Add a Tanzu Application Service (TAS) connector
This topic describes how to set up the Harness Delegate in your TAS environment and add the cloud provider used to connect to your Tanzu cloud for deployment.
Install the Harness Delegate
Harness Delegate is a service you run in your local network or VPC to connect your artifacts, TAS infrastructure, and any other providers with the Harness Manager.
Expand the following section to learn how to install the Harness Delegate.
Use the delegate installation wizard
Use the terminal
To learn more, watch the Delegate overview video.
Install the Cloud Foundry Command Line Interface (cf CLI) on your Harness Delegate
After the delegate pods are created, you must edit your Harness Delegate YAML to install CF CLI v7, autoscaler
, and Create-Service-Push
plugins.
-
Open
delegate.yaml
in a text editor. -
Locate the environment variable
INIT_SCRIPT
in theDeployment
object.- name: INIT_SCRIPT
value: "" -
Replace
value: ""
with the following script to install CF CLI,autoscaler
, andCreate-Service-Push
plugins.infoHarness Delegate uses Red Hat–based distributions such as Red Hat Enterprise Linux (RHEL) or Red Hat Universal Base Image (UBI). Hence, we recommend that you use
microdnf
commands to install CF CLI on your delegate. If you are using a package manager in Debian-based distributions such as Ubuntu, useapt-get
commands to install CF CLI on your delegate.infoMake sure to use your API token for pivnet login in the following script.
- microdnf
- apt-get
- name: INIT_SCRIPT
value: |
# update package manager, install necessary packages, and install CF CLI v7
microdnf update
microdnf install yum
microdnf install --nodocs unzip yum-utils
microdnf install -y yum-utils
echo y | yum install wget
wget -O /etc/yum.repos.d/cloudfoundry-cli.repo https://packages.cloudfoundry.org/fedora/cloudfoundry-cli.repo
echo y | yum install cf7-cli -y
# autoscaler plugin
# download and install pivnet
wget -O pivnet https://github.com/pivotal-cf/pivnet-cli/releases/download/v0.0.55/pivnet-linux-amd64-0.0.55 && chmod +x pivnet && mv pivnet /usr/local/bin;
pivnet login --api-token=<replace with api token>
# download and install autoscaler plugin by pivnet
pivnet download-product-files --product-slug='pcf-app-autoscaler' --release-version='2.0.295' --product-file-id=912441
cf install-plugin -f autoscaler-for-pcf-cliplugin-linux64-binary-2.0.295
# install Create-Service-Push plugin from community
cf install-plugin -r CF-Community "Create-Service-Push"
# verify cf version
cf --version
# verify plugins
cf plugins
- name: INIT_SCRIPT
value: |
# update package manager, install necessary packages, and install CF CLI v7
apt-get install wget
wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | apt-key add -
echo "deb https://packages.cloudfoundry.org/debian stable main" | tee /etc/apt/sources.list.d/cloudfoundry-cli.list
apt-get update
apt-get install cf7-cli
# autoscaler plugin
# download and install pivnet
wget -O pivnet https://github.com/pivotal-cf/pivnet-cli/releases/download/v0.0.55/pivnet-linux-amd64-0.0.55 && chmod +x pivnet && mv pivnet /usr/local/bin;
pivnet login --api-token=<replace with api token>
# download and install autoscaler plugin by pivnet
pivnet download-product-files --product-slug='pcf-app-autoscaler' --release-version='2.0.295' --product-file-id=912441
cf install-plugin -f autoscaler-for-pcf-cliplugin-linux64-binary-2.0.295
# install Create-Service-Push plugin from community
cf install-plugin -r CF-Community "Create-Service-Push"
# verify cf version
cf --version
# verify plugins
cf plugins
-
Apply the profile to the delegate profile and check the logs.
The output for
cf --version
iscf version 7.2.0+be4a5ce2b.2020-12-10
.Here is the output for
cf plugins
.App Autoscaler 2.0.295 autoscaling-apps Displays apps bound to the autoscaler
App Autoscaler 2.0.295 autoscaling-events Displays previous autoscaling events for the app
App Autoscaler 2.0.295 autoscaling-rules Displays rules for an autoscaled app
App Autoscaler 2.0.295 autoscaling-slcs Displays scheduled limit changes for the app
App Autoscaler 2.0.295 configure-autoscaling Configures autoscaling using a manifest file
App Autoscaler 2.0.295 create-autoscaling-rule Create rule for an autoscaled app
App Autoscaler 2.0.295 create-autoscaling-slc Create scheduled instance limit change for an autoscaled app
App Autoscaler 2.0.295 delete-autoscaling-rule Delete rule for an autoscaled app
App Autoscaler 2.0.295 delete-autoscaling-rules Delete all rules for an autoscaled app
App Autoscaler 2.0.295 delete-autoscaling-slc Delete scheduled limit change for an autoscaled app
App Autoscaler 2.0.295 disable-autoscaling Disables autoscaling for the app
App Autoscaler 2.0.295 enable-autoscaling Enables autoscaling for the app
App Autoscaler 2.0.295 update-autoscaling-limits Updates autoscaling instance limits for the app
Create-Service-Push 1.3.2 create-service-push, cspush Works in the same manner as cf push, except that it will create services defined in a services-manifest.yml file first before performing a cf push.noteThe CF Command script does not require
cf login
. Harness logs in by using the credentials in the TAS cloud provider set up in the infrastructure definition for the workflow executing the CF Command.
Add the Harness TAS provider
You can connect Harness to a TAS space by adding a TAS connector.
Perform the following steps to add a TAS connector.
-
Open a Harness project, and then select Connectors under Project Setup.
-
Select New Connector, and select Tanzu Application Service under Cloud Providers.
-
Enter a connector name, enter an optional description and tag, and then select Continue.
Harness automatically creates an ID for the connector. The ID is based on the connector's name.
-
Enter the TAS Endpoint URL. For example,
https://api.system.tas-mycompany.com
. -
In Authentication, select one of the following options:
- Plaintext - Enter the username and password. For password, you can either create a new secret or use an existing one.
- Encrypted - Enter the username and password. You can create a new secret for your username and password or use exiting ones.
-
Select Continue.
-
In Connect to the provider, select Connect through a Harness Delegate, and then select Continue.
We don't recommend using the Connect through Harness Platform option here because you'll need a delegate later for connecting to your TAS environment. Typically, the Connect through Harness Platform option is a quick way to make connections without having to use delegates.
-
In Set Up Delegates, select the Connect using Delegates with the following Tags option, and then enter the name of the delegate you created earlier.
-
Select Save and Continue.
-
Once the test connection succeeds, select Finish.
The connector now appears in the Connectors list.
Refresh Token Support
Harness Delegate version 23.12.81804 or later is required to use this feature.
Harness provides the option to use a Refresh token to authenticate with the Tanzu connector. This Refresh token is used by Harness to verify your Tanzu instance. However, you still need to provide a username and password to authenticate with Tanzu. These credentials are used to obtain a new Refresh token. Once the Refresh token is provided in the connector, Harness uses it to authenticate and perform each task. Harness will authenticate with the Refresh token before executing each Tanzu step defined in the pipeline.
You can retrieve the Refresh token via the config.json
file you receive when authenticating with the CF client. You can pass the Refresh token as a secret stored in the Harness Secrets Manager or your secrets manager of choice.
Custom configuration for extensible authentication
For Harness Delegate version 23.12.81811 and later, you can create a Tanzu connector by setting the AS_REFRESH_TOKEN_CLIENT_ID
, TAS_REFRESH_TOKEN_CLIENT_SECRET
, ENABLE_TAS_REFRESH_TOKEN_CLIENT_ID
parameters, and providing the Refresh token. The connector will generate a Refresh token using the Client ID and Secret ID env variables.
- ENABLE_TAS_REFRESH_TOKEN_CLIENT_ID: This is the setting to configure the alternative authentication mode on the Harness Delegate for Tanzu.
- TAS_REFRESH_TOKEN_CLIENT_ID: This is the Client ID parameter for Tanzu Authentication.
- TAS_REFRESH_TOKEN_CLIENT_SECRET: This is the Client Secret parameter for Tanzu Authentication.
Configure the delegate YAML
To configure the delegate YAML, do the following:
- Go to the Kubernetes delegate YAML (deployment) or the actual deployed resource.
- Under
spec.template.spec.containers.env
, add the following environment variables.
- name: ENABLE_TAS_REFRESH_TOKEN_CLIENT_ID
value: "true"
- name: TAS_REFRESH_TOKEN_CLIENT_ID
value: gam
- name: TAS_REFRESH_TOKEN_CLIENT_SECRET
value: public