The following is the YAML file sample for the build-profile:
profile: build ceip_policy_disclosed: FALSE-OR-TRUE-VALUE # Installation fails if this is not set to true. Not a string. buildservice: kp_default_repository: "KP-DEFAULT-REPO" kp_default_repository_username: "KP-DEFAULT-REPO-USERNAME" kp_default_repository_password: "KP-DEFAULT-REPO-PASSWORD" tanzunet_username: "TANZUNET-USERNAME" tanzunet_password: "TANZUNET-PASSWORD" supply_chain: testing_scanning ootb_supply_chain_testing_scanning: registry: server: "SERVER-NAME" repository: "REPO-NAME" gitops: ssh_secret: "SSH-SECRET-KEY" scanning: metadataStore: url: "METADATA-STORE-URL-ON-VIEW-CLUSTER" caSecret: name: store-ca-cert importFromNamespace: metadata-store-secrets authSecret: name: store-auth-token grype: namespace: "MY-DEV-NAMESPACE" # (optional) Defaults to default namespace. targetImagePullSecret: "TARGET-REGISTRY-CREDENTIALS-SECRET"
KP-DEFAULT-REPOis a writable repository in your registry. Tanzu Build Service dependencies are written to this location. Examples:
KP-DEFAULT-REPO-USERNAMEis the user name that can write to
KP-DEFAULT-REPO. You can
docker pushto this location with this credential.
KP-DEFAULT-REPO-PASSWORDis the password for the user that can write to
KP-DEFAULT-REPO. You can
docker pushto this location with this credential. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service for details.
TANZUNET-PASSWORDare the email address and password that you use to log in to VMware Tanzu Network. Your VMware Tanzu Network credentials enable you to configure the dependencies updater. This resource accesses and installs the build dependencies (buildpacks and stacks) Tanzu Build Service needs on your cluster. It can also optionally keep these dependencies up to date as new versions are released on VMware Tanzu Network. This credential can also be configured by using a Secret reference. For more information, see Install Tanzu Build Service.
DESCRIPTOR-NAMEis the name of the descriptor to import. For more information, see Descriptors. Available options are:
liteis the default if not set. It has a smaller footprint, which enables faster installations.
fullis optimized to speed up builds and includes dependencies for all supported workload types.
SERVER-NAMEis the host name of the registry server. Examples:
REPO-NAMEis where workload images are stored in the registry. Images are written to
SSH-SECRET-KEYis the SSH secret key in the developer namespace for the supply chain to fetch source code from and push configuration to.
METADATA-STORE-URL-ON-VIEW-CLUSTERreferences the URL of the Supply Chain Security Tools (SCST) - Store deployed on the View cluster. For more information, see SCST - Store’s Ingress and multicluster support for additional details.
MY-DEV-NAMESPACEis the namespace where you want to deploy the
ScanTemplates. This is the namespace where the scanning feature runs.
TARGET-REGISTRY-CREDENTIALS-SECRETis the name of the Secret that contains the credentials to pull an image from the registry for scanning. If built images are pushed to the same registry as Tanzu Application Platform images, you can reuse the
tap-registrySecret created in Add the Tanzu Application Platform package repository.
Note: When you install Tanzu Application Platform, it is bootstrapped with a set of dependencies (buildpacks and stacks) for application builds. For more information about buildpacks, see the VMware Tanzu Buildpacks Documentation. You can find the buildpack and stack artifacts installed with Tanzu Application Platform in the descriptor file on Tanzu Network. The current installed version of the descriptor is 100.0.293. Sometimes the dependencies get out of date and require updates. You can do this using a manual process in a CI/CD context, or an automatic update process in the background by Tanzu Application Platform.