CautionTanzu Supply Chain is currently in beta and is not intended for production use. It is intended only for evaluation purposes for the next generation Supply Chain. For the current Supply Chain solution, see the Supply Chain Choreographer documentation.
This section introduces the catalog of components shipped with Tanzu Application Platform (commonly known as TAP). You can find all of these components in the Authoring profile.
Version: 1.0.0
app-config-server
generates configuration for a server application from a Conventions PodIntent
. Server applications contain a Kubernetes deployment and service and can be configured with Ingress.
Name | Type |
---|---|
conventions |
conventions |
Name | Type |
---|---|
oci-yaml-files |
oci-yaml-files |
oci-ytt-files |
oci-ytt-files |
spec:
# Configuration for the registry to use
registry:
# The name of the registry server, e.g. docker.io
# +required
server:
# The name of the repository
# +required
repository:
Version: 1.0.0
app-config-web
generates configuration for a web application from a Conventions PodIntent
. Web applications contain a Knative Service.
Name | Type |
---|---|
conventions |
conventions |
Name | Type |
---|---|
oci-yaml-files |
oci-yaml-files |
oci-ytt-files |
oci-ytt-files |
spec:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
Version: 1.0.0
Generates configuration for a Worker application from a Conventions PodIntent
. Worker applications contain a Kubernetes Deployment.
Name | Type |
---|---|
conventions |
conventions |
Name | Type |
---|---|
oci-yaml-files |
oci-yaml-files |
oci-ytt-files |
oci-ytt-files |
spec:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
Version: 1.0.0
Builds an app with buildpacks using kpack
Name | Type |
---|---|
source |
source |
git |
git |
Name | Type |
---|---|
image |
image |
spec:
# Registry to use
registry:
# The registry address
# +required
server:
# The repository to use
# +required
repository:
# Kpack build specification
build:
# Service account to use
serviceAccountName:
env:
# Configure workload to use a non-default builder or clusterbuilder
builder:
# builder kind
kind:
# builder name
name:
# cache options
cache:
# whether to use a cache image
enabled:
# cache image to use
image:
source:
# path inside the source to build from (build has no access to paths above the subPath)
subPath:
Version: 1.0.0
carvel-package
generates a carvel package from OCI images containing raw YAML files and YTT files.
Name | Type |
---|---|
oci-yaml-files |
oci-yaml-files |
oci-ytt-files |
oci-ytt-files |
Name | Type |
---|---|
package |
package |
spec:
# Configuration for the generated Carvel Package
carvel:
# The name of the Carvel Package. Combines with spec.carvel.packageDomain to create the Package refName. If set to "", will use the workload name.
packageName:
# Service account that gives kapp-controller privileges to create resources in the namespace.
serviceAccountName:
# Name of the values Secret that provides customized values to the package installation's templating steps.
valuesSecretName:
# PEM encoded certificate data for the image registry where the files will be pushed to.
caCertData:
# Enable the use of IAAS based authentication for imgpkg.
iaasAuthEnabled:
# The domain of the Carvel Package. Combines with spec.carvel.packageName to create the Package refName. If set to "", will use "default.tap".
packageDomain:
gitOps:
# the branch to commit changes to
branch:
# the relative path within the gitops repository to add the package configuration to.
subPath:
# the repository to push the pull request to
url:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
Version: 1.0.0
The conventions
component analyzes the image
input as described in the Cartographer Conventions documentation and produces a conventions
output image.
conventions
depends on:
managed-resource-controller.apps.tanzu.vmware.com @ >=0.1.2
cartographer.tanzu.vmware.com @ >= 0.8.10
Name | Type |
---|---|
image |
image |
Name | Type |
---|---|
conventions |
conventions |
spec:
# May contain an optional array of objects. Each object is a pair of keys: `name` and either `value` or `valueFrom`.
# The Conventions component will translate these values into environment variables in the output object.
env:
Version: 1.0.0
deployer
deploys Kubernetes resources to the cluster.
Name | Type |
---|---|
package | package |
There are no outputs.
spec:
# The path to the yaml to be applied to the cluster.
subPath:
# The path to the yaml to be applied to the cluster
# +required
path:
Version: 1.0.0
git-writer
writes carvel package configuration directly to a GitOps repository.
Name | Type |
---|---|
package |
package |
There are no outputs.
spec:
gitOps:
# the repository to push the pull request to
# +required
url:
# the branch to commit changes to
branch:
# the relative path within the gitops repository to add the package configuration to.
subPath:
Version: 1.0.0
git-writer-pr
writes carvel package configuration to a GitOps repository and opens a PR.
Name | Type |
---|---|
package |
package |
Name | Type |
---|---|
git-pr |
git-pr |
spec:
gitOps:
# the base branch to create PRs against
baseBranch:
# the relative path within the gitops repository to add the package configuration to.
subPath:
# the repository to push the pull request to
# +required
url:
Version: 1.0.0
kaniko-build
builds an app with kaniko.
Name | Type |
---|---|
source |
source |
git |
git |
Name | Type |
---|---|
image |
image |
spec:
# Kaniko build specification
build:
# path to dockerfile to build
dockerfile:
# extra args to pass to kaniko build
extra-args:
# Registry to use
registry:
# The repository to use
# +required
repository:
# The registry address
# +required
server:
Version: 1.0.0
sonarqube-sast-scan
performs a Static Application Security Testing (SAST) scan by using the Maven or Gradle Sonar plug-in against the source input.
Name | Type |
---|---|
source |
source |
There are no outputs.
spec:
sonarqube:
# This is the URL of the Sonar server.
# +required
sonar-host-url:
# This is the path to the directory to scan from the repository root.
sonar-project-base-dir:
# This is the project key for the Sonar project. If not set it is the same as the project name.
sonar-project-key:
# This is the display name of the project in the Sonar server.
# +required
sonar-project-name:
# This is the name of the secret that contains the SonarQube project token. See the SonarQube documentation for more details: https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/.
# +required
sonar-token-secret-name:
# This is the project type of source. Only maven or gradle are supported.
# +required
project-type:
# This is the URL to download the JDK version compatible with the source project. If not given, the default JDK version installed in the task image is used.
jdk-url:
# This is for enabling debug logs in the scan. It expects true or false. It is false by default.
debug-mode:
Version: 1.0.0
source-git-provider
retrieves source code and monitors a Git repository.
There are no inputs.
Name | Type |
---|---|
source |
source |
git |
git |
spec:
source:
# Use this object to retrieve source from a git repository.
# The tag, commit and branch fields are mutually exclusive, use only one.
# +required
git:
# A git branch ref to watch for new source
branch:
# A git commit sha to use
commit:
# A git tag ref to watch for new source
tag:
# The url to the git source repository
# +required
url:
# The sub path in the bundle to locate source code
subPath:
Version: 1.0.0
source-package-translator
takes the type source and immediately outputs it as type package.
Name | Type |
---|---|
source | source |
Name | Type |
---|---|
package | package |
There is no configuration.
Version: 1.0.0
trivy-image-scan
performs a Trivy image scan using the scan 2.0 components.
Name | Type |
---|---|
image |
image |
git |
git |
There are no outputs.
spec:
# Configuration for the registry to use
registry:
# The name of the repository
# +required
repository:
# The name of the registry server, e.g. docker.io
# +required
server:
source:
# Fill this object in if you want your source to come from git.
# The tag, commit and branch fields are mutually exclusive, use only one.
# +required
git:
# A git branch ref to watch for new source
branch:
# A git commit sha to use
commit:
# A git tag ref to watch for new source
tag:
# The url to the git source repository
# +required
url:
# The sub path in the bundle to locate source code
subPath:
# Image Scanning configuration
scanning:
service-account-scanner:
workspace:
size:
bindings:
active-keychains:
service-account-publisher:
Version: 1.0.0
sonarqube-sast-scan
performs a SonarQube SAST scan.
Name | Type |
---|---|
git |
git |
There are no outputs.
spec:
source:
# This is used to retrieve source from a git repository.
# The tag, commit and branch fields are mutually exclusive. Use only one field.
# +required
git:
# A git branch ref to watch for new source
branch:
# A git commit SHA to use
commit:
# A git tag ref to watch for new source
tag:
# The URL to the git source repository
# +required
url:
# The sub path in the bundle to locate source code
subPath:
# SonarQube Scan configuration
sonarqube:
# SonarQube server URL
# +required
sonar-host-url:
# The project display name in the SonarQube server
# +required
sonar-project-name:
# The project key defined in the SonarQube server
sonar-project-key:
# The name of the secret that contains the SonarQube project token
# +required
sonar-token-secret-name:
# Path to the directory to scan from the source code root
sonar-project-base-dir:
# The project type of source. Only maven or gradle are supported.
# +required
project-type:
# The URL to download the JDK version compatible with the source project
jdk-url:
# Enable debug logs in the scan. It expects true or false.
debug-mode: