This topic tells you how to install Build profile cluster by using a reduced values file.
Before installing the Build profile, follow all the steps in Install View cluster.
The following is the YAML file sample for the build-profile:
profile: build ceip_policy_disclosed: FALSE-OR-TRUE-VALUE # Installation fails if this is not set to true. Not a string. shared: ingress_domain: "INGRESS-DOMAIN" kubernetes_distribution: "openshift" # To be passed only for Openshift. Defaults to "". kubernetes_version: "K8S-VERSION" image_registry: project_path: "SERVER-NAME/REPO-NAME" # To be used by Build Service by appending "/buildservice" and used by Supply chain by appending "/workloads". secret: name: "KP-DEFAULT-REPO-SECRET" namespace: "KP-DEFAULT-REPO-SECRET-NAMESPACE" ca_cert_data: | # To be passed if using custom certificates. -----BEGIN CERTIFICATE----- MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY... -----END CERTIFICATE----- # The above shared keys can be overridden in the below section. buildservice: # Takes the value from the shared section by default, but can be overridden by setting a different value. kp_default_repository: "KP-DEFAULT-REPO" kp_default_repository_secret: name: "KP-DEFAULT-REPO-SECRET" namespace: "KP-DEFAULT-REPO-SECRET-NAMESPACE" supply_chain: testing_scanning ootb_supply_chain_testing_scanning: # Optional if the corresponding shared keys are provided. registry: server: "SERVER-NAME" repository: "REPO-NAME" gitops: ssh_secret: "SSH-SECRET-KEY" # (Optional) Defaults to "". scanning: metadataStore: url: "" # Configuration is moved, so set this string to empty. tap_telemetry: customer_entitlement_account_number: "CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER" # (Optional) Identify data for creating Tanzu Application Platform usage reports.
Installing Grype by using
tap-values.yamlas follows is deprecated in v1.6 and will be removed in v1.8:
grype: namespace: "MY-DEV-NAMESPACE" targetImagePullSecret: "TARGET-REGISTRY-CREDENTIALS-SECRET"
You can install Grype by using Namespace Provisioner instead.
K8S-VERSIONis the Kubernetes version used by your OpenShift cluster. It must be in the form of
xstands for the patch version. Examples:
KP-DEFAULT-REPOis a writable repository in your registry. The Tanzu Build Service dependencies are written to this location. Examples:
KP-DEFAULT-REPO-SECRETis the secret with user credentials that can write to
KP-DEFAULT-REPO. You can
docker pushto this location with this credential.
registry-credentialssecret created earlier.
KP-DEFAULT-REPO-SECRET-NAMESPACEis the namespace where
SERVER-NAMEis the host name of the registry server. Examples:
REPO-NAMEis where workload images are stored in the registry. Images are written to
SSH-SECRET-KEYis the SSH secret key in the developer namespace for the supply chain to fetch source code from and push configuration to. See Git authentication for more information.
METADATA-STORE-URL-ON-VIEW-CLUSTERis the URL of the Supply Chain Security Tools (SCST) - Store deployed on the View cluster. For example,
https://metadata-store.example.com. For information about
store-auth-token, see Multicluster setup.
MY-DEV-NAMESPACEis the name of the developer namespace. SCST - Scan deploys the
ScanTemplatesthere. This allows the scanning feature to run in this namespace.
TARGET-REGISTRY-CREDENTIALS-SECRETis the name of the Secret that contains the credentials to pull an image from the registry for scanning.
CUSTOMER-ENTITLEMENT-ACCOUNT-NUMBER(optional) refers to the Entitlement Account Number (EAN), which is a unique identifier VMware assigns to its customers. Tanzu Application Platform telemetry uses this number to identify data that belongs to a particular customers and prepare usage reports. See the Tanzu Kubernetes Grid documentation for more information about identifying the Entitlement Account Number.
When you install Tanzu Application Platform, it is bootstrapped with the
lite set of dependencies, including buildpacks and stacks, for application builds. For more information about buildpacks, see the VMware Tanzu Buildpacks Documentation. You can find the buildpack and stack artifacts installed with Tanzu Application Platform on Tanzu Network. You can update the dependencies by upgrading Tanzu Application Platform to the latest patch.
See Multicluster setup for more information about the value settings of
You must set the
scanning.metadatastore.url to an empty string if you’re installing Grype Scanner v1.2.0 and later or Snyk Scanner to deactivate the embedded SCST - Store integration.
If you use custom CA certificates, you must provide one or more PEM-encoded CA certificates under the
ca_cert_data key. If you configured
shared.ca_cert_data, Tanzu Application Platform component packages inherit that value by default.