Security Model

This topic tells you about the security model for Tanzu Supply Chain. This security model is for executing stages of a Supply Chain where workloads exist in a separate namespace to the Supply Chain.

Caution

Tanzu Supply Chain is currently in beta and is not intended for production use. It is intended only for evaluation purposes of the next generation Supply Chain. For the current Supply Chain solution, see the Supply Chain Choreographer documentation.

Diagram of the Security Model that depicts the cluster scope, the supply chain namespace, and the workload namespace.

Runs for associated workloads are created in the same namespace as the workload.

Stages, Resumptions, TaskRuns, and PipelineRuns are created by default in the Supply Chain namespace. This gives the components in these stages visibility over platform secrets in the Supply Chain namespace.

If you want a stage of a pipeline to execute in the workload namespace, use the securityContext.runAs setting. For example, you can allow a source component to retrieve the source from a developer-controlled repository by using secrets that the developer provides in the workload namespace.

For more information, see the securityContext specification in the SupplyChain API topic.

check-circle-line exclamation-circle-line close-line
Scroll to top icon