This topic tells how you to set up your developer namespace for Supply Chain Security Tools (SCST) - Store.
After you finish installing Tanzu Application Platform, you are ready to configure the developer namespace. When you configure a developer namespace, you must export the SCST - Store certificate authority (CA) certificate and authentication token to the namespace. This enables SCST - Scan to find the credentials to send scan results to SCST - Store.
There are two ways to deploy Tanzu Application Platform:
SecretExport
To use tap-values.yaml
to deploy Tanzu Application Platform, if using a single cluster:
When deploying the Tanzu Application Platform Full or Build profile, edit tap-values.yaml
as follows:
metadata_store:
ns_for_export_app_cert: "DEV-NAMESPACE"
Where DEV-NAMESPACE
is the name of the developer namespace.
The ns_for_export_app_cert
supports only one namespace at a time. If you have multiple namespaces, you can replace this value with a "*"
. For example:
metadata_store:
ns_for_export_app_cert: "*"
CautionThe use
"*"
entails exporting the CA to all namespaces. Consider whether this increased visibility is a risk.
Update Tanzu Application Platform to apply the changes by running:
tanzu package installed update tap -f tap-values.yaml -n tap-install
In a multicluster deployment, follow the steps in Multicluster setup for SCST - Store, which describe how to create secrets and export secrets to developer namespaces.
If you arrived in this topic from Out of the Box Supply Chain with Testing and Scanning for Supply Chain Choreographer, return to that topic and continue with the instructions.