Skip to main content

Add a Tanzu Application Service (TAS) connector

This topic describes how to set up the Harness Delegate in your TAS environment and add the cloud provider used to connect to your Tanzu cloud for deployment.

Install the Harness Delegate

Harness Delegate is a service you run in your local network or VPC to connect your artifacts, TAS infrastructure, and any other providers with the Harness Manager.

Expand the following section to learn how to install the Harness Delegate.

Use the delegate installation wizard
  1. In your Harness project, select Project Setup.
  2. Select Delegates.
  3. Select Install a Delegate.
  4. Follow the instructions in the delegate installation wizard.

Use this delegate installation wizard video to guide you through the process.

Use the terminal

What is Harness Delegate?

Harness Delegate is a lightweight worker process that is installed on your infrastructure and communicates only via outbound HTTP/HTTPS to the Harness Platform. This enables the Harness Platform to leverage the delegate to execute the CI/CD and other tasks on your behalf, without any of your secrets leaving your network.

You can install the Harness Delegate on either Docker or Kubernetes.

Install Harness Delegate

Create a new delegate token

Log in to the Harness Platform and go to Account Settings -> Account Resources -> Delegates. Select the Tokens tab. Select +New Token, and enter a token name, for example firstdeltoken. Select Apply. Harness Platform generates a new token for you. Select Copy to copy and store the token in a temporary file. You will provide this token as an input parameter in the next installation step. The delegate will use this token to authenticate with the Harness Platform.

Get your Harness account ID

Along with the delegate token, you will also need to provide your Harness accountId as an input parameter during delegate installation. This accountId is present in every Harness URL. For example, in the following URL:

https://app.harness.io/ng/#/account/6_vVHzo9Qeu9fXvj-AcQCb/settings/overview

6_vVHzo9Qeu9fXvj-AcQCb is the accountId.

Now you are ready to install the delegate on either Docker or Kubernetes.

Prerequisite

Ensure that you have access to a Kubernetes cluster. For the purposes of this tutorial, we will use minikube.

Install minikube

  • On Windows:
choco install minikube
  • On macOS:
brew install minikube

Now start minikube with the following config.

minikube start --memory 4g --cpus 4

Validate that you have kubectl access to your cluster.

kubectl get pods -A

Now that you have access to a Kubernetes cluster, you can install the delegate using any of the options below.

Install the Helm chart

As a prerequisite, you must have Helm v3 installed on the machine from which you connect to your Kubernetes cluster.

You can now install the delegate using the delegate Helm chart. First, add the harness-delegate Helm chart repo to your local Helm registry.

helm repo add harness-delegate https://app.harness.io/storage/harness-download/delegate-helm-chart/
helm repo update
helm search repo harness-delegate

We will use the harness-delegate/harness-delegate-ng chart in this tutorial.

NAME                                    CHART VERSION   APP VERSION DESCRIPTION                                
harness-delegate/harness-delegate-ng 1.0.8 1.16.0 A Helm chart for deploying harness-delegate

Now we are ready to install the delegate. The following example installs/upgrades firstk8sdel delegate (which is a Kubernetes workload) in the harness-delegate-ng namespace using the harness-delegate/harness-delegate-ng Helm chart.

To install the delegate, do the following:

  1. In Harness, select Deployments, then select your project.

  2. Select Delegates under Project Setup.

  3. Select Install a Delegate to open the New Delegate dialog.

  4. Select Helm Chart under Install your Delegate.

  5. Copy the helm upgrade command.

  6. Run the command.

The command uses the default values.yaml located in the delegate-helm-chart GitHub repo. If you want change one or more values in a persistent manner instead of the command line, you can download and update the values.yaml file as per your need. You can use the updated values.yaml file as shown below.

helm upgrade -i firstk8sdel --namespace harness-delegate-ng --create-namespace \
harness-delegate/harness-delegate-ng \
-f values.yaml \
--set delegateName=firstk8sdel \
--set accountId=PUT_YOUR_HARNESS_ACCOUNTID_HERE \
--set delegateToken=PUT_YOUR_DELEGATE_TOKEN_HERE \
--set managerEndpoint=PUT_YOUR_MANAGER_HOST_AND_PORT_HERE \
--set delegateDockerImage=harness/delegate:23.02.78306 \
--set replicas=1 --set upgrader.enabled=false

Deploy using a custom role

During delegate installation, you have the option to deploy using a custom role. To use a custom role, you must edit the delegate YAML file.

Harness supports the following custom roles:

  • cluster-admin
  • cluster-viewer
  • namespace-admin
  • custom cluster roles

To deploy using a custom cluster role, do the following:

  1. Open the delegate YAML file in your text editor.

  2. Add the custom cluster role to the roleRef field in the delegate YAML.

    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: harness-delegate-cluster-admin
    subjects:
    - kind: ServiceAccount
    name: default
    namespace: harness-delegate-ng
    roleRef:
    kind: ClusterRole
    name: cluster-admin
    apiGroup: rbac.authorization.k8s.io
    ---

    In this example, the cluster-admin role is defined.

  3. Save the delegate YAML file.

Verify delegate connectivity

Select Continue. After the health checks pass, your delegate is available for you to use. Select Done and verify your new delegate is listed.

Helm chart & Terraform Helm provider

Delegate Available

Kubernetes manifest

Delegate Available

Docker

Delegate Available

You can now route communication to external systems in Harness connectors and pipelines by selecting this delegate via a delegate selector.

Delegate selectors do not override service infrastructure connectors. Delegate selectors only determine the delegate that executes the operations of your pipeline.

Troubleshooting

The delegate installer provides troubleshooting information for each installation process. If the delegate cannot be verified, select Troubleshoot for steps you can use to resolve the problem. This section includes the same information.

Harness asks for feedback after the troubleshooting steps. You are asked, Did the delegate come up?

If the steps did not resolve the problem, select No, and use the form to describe the issue. You'll also find links to Harness Support and to Delegate docs.

Use the following steps to troubleshoot your installation of the delegate using Helm.

  1. Verify that Helm is correctly installed:

    Check for Helm:

    helm

    And then check for the installed version of Helm:

    helm version

    If you receive the message Error: rendered manifests contain a resource that already exists..., delete the existing namespace, and retry the Helm upgrade command to deploy the delegate.

    For further instructions on troubleshooting your Helm installation, go to Helm troubleshooting guide.

  2. Check the status of the delegate on your cluster:

    kubectl describe pods -n <namespace>
  3. If the pod did not start, check the delegate logs:

    kubectl logs -f <harnessDelegateName> -n <namespace>

    If the state of the delegate pod is CrashLoopBackOff, check your allocation of compute resources (CPU and memory) to the cluster. A state of CrashLoopBackOff indicates insufficent Kubernetes cluster resources.

  4. If the delegate pod is not healthy, use the kubectl describe command to get more information:

    kubectl describe <pod_name> -n <namespace>

To learn more, watch the Delegate overview video.

Install the Cloud Foundry Command Line Interface (cf CLI) on your Harness Delegate

After the delegate pods are created, you must edit your Harness Delegate YAML to install CF CLI v7, autoscaler, and Create-Service-Push plugins.

  1. Open delegate.yaml in a text editor.

  2. Locate the environment variable INIT_SCRIPT in the Deployment object.

    - name: INIT_SCRIPT  
    value: ""
  3. Replace value: "" with the following script to install CF CLI, autoscaler, and Create-Service-Push plugins.

    info

    Harness Delegate uses Red Hat–based distributions such as Red Hat Enterprise Linux (RHEL) or Red Hat Universal Base Image (UBI). Hence, we recommend that you use microdnf commands to install CF CLI on your delegate. If you are using a package manager in Debian-based distributions such as Ubuntu, use apt-get commands to install CF CLI on your delegate.

    info

    Make sure to use your API token for pivnet login in the following script.

- name: INIT_SCRIPT  
value: |
# update package manager, install necessary packages, and install CF CLI v7
microdnf update
microdnf install yum
microdnf install --nodocs unzip yum-utils
microdnf install -y yum-utils
echo y | yum install wget
wget -O /etc/yum.repos.d/cloudfoundry-cli.repo https://packages.cloudfoundry.org/fedora/cloudfoundry-cli.repo
echo y | yum install cf7-cli -y

# autoscaler plugin
# download and install pivnet
wget -O pivnet https://github.com/pivotal-cf/pivnet-cli/releases/download/v0.0.55/pivnet-linux-amd64-0.0.55 && chmod +x pivnet && mv pivnet /usr/local/bin;
pivnet login --api-token=<replace with api token>

# download and install autoscaler plugin by pivnet
pivnet download-product-files --product-slug='pcf-app-autoscaler' --release-version='2.0.295' --product-file-id=912441
cf install-plugin -f autoscaler-for-pcf-cliplugin-linux64-binary-2.0.295

# install Create-Service-Push plugin from community
cf install-plugin -r CF-Community "Create-Service-Push"

# verify cf version
cf --version

# verify plugins
cf plugins
  1. Apply the profile to the delegate profile and check the logs.

    The output for cf --version is cf version 7.2.0+be4a5ce2b.2020-12-10.

    Here is the output for cf plugins.

    App Autoscaler        2.0.295   autoscaling-apps              Displays apps bound to the autoscaler
    App Autoscaler 2.0.295 autoscaling-events Displays previous autoscaling events for the app
    App Autoscaler 2.0.295 autoscaling-rules Displays rules for an autoscaled app
    App Autoscaler 2.0.295 autoscaling-slcs Displays scheduled limit changes for the app
    App Autoscaler 2.0.295 configure-autoscaling Configures autoscaling using a manifest file
    App Autoscaler 2.0.295 create-autoscaling-rule Create rule for an autoscaled app
    App Autoscaler 2.0.295 create-autoscaling-slc Create scheduled instance limit change for an autoscaled app
    App Autoscaler 2.0.295 delete-autoscaling-rule Delete rule for an autoscaled app
    App Autoscaler 2.0.295 delete-autoscaling-rules Delete all rules for an autoscaled app
    App Autoscaler 2.0.295 delete-autoscaling-slc Delete scheduled limit change for an autoscaled app
    App Autoscaler 2.0.295 disable-autoscaling Disables autoscaling for the app
    App Autoscaler 2.0.295 enable-autoscaling Enables autoscaling for the app
    App Autoscaler 2.0.295 update-autoscaling-limits Updates autoscaling instance limits for the app
    Create-Service-Push 1.3.2 create-service-push, cspush Works in the same manner as cf push, except that it will create services defined in a services-manifest.yml file first before performing a cf push.
    note

    The CF Command script does not require cf login. Harness logs in by using the credentials in the TAS cloud provider set up in the infrastructure definition for the workflow executing the CF Command.

Add the Harness TAS provider

You can connect Harness to a TAS space by adding a TAS connector.

Perform the following steps to add a TAS connector.

  1. Open a Harness project, and then select Connectors under Project Setup.

  2. Select New Connector, and select Tanzu Application Service under Cloud Providers.

  3. Enter a connector name, enter an optional description and tag, and then select Continue.

    Harness automatically creates an ID for the connector. The ID is based on the connector's name.

  4. Enter the TAS Endpoint URL. For example, https://api.system.tas-mycompany.com.

  5. In Authentication, select one of the following options:

    • Plaintext - Enter the username and password. For password, you can either create a new secret or use an existing one.
    • Encrypted - Enter the username and password. You can create a new secret for your username and password or use exiting ones.
  6. Select Continue.

  7. In Connect to the provider, select Connect through a Harness Delegate, and then select Continue.

    We don't recommend using the Connect through Harness Platform option here because you'll need a delegate later for connecting to your TAS environment. Typically, the Connect through Harness Platform option is a quick way to make connections without having to use delegates.

  8. In Set Up Delegates, select the Connect using Delegates with the following Tags option, and then enter the name of the delegate you created earlier.

  9. Select Save and Continue.

  10. Once the test connection succeeds, select Finish.

    The connector now appears in the Connectors list.