Developer namespace setup for Supply Chain Security Tools - Store
This topic tells how you to set up your developer namespace for Supply Chain Security Tools (SCST) - Store.
Overview
After you finish installing Tanzu Application Platform, you are ready to configure the developer namespace. When you configure a developer namespace, you must export the SCST - Store certificate authority (CA) certificate and authentication token to the namespace. This enables SCST - Scan to find the credentials to send scan results to SCST - Store.
There are two ways to deploy Tanzu Application Platform:
- The single-cluster method, which uses the Tanzu Application Platform values file
- THe multicluster method, which uses
SecretExport
Single cluster - using the Tanzu Application Platform values file
To use tap-values.yaml to deploy Tanzu Application Platform, if using a single cluster:
-
When deploying the Tanzu Application Platform Full or Build profile, edit
tap-values.yamlas follows:metadata_store: ns_for_export_app_cert: "DEV-NAMESPACE"Where
DEV-NAMESPACEis the name of the developer namespace.The
ns_for_export_app_certsupports only one namespace at a time. If you have multiple namespaces, you can replace this value with a"*". For example:metadata_store: ns_for_export_app_cert: "*"
CautionThe use
"*"entails exporting the CA to all namespaces. Consider whether this increased visibility is a risk.
-
Update Tanzu Application Platform to apply the changes by running:
tanzu package installed update tap -f tap-values.yaml -n tap-install
Multicluster - using SecretExport
In a multicluster deployment, follow the steps in [Multicluster setup for SCST - Scan 1.0](../scst-scan/multicluster-setup-scan-v1.hbs.md, which describe how to create secrets and export secrets to developer namespaces.
Next steps
If you arrived in this topic from Out of the Box Supply Chain with Testing and Scanning for Supply Chain Choreographer, return to that topic and continue with the instructions.
