This topic tells you how to configure Artifact Metadata Repository (AMR).
You can obtain the Tanzu Application Platform values schema by running:
tanzu package available get amr-observer.apps.tanzu.vmware.com/${VERSION} --values-schema \
--namespace tap-install
The following example is AMR Observer configuration that is located under the amr
key in the Tanzu Application Platform values file:
amr:
observer:
location: |
labels:
- key: environment
value: prod
resync_period: "10h"
ca_cert_data: |
-----BEGIN CERTIFICATE-----
Custom CA certificate for AMR CloudEvent Handler's HTTPProxy with custom TLS certs
-----END CERTIFICATE-----
cloudevent_handler:
endpoint: "https://amr-cloudevent-handler.DOMAIN"
liveness_period_seconds: 10
auth:
kubernetes_service_accounts:
enable: true
autoconfigure: true
secret:
ref: "amr-observer-edit-token"
value: ""
max_concurrent_reconciles:
image_vulnerability_scans: 1
Where DOMAIN
is the domain you want to target.
Configuration options:
amr.observer.location
""
labels
, which consists of an array for a key and value pairing. It is useful for adding searchable and identifiable metadata. For enabling DORA functions, include a label named env
. For more information, see DORA metrics in Tanzu Developer Portal.amr.observer.resync_period
"10h"
resync_period
decides the minimum frequency at which watched resources reconcile. A lower period corrects entropy more quickly, but reduces responsiveness to change if there are many watched resources. Change this value with caution. It is 10 hours by default if unset.amr.observer.ca_cert_data
or shared.ca_cert_data
""
ca_cert_data
adds certificates to the truststore
that amr-observer
uses.kubectl -n metadata-store get secrets/amr-cloudevent-handler-ingress-cert -o \
jsonpath='{.data."crt.ca"}' | base64 -d
amr.observer.cloudevent_handler.endpoint
http://amr-cloudevent-handler.metadata-store.svc.cluster.local:80
kubectl -n metadata-store get httpproxies.projectcontour.io amr-cloudevent-handler-ingress -o \
jsonpath='{.spec.virtualhost.fqdn}'
NoteEnsure that you set the correct protocol. If there is TLS, you must prepend
https://
. If there is no TLS, you must prependhttp://
.
amr.observer.cloudevent_handler.liveness_period_seconds
10
amr.observer.auth.kubernetes_service_accounts
.enable
true
.autoconfigure
true
.secret
cloudevent-handler
.ref
""
.value
""
amr.observer.deployed_through_tmc
null
deployed_through_tmc
to true
.amr.observer.max_concurrent_reconciles
.image_vulnerability_scans
1
ImageVulnerabilityScans
.When deploying with TMC, MultiClusterPropertyCollector
overwrites existing Observer package configuration values. For the workaround, see the known issue.
amr.graphql.auth.kubernetes_service_accounts
.enable
true
.autoconfigure
true
amr.cloudevent_handler.auth.kubernetes_service_accounts
.enable
true
.autoconfigure
true