusterrolebinding/cert-injection-webhook-cluster-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:26PM: create customresourcedefinition/clusterstores.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:27PM: create clusterrolebinding/build-service-secret-syncer-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:27PM: create clusterrolebinding/build-service-admin-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:27PM: create clusterrole/build-service-admin-role (rbac.authorization.k8s.io/v1) cluster
3:32:27PM: create clusterrole/proxy-role (rbac.authorization.k8s.io/v1) cluster
3:32:27PM: create clusterrolebinding/proxy-rolebinding (rbac.authorization.k8s.io/v1) cluster
3:32:27PM: create clusterrole/metrics-reader (rbac.authorization.k8s.io/v1beta1) cluster
3:32:28PM: create clusterrole/build-service-authenticated-role (rbac.authorization.k8s.io/v1) cluster
3:32:28PM: create mutatingwebhookconfiguration/defaults.webhook.kpack.io (admissionregistration.k8s.io/v1beta1) cluster
3:32:29PM: create customresourcedefinition/customstacks.stacks.stacks-operator.tanzu.vmware.com (apiextensions.k8s.io/v1beta1) cluster
3:32:29PM: create customresourcedefinition/sourceresolvers.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:29PM: create clusterrole/stacks-operator-manager-role (rbac.authorization.k8s.io/v1) cluster
3:32:30PM: create customresourcedefinition/clusterstacks.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:30PM: create clusterrole/build-service-warmer-role (rbac.authorization.k8s.io/v1) cluster
3:32:30PM: create clusterrole/custom-stack-viewer-role (rbac.authorization.k8s.io/v1) cluster
3:32:30PM: create customresourcedefinition/images.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:30PM: create customresourcedefinition/builds.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:31PM: create clusterrolebinding/stacks-operator-manager-rolebinding (rbac.authorization.k8s.io/v1) cluster
3:32:31PM: create clusterrole/custom-stack-editor-role (rbac.authorization.k8s.io/v1) cluster
3:32:31PM: ---- waiting on 36 changes [0/82 done] ----
3:32:31PM: ok: reconcile namespace/build-service (v1) cluster
3:32:31PM: ok: reconcile clusterrolebinding/build-service-warmer-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:31PM: ok: reconcile validatingwebhookconfiguration/validation.webhook.kpack.io (admissionregistration.k8s.io/v1beta1) cluster
3:32:31PM: ok: reconcile clusterrole/custom-stack-editor-role (rbac.authorization.k8s.io/v1) cluster
3:32:31PM: ok: reconcile clusterrolebinding/kpack-webhook-certs-mutatingwebhookconfiguration-admin-binding (rbac.authorization.k8s.io/v1) cluster
3:32:31PM: ok: reconcile clusterrole/metrics-reader (rbac.authorization.k8s.io/v1beta1) cluster
3:32:31PM: ok: reconcile customresourcedefinition/clusterbuilders.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:31PM: ok: reconcile clusterrole/cert-injection-webhook-cluster-role (rbac.authorization.k8s.io/v1) cluster
3:32:31PM: ok: reconcile mutatingwebhookconfiguration/defaults.webhook.cert-injection.tanzu.vmware.com (admissionregistration.k8s.io/v1beta1) cluster
3:32:31PM: ok: reconcile clusterrole/build-service-secret-syncer-role (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile clusterrole/build-service-admin-role (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile customresourcedefinition/clusterstores.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:32PM: ok: reconcile clusterrolebinding/build-service-admin-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile clusterrolebinding/build-service-secret-syncer-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile clusterrolebinding/cert-injection-webhook-cluster-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile clusterrolebinding/proxy-rolebinding (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile namespace/stacks-operator-system (v1) cluster
3:32:32PM: ok: reconcile clusterrolebinding/build-service-authenticated-role-binding (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile clusterrole/proxy-role (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile namespace/kpack (v1) cluster
3:32:32PM: ok: reconcile clusterrole/kpack-controller-admin (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile clusterrolebinding/kpack-controller-admin-binding (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile mutatingwebhookconfiguration/defaults.webhook.kpack.io (admissionregistration.k8s.io/v1beta1) cluster
3:32:32PM: ok: reconcile clusterrole/build-service-authenticated-role (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile customresourcedefinition/clusterstacks.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:32PM: ok: reconcile clusterrole/kpack-webhook-mutatingwebhookconfiguration-admin (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile clusterrole/stacks-operator-manager-role (rbac.authorization.k8s.io/v1) cluster
3:32:32PM: ok: reconcile customresourcedefinition/builders.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:32PM: ok: reconcile customresourcedefinition/sourceresolvers.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:32PM: ok: reconcile customresourcedefinition/customstacks.stacks.stacks-operator.tanzu.vmware.com (apiextensions.k8s.io/v1beta1) cluster
3:32:33PM: ok: reconcile clusterrole/build-service-user-role (rbac.authorization.k8s.io/v1) cluster
3:32:33PM: ok: reconcile customresourcedefinition/builds.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:33PM: ok: reconcile customresourcedefinition/images.kpack.io (apiextensions.k8s.io/v1beta1) cluster
3:32:33PM: ok: reconcile clusterrole/build-service-warmer-role (rbac.authorization.k8s.io/v1) cluster
3:32:33PM: ok: reconcile clusterrole/custom-stack-viewer-role (rbac.authorization.k8s.io/v1) cluster
3:32:33PM: ok: reconcile clusterrolebinding/stacks-operator-manager-rolebinding (rbac.authorization.k8s.io/v1) cluster
3:32:33PM: ---- applying 36 changes [36/82 done] ----
3:32:34PM: create configmap/https-proxy (v1) namespace: build-service
3:32:34PM: create configmap/build-init-windows-image (v1) namespace: kpack
3:32:34PM: create rolebinding/build-service-warmer-namespace-role-binding (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:34PM: create rolebinding/kpack-controller-local-config-binding (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:35PM: create configmap/kp-config (v1) namespace: kpack
3:32:35PM: create secret/canonical-registry-secret (v1) namespace: build-service
3:32:35PM: create secret/cert-injection-webhook-tls (v1) namespace: build-service
3:32:35PM: create configmap/no-proxy (v1) namespace: build-service
3:32:35PM: create role/kpack-webhook-certs-admin (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:35PM: create configmap/setup-ca-certs-image (v1) namespace: build-service
3:32:36PM: create secret/webhook-certs (v1) namespace: kpack
3:32:36PM: create serviceaccount/secret-syncer-service-account (v1) namespace: build-service
3:32:36PM: create rolebinding/leader-election-rolebinding (rbac.authorization.k8s.io/v1) namespace: stacks-operator-system
3:32:36PM: create secret/canonical-registry-secret (v1) namespace: stacks-operator-system
3:32:37PM: create configmap/stackify-image (v1) namespace: stacks-operator-system
3:32:37PM: create serviceaccount/cb-service-account (v1) namespace: build-service
3:32:37PM: create role/leader-election-role (rbac.authorization.k8s.io/v1) namespace: stacks-operator-system
3:32:37PM: create configmap/ca-cert (v1) namespace: build-service
3:32:37PM: create rolebinding/kpack-webhook-certs-admin-binding (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:37PM: create configmap/sleeper-image (v1) namespace: build-service
3:32:38PM: create secret/canonical-registry-secret (v1) namespace: kpack
3:32:38PM: create serviceaccount/webhook (v1) namespace: kpack
3:32:38PM: create configmap/completion-image (v1) namespace: kpack
3:32:38PM: create configmap/rebase-image (v1) namespace: kpack
3:32:38PM: create configmap/lifecycle-image (v1) namespace: kpack
3:32:38PM: create configmap/http-proxy (v1) namespace: build-service
3:32:39PM: create serviceaccount/warmer-service-account (v1) namespace: build-service
3:32:39PM: create configmap/build-init-image (v1) namespace: kpack
3:32:39PM: create role/cert-injection-webhook-role (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:39PM: create serviceaccount/canonical-registry-serviceaccount (v1) namespace: kpack
3:32:40PM: create configmap/completion-windows-image (v1) namespace: kpack
3:32:40PM: create role/kpack-controller-local-config (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:40PM: create rolebinding/cert-injection-webhook-role-binding (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:40PM: create role/build-service-warmer-namespace-role (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:41PM: create serviceaccount/cert-injection-webhook-sa (v1) namespace: build-service
3:32:41PM: create serviceaccount/controller (v1) namespace: kpack
3:32:41PM: ---- waiting on 36 changes [36/82 done] ----
3:32:41PM: ok: reconcile configmap/completion-image (v1) namespace: kpack
3:32:41PM: ok: reconcile rolebinding/leader-election-rolebinding (rbac.authorization.k8s.io/v1) namespace: stacks-operator-system
3:32:41PM: ok: reconcile serviceaccount/controller (v1) namespace: kpack
3:32:41PM: ok: reconcile configmap/setup-ca-certs-image (v1) namespace: build-service
3:32:41PM: ok: reconcile serviceaccount/cb-service-account (v1) namespace: build-service
3:32:41PM: ok: reconcile configmap/kp-config (v1) namespace: kpack
3:32:41PM: ok: reconcile rolebinding/kpack-controller-local-config-binding (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:41PM: ok: reconcile rolebinding/build-service-warmer-namespace-role-binding (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:41PM: ok: reconcile configmap/https-proxy (v1) namespace: build-service
3:32:41PM: ok: reconcile configmap/build-init-windows-image (v1) namespace: kpack
3:32:42PM: ok: reconcile secret/webhook-certs (v1) namespace: kpack
3:32:42PM: ok: reconcile secret/cert-injection-webhook-tls (v1) namespace: build-service
3:32:42PM: ok: reconcile role/kpack-webhook-certs-admin (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:42PM: ok: reconcile configmap/no-proxy (v1) namespace: build-service
3:32:42PM: ok: reconcile secret/canonical-registry-secret (v1) namespace: build-service
3:32:42PM: ok: reconcile configmap/lifecycle-image (v1) namespace: kpack
3:32:42PM: ok: reconcile configmap/rebase-image (v1) namespace: kpack
3:32:42PM: ok: reconcile configmap/http-proxy (v1) namespace: build-service
3:32:42PM: ok: reconcile role/cert-injection-webhook-role (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:42PM: ok: reconcile serviceaccount/warmer-service-account (v1) namespace: build-service
3:32:42PM: ok: reconcile secret/canonical-registry-secret (v1) namespace: stacks-operator-system
3:32:42PM: ok: reconcile rolebinding/kpack-webhook-certs-admin-binding (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:42PM: ok: reconcile role/leader-election-role (rbac.authorization.k8s.io/v1) namespace: stacks-operator-system
3:32:42PM: ok: reconcile configmap/build-init-image (v1) namespace: kpack
3:32:42PM: ok: reconcile configmap/ca-cert (v1) namespace: build-service
3:32:43PM: ok: reconcile configmap/stackify-image (v1) namespace: stacks-operator-system
3:32:43PM: ok: reconcile configmap/completion-windows-image (v1) namespace: kpack
3:32:43PM: ok: reconcile serviceaccount/secret-syncer-service-account (v1) namespace: build-service
3:32:43PM: ok: reconcile serviceaccount/canonical-registry-serviceaccount (v1) namespace: kpack
3:32:43PM: ok: reconcile role/kpack-controller-local-config (rbac.authorization.k8s.io/v1) namespace: kpack
3:32:43PM: ok: reconcile rolebinding/cert-injection-webhook-role-binding (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:43PM: ok: reconcile serviceaccount/webhook (v1) namespace: kpack
3:32:43PM: ok: reconcile secret/canonical-registry-secret (v1) namespace: kpack
3:32:43PM: ok: reconcile configmap/sleeper-image (v1) namespace: build-service
3:32:43PM: ok: reconcile role/build-service-warmer-namespace-role (rbac.authorization.k8s.io/v1) namespace: build-service
3:32:43PM: ok: reconcile serviceaccount/cert-injection-webhook-sa (v1) namespace: build-service
3:32:43PM: ---- applying 10 changes [72/82 done] ----
3:32:44PM: create service/cert-injection-webhook (v1) namespace: build-service
3:32:44PM: create service/kpack-webhook (v1) namespace: kpack
3:32:46PM: create deployment/warmer-controller (apps/v1) namespace: build-service
3:32:46PM: create deployment/kpack-controller (apps/v1) namespace: kpack
3:32:46PM: create deployment/controller-manager (apps/v1) namespace: stacks-operator-system
3:32:46PM: create service/controller-manager-metrics-service (v1) namespace: stacks-operator-system
3:32:46PM: create daemonset/build-pod-image-fetcher (apps/v1) namespace: build-service
3:32:46PM: create deployment/secret-syncer-controller (apps/v1) namespace: build-service
3:32:46PM: create deployment/kpack-webhook (apps/v1) namespace: kpack
3:32:48PM: create deployment/cert-injection-webhook (apps/v1) namespace: build-service
3:32:48PM: ---- waiting on 10 changes [72/82 done] ----
3:32:48PM: ok: reconcile service/controller-manager-metrics-service (v1) namespace: stacks-operator-system
3:32:50PM: ongoing: reconcile deployment/cert-injection-webhook (apps/v1) namespace: build-service
3:32:50PM: ^ Waiting for 1 unavailable replicas
3:32:50PM: L ok: waiting on replicaset/cert-injection-webhook-6f597c9d98 (apps/v1) namespace: build-service
3:32:50PM: L ongoing: waiting on pod/cert-injection-webhook-6f597c9d98-85pvs (v1) namespace: build-service
3:32:50PM: ^ Pending: ContainerCreating
3:32:50PM: ongoing: reconcile deployment/secret-syncer-controller (apps/v1) namespace: build-service
3:32:50PM: ^ Waiting for 1 unavailable replicas
3:32:50PM: L ok: waiting on replicaset/secret-syncer-controller-5768cc46ff (apps/v1) namespace: build-service
3:32:50PM: L ongoing: waiting on pod/secret-syncer-controller-5768cc46ff-4wzpn (v1) namespace: build-service
3:32:50PM: ^ Pending: ContainerCreating
3:32:50PM: ok: reconcile service/cert-injection-webhook (v1) namespace: build-service
3:32:50PM: ok: reconcile service/kpack-webhook (v1) namespace: kpack
3:32:50PM: ongoing: reconcile deployment/controller-manager (apps/v1) namespace: stacks-operator-system
3:32:50PM: ^ Waiting for 1 unavailable replicas
3:32:50PM: L ok: waiting on replicaset/controller-manager-7fdc9994fc (apps/v1) namespace: stacks-operator-system
3:32:50PM: L ongoing: waiting on pod/controller-manager-7fdc9994fc-rrwxq (v1) namespace: stacks-operator-system
3:32:50PM: ^ Pending: ContainerCreating
3:32:50PM: ongoing: reconcile deployment/kpack-webhook (apps/v1) namespace: kpack
3:32:50PM: ^ Waiting for 1 unavailable replicas
3:32:50PM: L ok: waiting on replicaset/kpack-webhook-858b5dc6cd (apps/v1) namespace: kpack
3:32:50PM: L ongoing: waiting on pod/kpack-webhook-858b5dc6cd-gbwmg (v1) namespace: kpack
3:32:50PM: ^ Pending: ContainerCreating
3:32:50PM: ongoing: reconcile daemonset/build-pod-image-fetcher (apps/v1) namespace: build-service
3:32:50PM: ^ Waiting for 1 unavailable pods
3:32:50PM: L ongoing: waiting on pod/build-pod-image-fetcher-t6v9s (v1) namespace: build-service
3:32:50PM: ^ Pending: PodInitializing
3:32:50PM: L ok: waiting on controllerrevision/build-pod-image-fetcher-798bf7bdfb (apps/v1) namespace: build-service
3:32:54PM: ongoing: reconcile deployment/kpack-controller (apps/v1) namespace: kpack
3:32:54PM: ^ Waiting for 1 unavailable replicas
3:32:54PM: L ok: waiting on replicaset/kpack-controller-56f44c9cd6 (apps/v1) namespace: kpack
3:32:54PM: L ok: waiting on pod/kpack-controller-56f44c9cd6-g2jtt (v1) namespace: kpack
3:32:54PM: ok: reconcile deployment/warmer-controller (apps/v1) namespace: build-service
3:32:54PM: ---- waiting on 6 changes [76/82 done] ----
3:32:55PM: ok: reconcile deployment/kpack-controller (apps/v1) namespace: kpack
3:32:56PM: ongoing: reconcile deployment/controller-manager (apps/v1) namespace: stacks-operator-system
3:32:56PM: ^ Waiting for 1 unavailable replicas
3:32:56PM: L ok: waiting on replicaset/controller-manager-7fdc9994fc (apps/v1) namespace: stacks-operator-system
3:32:56PM: L ok: waiting on pod/controller-manager-7fdc9994fc-rrwxq (v1) namespace: stacks-operator-system
3:32:57PM: ---- waiting on 5 changes [77/82 done] ----
3:32:59PM: ok: reconcile deployment/controller-manager (apps/v1) namespace: stacks-operator-system
3:32:59PM: ok: reconcile deployment/secret-syncer-controller (apps/v1) namespace: build-service
3:32:59PM: ---- waiting on 3 changes [79/82 done] ----
3:33:01PM: ongoing: reconcile deployment/kpack-webhook (apps/v1) namespace: kpack
3:33:01PM: ^ Waiting for 1 unavailable replicas
3:33:01PM: L ok: waiting on replicaset/kpack-webhook-858b5dc6cd (apps/v1) namespace: kpack
3:33:01PM: L ok: waiting on pod/kpack-webhook-858b5dc6cd-gbwmg (v1) namespace: kpack
3:33:04PM: ok: reconcile deployment/cert-injection-webhook (apps/v1) namespace: build-service
3:33:04PM: ok: reconcile deployment/kpack-webhook (apps/v1) namespace: kpack
3:33:04PM: ---- waiting on 1 changes [81/82 done] ----
3:33:42PM: ok: reconcile daemonset/build-pod-image-fetcher (apps/v1) namespace: build-service
3:33:42PM: ---- applying complete [82/82 done] ----
3:33:42PM: ---- waiting complete [82/82 done] ----
Succeeded
しばらくすると、TKC 上に
build-service、kpack、stacks-operator-system というネームスペースが作成され、TKC 上でTBS が稼働している事が確認出来ます。$ kubectl get ns
NAME STATUS AGE
build-service Active 116s
default Active 6d16h
harbor Active 6d15h
kpack Active 116s
kube-node-lease Active 6d16h
kube-public Active 6d16h
kube-system Active 6d16h
stacks-operator-system Active 115s
vmware-system-auth Active 6d16h
vmware-system-cloud-provider Active 6d16h
vmware-system-csi Active 6d16h
$ kubectl get pods -n kpack
NAME READY STATUS RESTARTS AGE
kpack-controller-56f44c9cd6-g2jtt 1/1 Running 0 109s
kpack-webhook-858b5dc6cd-gbwmg 1/1 Running 0 107s
$ kubectl get pods -n build-service
NAME READY STATUS RESTARTS AGE
build-pod-image-fetcher-t6v9s 5/5 Running 0 114s
cert-injection-webhook-6f597c9d98-85pvs 1/1 Running 0 114s
secret-syncer-controller-5768cc46ff-4wzpn 1/1 Running 0 116s
warmer-controller-85f7545b8d-pq4v2 1/1 Running 0 117s
$ kubectl get pods -n stacks-operator-system
NAME READY STATUS RESTARTS AGE
controller-manager-7fdc9994fc-rrwxq 1/1 Running 1 2m6s
TBS で利用するClusterBuilder のインストール
TBS をインストールした直後のこの状態では、コンテナイメージを作成するためのBuilder がないため、TBS を利用したコンテナイメージ作成は失敗します。
ですので、TBS で利用するBuilder(コンテナのベースOSイメージ(Stack) + Buildpacks(各アプリケーション言語毎のランタイム)の集合体(Store))をインストールします。
$ kp clusterbuilder list
Error: no clusterbuilders found
Builder をインストールするための、定義ファイルをVMware Tanzu Network からダウンロードします。この記事では、
descriptor-100.0.72.yaml を利用しています。$ kp import -f descriptor-100.0.72.yaml
Importing ClusterStore 'default'...
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_go@sha256:64ba98089642bdb1ae22fde9b12fb905e0034a2e99c4564249bbc5190dcef8f9'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_java@sha256:2cad7d20a18d21bfd28630e67f7a758cf3d6e97f5b8e9a59292384f6d7d130d1'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_nodejs@sha256:5050ac76d043395422e4ae3cab74d5bb31dc4e9f66414d0be3c4ebb7d1276312'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_java-native-image@sha256:12f8ff3e904d1698442c05a73a7318bfbbaf535e582704ff02f675d1fe4ebe7f'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_dotnet-core@sha256:9ecfbe3c3565f6bc15d5aa116615cf33195a5d27133438d285f9d812f5c72664'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_php@sha256:fd5abb334f4adbcf46f42977992af145db04fb262d4c516ff4264f94e1fcd689'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_nginx@sha256:e67d5cd2e5240a9eb7a899b9b5d979ad85d0cf6c8182e15424516dac9f577371'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_httpd@sha256:34989fb8e264ccaea7916a9017b306d621b017920f71439fc515164ac0484cf5'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/paketo-buildpacks_procfile@sha256:bf6a4265db23ae25b34d402cd24e04c36dccdf24d6a6b9297f1d154a9d0b8062'
Importing ClusterStack 'tiny'...
Uploading to 'harbor1.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/build@sha256:2775935b319ada89a0f48eee9a994205fafe7f48fe48e74ff026f10d229f89c1'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/run@sha256:45f995c761637a9a28dc5b4e4d461369b69b0db71c2ea890f4be43327cd676ce'
Importing ClusterStack 'base'...
Uploading to 'harbor1.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/build@sha256:babbf06e090ccf7773bff038353b13b78934d461edf43fb949928d8fa530ddf6'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/run@sha256:e89f3ba15ab6ef4d43d1521c9238b5c74efcf78c1f52470bfec04bc2a025528b'
Importing ClusterStack 'full'...
Uploading to 'harbor1.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/build@sha256:d0f2914ce26c1cc05a84257262f4c4481da51049c1f514843af5c269d0b95050'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/run@sha256:731876d21d3be32c4d71b5001f920d1788c0363d0134990be787b8384b77c6ec'
Importing ClusterStack 'default'...
Uploading to 'harbor1.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/build@sha256:babbf06e090ccf7773bff038353b13b78934d461edf43fb949928d8fa530ddf6'
Uploading 'harbor1.<MYDOMAIN>/tanzu/tbs/run@sha256:e89f3ba15ab6ef4d43d1521c9238b5c74efcf78c1f52470bfec04bc2a025528b'
Importing ClusterBuilder 'base'...
Importing ClusterBuilder 'full'...
Importing ClusterBuilder 'tiny'...
Importing ClusterBuilder 'default'...
Imported resources$ kp clusterbuilder list
NAME READY STACK IMAGE
base true io.buildpacks.stacks.bionic harbor1.<MYDOMAIN>/tanzu/tbs/base@sha256:21ee9b7392a1d307a0a7361ee550e68085b33ae5d96a54db52ef2500ded60349
default true io.buildpacks.stacks.bionic harbor1.<MYDOMAIN>/tanzu/tbs/default@sha256:21ee9b7392a1d307a0a7361ee550e68085b33ae5d96a54db52ef2500ded60349
full true io.buildpacks.stacks.bionic harbor1.<MYDOMAIN>/tanzu/tbs/full@sha256:7bf6b8bb491c106782fd3049f116bb2124d0d7f217bbca046e5d848a6db9cf31
tiny true io.paketo.stacks.tiny harbor1.<MYDOMAIN>/tanzu/tbs/tiny@sha256:ae15f90d12728a72a934feec24c92607154c44f8c1a55a9943310caf556761a5Harbor 上にもClusterBuilder のイメージがアップロードされている事が確認出来ます。
まとめ
TKC 上にインストールしたHarbor を利用し、TBS のインストールが出来ました。このTBS 環境を利用し、ソース to コンテナイメージ を利用出来る様になりました。
次の記事では実際に利用した際の手順をまとめたいと思います。
- リンクを取得
- ×
- メール
- 他のアプリ
