Install Out of the Box Supply Chain with Testing and Scanning for Supply Chain Choreographer

This topic describes how you can install Out of the Box Supply Chain with Testing and Scanning for Supply Chain Choreographer from the Tanzu Application Platform package repository.

Note

Follow the steps in this topic if you do not want to use a profile to install Out of the Box Supply Chain with Testing and Scanning. For more information about profiles, see Components and installation profiles.

The Out of the Box Supply Chain with Testing and Scanning package provides a ClusterSupplyChain that brings an application from source code to a deployed instance that:

• Runs in a Kubernetes environment.
• Performs validations in terms of running application tests.
• Scans the source code and image for vulnerabilities.

Install

To install Out of the Box Supply Chain with Testing and Scanning:

1. Complete all prerequisites to install Tanzu Application Platform.

2. Install Supply Chain Choreographer.

3. Install Out of the Box Delivery Basic.

4. Install Tekton Pipelines.

5. Install Out of the Box Templates.

6. Ensure you do not have Out of The Box Supply Chain With Testing (ootb-supply-chain-testing.tanzu.vmware.com) installed:

   1. Run the following command:

      tanzu package installed list --namespace tap-install
      

   2. Inspect to determine if ootb-supply-chain-testing is in the output:

      NAME                                PACKAGE-NAME
      ootb-delivery-basic                 ootb-delivery-basic.tanzu.vmware.com
      ootb-supply-chain-testing           ootb-supply-chain-testing.tanzu.vmware.com
      ootb-templates                      ootb-templates.tanzu.vmware.com
      

   3. If you see ootb-supply-chain-testing in the list, uninstall it by running:

      tanzu package installed delete ootb-supply-chain-testing --namespace tap-install
      

      Example output:

      Deleting installed package 'ootb-supply-chain-testing' in namespace 'tap-install'.
      Are you sure? [y/N]: y
      
      | Uninstalling package 'ootb-supply-chain-testing' from namespace 'tap-install'
      \ Getting package install for 'ootb-supply-chain-testing'
      - Deleting package install 'ootb-supply-chain-testing' from namespace 'tap-install'
      | Deleting admin role 'ootb-supply-chain-testing-tap-install-cluster-role'
      | Deleting role binding 'ootb-supply-chain-testing-tap-install-cluster-rolebinding'
      | Deleting secret 'ootb-supply-chain-testing-tap-install-values'
      | Deleting service account 'ootb-supply-chain-testing-tap-install-sa'
      
       Uninstalled package 'ootb-supply-chain-testing' from namespace 'tap-install'
      

7. Check the values of the package that can be configured by running:

   tanzu package available get ootb-supply-chain-testing-scanning.tanzu.vmware.com/0.15.6 \
     --values-schema \
     -n tap-install
   

   For example:

   KEY                                   DESCRIPTION
   
   registry.repository                    Name of the repository in the image registry server where the application
                                          images from the workload should be pushed (required).
   
   registry.server                        Name of the registry server where application images should be pushed to
                                          (required).
   
   source.credentials_secret              Name of a Secret in the developer namespace which provides the credentials to the
                                          source code repository.
   
   gitops.server_address                  Default server address to be used for forming Git URLs for pushing
                                          Kubernetes configuration produced by the supply chain. This must
                                          include the scheme/protocol (e.g. https:// or ssh://)
   
   gitops.repository_owner                Default project or user of the repository. Used to create URLs for pushing
                                          Kubernetes configuration produced by the supply chain.
   
   gitops.repository_name                 Default repository name used for forming Git URLs for pushing Kubernetes
                                          configuration produced by the supply chain.
   
   gitops.username                        Default user name to be used for the commits produced by the supply chain.
   
   gitops.branch                          Default branch to use for pushing Kubernetes configuration files produced
                                          by the supply chain.
   
   gitops.commit_message                  Default git commit message to write when publishing Kubernetes
                                          configuration files produces by the supply chain to git.
   
   gitops.email                           Default user email to be used for the commits produced by the supply chain.
   
   gitops.credentials_secret              Name of a Secret in the developer namespace which provides the credentials to the
                                          GitOps repository.
   
   gitops.ssh_secret                      DEPRECATED: Use gitops.credentials_secret and source.credentials_secret instead.
                                          Name of the default Secret containing SSH credentials to lookup in the
                                          developer namespace for the supply chain to fetch source code from and
                                          push configuration to.
   
   gitops.commit_strategy                 Specification of how commits are made to the branch; directly or through a
                                          pull request.
   
   gitops.repository_prefix               DEPRECATED: Use server_address and repository_owner instead.
                                          Default prefix to be used for forming Git SSH URLs for pushing Kubernetes
                                          configuration produced by the supply chain.
   
   gitops.pull_request.server_kind         The git source control platform used
   
   gitops.pull_request.commit_branch       The branch to which commits will be made, before opening a pull request
                                          to the branch specified in .gitops.branch If the string "" is specified,
                                          an essentially random string will be used for the branch name, in order
                                          to prevent collisions.
   
   gitops.pull_request.pull_request_title  The title for the pull request
   
   gitops.pull_request.pull_request_body   Any further information to add to the pull request
   
   cluster_builder           Name of the Tanzu Build Service ClusterBuilder to
                             use by default on image objects managed by the supply chain.
   
   service_account           Name of the service account in the namespace where the Workload
                             is submitted to utilize for providing registry credentials to
                             Tanzu Build Service Image objects as well as deploying the
                             application.
   

8. Create a file named ootb-supply-chain-testing-scanning-values.yaml that specifies the corresponding values to the properties you want to change. For example:

   registry:
     server: REGISTRY-SERVER
     repository: REGISTRY-REPOSITORY
   
   source:
     credentials_secret: source-creds
   
   gitops:
     server_address: https://github.com/
     repository_owner: vmware-tanzu
     branch: main
     username: supplychain
     email: supplychain
     commit_message: [email protected]
     credentials_secret: gitops-creds
     commit_strategy: direct
   
   cluster_builder: default
   service_account: default
   

   Important

   The gitops.repository_prefix field must end with /.

9. With the configuration ready, install the package by running:

   tanzu package install ootb-supply-chain-testing-scanning \
     --package ootb-supply-chain-testing-scanning.tanzu.vmware.com \
     --version 0.15.6 \
     --namespace tap-install \
     --values-file ootb-supply-chain-testing-scanning-values.yaml
   

   Example output:

   \ Installing package 'ootb-supply-chain-testing-scanning.tanzu.vmware.com'
   | Getting package metadata for 'ootb-supply-chain-testing-scanning.tanzu.vmware.com'
   | Creating service account 'ootb-supply-chain-testing-scanning-tap-install-sa'
   | Creating cluster admin role 'ootb-supply-chain-testing-scanning-tap-install-cluster-role'
   | Creating cluster role binding 'ootb-supply-chain-testing-scanning-tap-install-cluster-rolebinding'
   | Creating secret 'ootb-supply-chain-testing-scanning-tap-install-values'
   | Creating package resource
   - Waiting for 'PackageInstall' reconciliation for 'ootb-supply-chain-testing-scanning'
   \ 'PackageInstall' resource install status: Reconciling
   
   Added installed package 'ootb-supply-chain-testing-scanning' in namespace 'tap-install'