The following is the YAML file sample for the build-profile:
profile: build
ceip_policy_disclosed: FALSE-OR-TRUE-VALUE # Installation fails if this is not set to true. Not a string.
buildservice:
kp_default_repository: "KP-DEFAULT-REPO"
kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME"
kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD"
tanzunet_username: "TANZUNET-USERNAME"
tanzunet_password: "TANZUNET-PASSWORD"
supply_chain: testing_scanning
ootb_supply_chain_testing_scanning:
registry:
server: "SERVER-NAME"
repository: "REPO-NAME"
gitops:
ssh_secret: "SSH-SECRET-KEY"
scanning:
metadataStore:
url: "METADATA-STORE-URL-ON-VIEW-CLUSTER"
caSecret:
name: store-ca-cert
importFromNamespace: metadata-store-secrets
authSecret:
name: store-auth-token
grype:
namespace: "MY-DEV-NAMESPACE" # (optional) Defaults to default namespace.
targetImagePullSecret: "TARGET-REGISTRY-CREDENTIALS-SECRET"
Where:
KP-DEFAULT-REPO
is a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
kp_default_repository: "my-harbor.io/my-project/build-service"
kp_default_repository: "my-dockerhub-user/build-service"
or kp_default_repository: "index.docker.io/my-user/build-service"
kp_default_repository: "gcr.io/my-project/build-service"
KP-DEFAULT-REPO-USERNAME
is the user name that can write to KP-DEFAULT-REPO
. You can docker push
to this location with this credential.
kp_default_repository_username: _json_key
KP-DEFAULT-REPO-PASSWORD
is the password for the user that can write to KP-DEFAULT-REPO
. You can docker push
to this location with this credential. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service for details.
TANZUNET-USERNAME
and TANZUNET-PASSWORD
are the email address and password that you use to log in to VMware Tanzu Network. Your VMware Tanzu Network credentials enable you to configure the dependencies updater. This resource accesses and installs the build dependencies (buildpacks and stacks) Tanzu Build Service needs on your cluster. It can also optionally keep these dependencies up to date as new versions are released on VMware Tanzu Network. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service.DESCRIPTOR-NAME
is the name of the descriptor to import. For more information, see Descriptors. Available options are:
lite
is the default if not set. It has a smaller footprint, which enables faster installations.full
is optimized to speed up builds and includes dependencies for all supported workload types.SERVER-NAME
is the host name of the registry server. Examples:
server: "my-harbor.io"
.server: "index.docker.io"
.server: "gcr.io"
.REPO-NAME
is where workload images are stored in the registry. Images are written to SERVER-NAME/REPO-NAME/workload-name
. Examples:
repository: "my-project/supply-chain"
.repository: "my-dockerhub-user"
.repository: "my-project/supply-chain"
.SSH-SECRET-KEY
is the SSH secret key in the developer namespace for the supply chain to fetch source code from and push configuration to.METADATA-STORE-URL-ON-VIEW-CLUSTER
references the URL of the Supply Chain Security Tools (SCST) - Store deployed on the View cluster. For more information, see SCST - Store’s Ingress and multicluster support for additional details.MY-DEV-NAMESPACE
is the namespace where you want to deploy the ScanTemplates
. This is the namespace where the scanning feature runs.TARGET-REGISTRY-CREDENTIALS-SECRET
is the name of the Secret that contains the credentials to pull an image from the registry for scanning. If built images are pushed to the same registry as Tanzu Application Platform images, you can reuse the tap-registry
Secret created in Add the Tanzu Application Platform package repository.Note: When you install Tanzu Application Platform, it is bootstrapped with a set of dependencies (buildpacks and stacks) for application builds. For more information about buildpacks, see the VMware Tanzu Buildpacks Documentation. You can find the buildpack and stack artifacts installed with Tanzu Application Platform in the descriptor file on Tanzu Network. The current installed version of the descriptor is 100.0.293. Sometimes the dependencies get out of date and require updates. You can do this using a manual process in a CI/CD context, or an automatic update process in the background by Tanzu Application Platform.