This topic tells you how to configure Artifact Metadata Repository (AMR).
You can obtain the Tanzu Application Platform values schema by running:
tanzu package available get amr-observer.apps.tanzu.vmware.com/${VERSION} --values-schema --namespace tap-install
The following example is an AMR Observer configuration, located under the amr
key in the Tanzu Application Platform values file:
amr:
observer:
location: |
labels:
- key: env
value: prod
resync_period: "10h"
ca_cert_data: |
-----BEGIN CERTIFICATE-----
Custom CA certificate for AMR CloudEvent Handler's HTTPProxy with custom TLS certs
-----END CERTIFICATE-----
cloudevent_handler:
endpoint: "https://amr-cloudevent-handler.DOMAIN"
liveness_period_seconds: 10
auth:
kubernetes_service_accounts:
enable: true
autoconfigure: true
secret:
ref: "amr-observer-edit-token"
value: ""
max_concurrent_reconciles:
image_vulnerability_scans: 1
Where DOMAIN
is the domain you want to target.
Configuration options:
amr.observer.location
labels
: Consists of an array for key and value pairing. Useful for adding searchable and identifiable metadata. For enabling DORA functionality, it is important to have a label named env
. For more information, see DORA metrics in Tanzu Developer Portal.amr.observer.resync_period
resync_period
decides the minimum frequency at which watched resources reconcile. A lower period corrects entropy more quickly, but reduce responsiveness to change if there are many watched resources. Change this value only if you know what you are doing. Defaults to 10 hours if unset.amr.observer.ca_cert_data
or shared.ca_cert_data
ca_cert_data
adds certificates to the truststore that amr-observer uses.kubectl -n metadata-store get secrets/amr-cloudevent-handler-ingress-cert -o jsonpath='{.data."crt.ca"}' | base64 -d
amr.observer.cloudevent_handler.endpoint
http://amr-cloudevent-handler.metadata-store.svc.cluster.local:80
kubectl -n metadata-store get httpproxies.projectcontour.io amr-cloudevent-handler-ingress -o jsonpath='{.spec.virtualhost.fqdn}'
NoteEnsure that you set the correct protocol. If there is TLS, you must prepend
https://
. If there is no TLS, you must prependhttp://
.
amr.observer.cloudevent_handler.liveness_period_seconds
10
amr.observer.auth.kubernetes_service_accounts
.enable
true
.autoconfigure
true
.secret
.ref
.value
amr.observer.deployed_through_tmc
null
deployed_through_tmc
to true.MultiClusterPropertyCollector
overwrites existing Observer package configuration values. For the workaround, see the known issue.amr.observer.max_concurrent_reconciles
.image_vulnerability_scans
1
amr.graphql.auth.kubernetes_service_accounts
.enable
.autoconfigure
true
amr.cloudevent_handler.auth.kubernetes_service_accounts
.enable
.autoconfigure
true