This topic tells you how to update your Tanzu Build Service (commonly known as TBS) dependencies.

Keeping applications up to date with the latest dependency patches is a core feature of Tanzu Build Service. Updates to dependencies are propagated to application images.

The resources that account for these patches are ClusterStacks. Update a ClusterStack to patch operating system packages.

Update dependencies

This section describes how to update dependencies in an online environment.

Enable automatic dependencies update

You can configure automatic dependencies updates for Tanzu Build Service dependencies. Within a version line, only patch versions are incremented to avoid any possible breaking changes. You can customize the packages that you want the automatic dependency updater to update through the tbs-values.yaml or your full dependencies values.

1. Add the following to your tbs-values.yaml file:

     dependency_updates:
       allow: true
       scope: SCOPE
       include_packages: [""]
       exclude_packages: [""]
   

   Where:

   • SCOPE is the list of dependencies you want to be updated. The options are:
     • stacks-only (default): Only stacks and builders are updated
     • all: Stacks, builders, and buildpacks are updated
     • custom: This list is empty by default. To add the packages you want updated, use the include_packages key.

   Note: You must update the Tanzu Build Service package install and the Full Dependencies package install after changing tbs-values.yaml file.

2. Create a secret for VMware Tanzu Network using the Tanzu CLI:

   tanzu secret registry add tanzunet-creds \
     --server "registry.tanzu.vmware.com" \
     --username "${TANZUNET_REGISTRY_USERNAME}" \
     --password "${TANZUNET_REGISTRY_PASSWORD}" \
     --namespace ${INSTALL_NAMESPACE} \
     --export-to-all-namespaces
   

3. Add the Tanzu Build Service Dependency Updates package repository by running:

   kubectl apply -f - <<EOF
     apiVersion: packaging.carvel.dev/v1alpha1
     kind: PackageRepository
     metadata:
       name: tbs-dependencies-package-repository
       namespace: tap-install
     spec:
       fetch:
         imgpkgBundle:
           image: registry.tanzu.vmware.com/build-service-dependency-updater/package-repo
           tagSelection:
             semver:
               constraints: "VERSION-CONSTRAINT"
   EOF
   

   Where VERSION-CONSTRAINT is the corresponding Tanzu Application Platform version in the format MAJOR.MINOR.x. For example, 1.8.x.

For more information about adding new buildpack versions or updating buildpacks out of band, see Creating Custom Cluster Buildpacks.

Cluster stacks update

The kapp controller now manages cluster stacks. You must create new resources and reference them in your builder if you want to change them. For more information about managing stacks, see Managing Stacks.

Cluster store update

Tanzu Build Service now uses ClusterBuildpacks instead of ClusterStores. You can still use ClusterStores but VMware recommends that you use ClusterBuildpacks. For more information about creating ClusterBuildpacks, see Creating custom ClusterBuildpacks page.

Update dependencies (offline)

This section describes how to update dependencies in an air-gapped (offline) environment.

Enable automatic dependency updates - air-gapped

You can also configure automatic dependency updates for Tanzu Build Service dependencies in air-gapped environments.

Prerequisites: These steps assume the cluster already has a secret for your internal repository.

To enable automatic dependency updates in an air-gapped environment:

1. Add the following to your tbs-values.yaml file:

     dependency_updates:
     allow: true
     scope: SCOPE
     include_packages: [""]
     exclude_packages: [""]
   

   Where:

   • SCOPE is the list of dependencies you want to be updated. The options are:
     • stacks-only (default): Only stacks and builders are updated
     • all: Stacks, builders, and buildpacks are updated
     • custom: This list is empty by default. To add the packages you want updated, use the include_packages key.

   Note: You must update the Tanzu Build Service package install and the Full Dependencies package install after changing tbs-values.yaml file.

2. Login to registry.tanzu.vmware.com and your internal repository on a machine that has access to your internal repository.

3. Relocate the dependency updater package repository with imgpkg to the internal repository.

4. Add the Tanzu Build Service Dependency Updates package repository by running:

   Important: The automatic dependency updater follows a different version than Tanzu Build Service. It uses the Tanzu Application Package version to align with the recommended installation method. Tanzu Build Service v1.13 corresponds to dependency version 1.8.x.

   kubectl apply -f - <<EOF
     apiVersion: packaging.carvel.dev/v1alpha1
     kind: PackageRepository
     metadata:
       name: tbs-dependencies-package-repository
       namespace: tap-install
     spec:
       fetch:
         imgpkgBundle:
           image: INTERNAL-REPO-REF
           tagSelection:
             semver:
               constraints: "VERSION-CONSTRAINT"
   EOF
   

   Where:

   • INTERNAL-REPO-REF is the location of the package repository. This is the internal container image registry for air-gapped installs.
   • VERSION-CONSTRAINT is the corresponding Tanzu Application Platform version in the format MAJOR.MINOR.x. For example, 1.8.x.

5. Set up a job to watch registry.tanzu.vmware.com/build-service-dependency-updater/package-repo for changes and then relocate to the internal repo by running:

   imgpkg copy \
     -b build-service-dependency-updater/package-repo:VERSION \
     --to-repo=${INTERNAL_REPOSITORY}
   

   Where VERSION is the latest version of the Tanzu Build Service Dependency Updater package for the Tanzu Build service minor.

   The cluster will watch the internal repo. This step is optional, but updates are not completely automatic without it.