CautionTanzu Supply Chain is currently in beta and is not intended for production use. It is intended only for evaluation purposes of the next generation Supply Chain. For the current Supply Chain solution, see the Supply Chain Choreographer documentation.
This section introduces the catalog of components shipped with TAP. You will find all of these components in the “authoring” profile.
Version: 1.0.0
Generates configuration for a Server application from a Conventions PodIntent. Server applications contain a K8s Deployment and Service and can be configured with Ingress.
Name | Type |
---|---|
conventions | conventions |
Name | Type |
---|---|
oci-yaml-files | oci-yaml-files |
oci-ytt-files | oci-ytt-files |
spec:
# Configuration for the registry to use
registry:
# The name of the registry server, e.g. docker.io
# +required
server:
# The name of the repository
# +required
repository:
Version: 1.0.0
Generates configuration for a Web application from a Conventions PodIntent. Web applications contain a Knative Service.
Name | Type |
---|---|
conventions | conventions |
Name | Type |
---|---|
oci-yaml-files | oci-yaml-files |
oci-ytt-files | oci-ytt-files |
spec:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
Version: 1.0.0
Generates configuration for a Worker application from a Conventions PodIntent. Worker applications contain a K8s Deployment.
Name | Type |
---|---|
conventions | conventions |
Name | Type |
---|---|
oci-yaml-files | oci-yaml-files |
oci-ytt-files | oci-ytt-files |
spec:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
Version: 1.0.0
Builds an app with buildpacks using kpack
Name | Type |
---|---|
source | source |
git | git |
Name | Type |
---|---|
image | image |
spec:
# Registry to use
registry:
# The registry address
# +required
server:
# The repository to use
# +required
repository:
# Kpack build specification
build:
# Service account to use
serviceAccountName:
env:
# Configure workload to use a non-default builder or clusterbuilder
builder:
# builder kind
kind:
# builder name
name:
# cache options
cache:
# whether to use a cache image
enabled:
# cache image to use
image:
source:
# path inside the source to build from (build has no access to paths above the subPath)
subPath:
Version: 1.0.0
Generates a carvel package from OCI images containing raw YAML files and YTT files.
Name | Type |
---|---|
oci-yaml-files | oci-yaml-files |
oci-ytt-files | oci-ytt-files |
Name | Type |
---|---|
package | package |
spec:
# Configuration for the generated Carvel Package
carvel:
# The name of the Carvel Package. Combines with spec.carvel.packageDomain to create the Package refName. If set to "", will use the workload name.
packageName:
# Service account that gives kapp-controller privileges to create resources in the namespace.
serviceAccountName:
# Name of the values Secret that provides customized values to the package installation's templating steps.
valuesSecretName:
# PEM encoded certificate data for the image registry where the files will be pushed to.
caCertData:
# Enable the use of IAAS based authentication for imgpkg.
iaasAuthEnabled:
# The domain of the Carvel Package. Combines with spec.carvel.packageName to create the Package refName. If set to "", will use "default.tap".
packageDomain:
gitOps:
# the branch to commit changes to
branch:
# the relative path within the gitops repository to add the package configuration to.
subPath:
# the repository to push the pull request to
url:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
Version: 1.0.0
The Conventions component analyzes the image
input as described in the Cartographer Conventions documentation and produces a conventions
output image.
Depends on: - Managed Resource Controller. - Tanzu Carvel Package: managed-resource-controller.apps.tanzu.vmware.com @ >=0.1.2
- Conventions Controller - Tanzu Carvel Package: cartographer.tanzu.vmware.com @ >= 0.8.10
Name | Type |
---|---|
image | image |
Name | Type |
---|---|
conventions | conventions |
spec:
# May contain an optional array of objects. Each object is a pair of keys: `name` and either `value` or `valueFrom`.
# The Conventions component will translate these values into environment variables in the output object.
env:
Version: 1.0.0
Deploys K8s resources to the cluster.
Name | Type |
---|---|
package | package |
spec:
# The path to the yaml to be applied to the cluster.
subPath:
# The path to the yaml to be applied to the cluster
# +required
path:
Version: 1.0.0
Writes carvel package config directly to a gitops repository
Name | Type |
---|---|
package | package |
spec:
gitOps:
# the repository to push the pull request to
# +required
url:
# the branch to commit changes to
branch:
# the relative path within the gitops repository to add the package configuration to.
subPath:
Version: 1.0.0
Writes carvel package config to a gitops repository and opens a PR
Name | Type |
---|---|
package | package |
Name | Type |
---|---|
git-pr | git-pr |
spec:
gitOps:
# the base branch to create PRs against
baseBranch:
# the relative path within the gitops repository to add the package configuration to.
subPath:
# the repository to push the pull request to
# +required
url:
Version: 1.0.0
Builds an app with kaniko
Name | Type |
---|---|
source | source |
git | git |
Name | Type |
---|---|
image | image |
spec:
# Kaniko build specification
build:
# path to dockerfile to build
dockerfile:
# extra args to pass to kaniko build
extra-args:
# Registry to use
registry:
# The repository to use
# +required
repository:
# The registry address
# +required
server:
Version: 1.0.0
The SonarQube Supply Chain component performs a Static Application Security Testing (SAST) scan by using the Maven CLI and the Sonar plug-in against the source input.
Name | Type |
---|---|
source | source |
spec:
sonarqube:
# This is the URL of the sonar server.
# +required
sonar-host-url:
# This is the path to the directory to scan from the repository root.
sonar-project-base-dir:
# This is the project key for the sonar project. If not set it will be the same as the project name.
sonar-project-key:
# This is the display name of the project in the sonar server.
# +required
sonar-project-name:
# This is the Sonarqube project token. See the Sonarqube documentation for more details: https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/.
# +required
sonar-token:
Version: 1.0.0
Source git provider retrieves source code and monitors a git repository.
Name | Type |
---|---|
source | source |
git | git |
spec:
source:
# Use this object to retrieve source from a git repository.
# The tag, commit and branch fields are mutually exclusive, use only one.
# +required
git:
# A git branch ref to watch for new source
branch:
# A git commit sha to use
commit:
# A git tag ref to watch for new source
tag:
# The url to the git source repository
# +required
url:
# The sub path in the bundle to locate source code
subPath:
Version: 1.0.0
Takes the type source and immediately outputs it as type package.
Name | Type |
---|---|
source | source |
Name | Type |
---|---|
package | package |
none
Version: 1.0.0
Performs a trivy image scan using the scan 2.0 components
Name | Type |
---|---|
image | image |
git | git |
spec:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
source:
# Fill this object in if you want your source to come from git.
# The tag, commit and branch fields are mutually exclusive, use only one.
# +required
git:
# A git branch ref to watch for new source
branch:
# A git commit sha to use
commit:
# A git tag ref to watch for new source
tag:
# The url to the git source repository
# +required
url:
# The sub path in the bundle to locate source code
subPath:
# Image Scanning configuration
scanning:
service-account-scanner:
workspace:
size:
bindings:
active-keychains:
service-account-publisher:
Version: 1.0.0
Performs a SonarQube sast scan
Name | Type |
---|---|
git | git |
spec:
source:
# This is used to retrieve source from a git repository.
# The tag, commit and branch fields are mutually exclusive, use only one.
# +required
git:
# A git branch ref to watch for new source
branch:
# A git commit sha to use
commit:
# A git tag ref to watch for new source
tag:
# The url to the git source repository
# +required
url:
# The sub path in the bundle to locate source code
subPath:
# SonarQube Scan configuration
sonarqube:
# SonarQube server url
# +required
sonar-host-url:
# The project display name in the SonarQube server
# +required
sonar-project-name:
# The project key defined in the SonarQube server
sonar-project-key:
# SonarQube project token
# +required
sonar-token:
# Path to the directory to scan from the source code root
sonar-project-base-dir: