Configure your target endpoint and certificate for Supply Chain Security Tools - Store

This topic describes how you can configure your target endpoint and certificate for Supply Chain Security Tools (SCST) - Store.

Overview

The connection to SCST - Store requires TLS encryption, and the configuration depends on the kind of installation.

For a production environment, VMware recommends that SCST - Store is installed with ingress enabled. The following instructions help set up the TLS connection if you deployed with ingress enabled.

Using Ingress

When using an Ingress setup, SCST - Store creates a specific TLS Certificate for HTTPS communications under the metadata-store namespace.

Set the endpoint host to:

metadata-store.INGRESS-DOMAIN

Where INGRESS-DOMAIN is the value of the ingress_domain property in your deployment YAML

Example:

metadata-store.example.domain.com
Note

In a multicluster setup, a DNS record is required for the domain. The following instructions for single cluster setup do not apply.

Single-cluster setup

In a single-cluster setup, a DNS record is still recommended. However, if no accessible DNS record exists for the domain, edit the /etc/hosts file to add a local record:

ENVOY_IP=$(kubectl get svc envoy -n tanzu-system-ingress -o jsonpath="{.status.loadBalancer.ingress[0].ip}")

# Replace with your domain
METADATA_STORE_DOMAIN="metadata-store.example.domain.com"

# Delete any previously added entry
sudo sed -i '' "/$METADATA_STORE_DOMAIN/d" /etc/hosts

echo "$ENVOY_IP $METADATA_STORE_DOMAIN" | sudo tee -a /etc/hosts > /dev/null

Next Step

Configure access token

Additional Resources

For information about deploying SCST - Store without Ingress, see:

check-circle-line exclamation-circle-line close-line
Scroll to top icon