Configure a Supply Chain using the Tanzu CLI
This topic tells you how to construct a SupplyChain configuration.
CautionTanzu Supply Chain is currently in beta and is not intended for production use. It is intended only for evaluation purposes for the next generation Supply Chain. For the current Supply Chain solution, see the Supply Chain Choreographer documentation.
Prerequisites
-
Install the Tanzu CLI and Tanzu Supply Chain CLI plug-in.
-
Ensure that Tanzu Supply Chain packages and Catalog Component packages are installed on the Tanzu Application Platform cluster that you are using to author your supply chain.
If you install Tanzu Supply Chain with the Authoring profile (recommended), these packages are automatically installed.
If you install Tanzu Supply Chain manually, you must install the packages individually.
SupplyChain configuration
SupplyChains can be configured to supply default and override values for each component. This allows a platform engineer to either pre-populate common default values for a component or override values to always be some value that the developer cannot edit.
Generate SupplyChain with overrides
Platform engineers generate SupplyChains with overrides to allow them to define values that cannot be changed by developers using the Workload (Developer API). By configuring overrides for each component in the SupplyChain, the generated Workload will not contain values that were overridden.
Overrides consist of:
path: The path to the configuration value, formatted as either:- The full path to the field you want to set.
- The path to any structure where all desired child fields must be set.
value: A string or YAML structured value.
Overrides use case
In this use case, as a platform engineer you want all built images to be accessible only through the organization’s QA registry:
-
Generate the SupplyChain by supplying the
--allow-overridesflag:tanzu supplychain generate \ --kind AppBuildV1 \ --description "Supply chain that pulls the source code from git repo, builds it using buildpacks and package the output as Carvel package." \ --component "source-git-provider-1.0.0" \ --component "buildpack-build-1.0.0" \ --component "conventions-1.0.0" \ --component "app-config-server-1.0.0" \ --component "carvel-package-1.0.0" \ --component "git-writer-pr-1.0.0" \ --allow-overridesThe Tanzu Supply Chain CLI plug-in creates the required files to deploy your
SupplyChainin the current directory:✓ Successfully fetched all component dependencies Created file supplychains/appbuildv1.yaml ... -
To configure overrides, open
supplychains/appbuildv1.yamlin your editor and scroll to the following section:... config: overrides: # Platform Engineer provided registry overrides - path: spec.registry.repository value: "YOUR-REGISTRY-REPO" - path: spec.registry.server value: "YOUR-REGISTRY-SERVER" # Platform Engineer provided build overrides - path: spec.build.builder.kind value: clusterbuilder - path: spec.build.builder.name value: default - path: spec.build.cache.enabled value: false - path: spec.build.cache.image value: "" - path: spec.build.serviceAccountName value: default # Platform Engineer provided carvel package component overrides - path: spec.carvel.caCertData value: "" - path: spec.carvel.iaasAuthEnabled value: false - path: spec.carvel.packageDomain value: "default.tap" - path: spec.carvel.serviceAccountName value: "default" - path: spec.carvel.valuesSecretName value: "" # Platform Engineer provided GitOps repo overrides - path: spec.gitOps.baseBranch value: main - path: spec.gitOps.branch value: main - path: spec.gitOps.subPath value: "YOUR-GITOPS-REPO-SUBPATH" - path: spec.gitOps.url value: "YOUR-GITOPS-REPO-URL" -
Configure overrides using either a full path to the field you want to set or a path to any structure where all desired child fields must be set. For example:
- Full path
-
This example is for the path
spec.registry.repository. In this example, there is no value forspec.registry.server, and thereforespec.registry.serveris not available to edit later in theWorkload.config: overrides: - path: spec.registry.repository value: "https://my-registry.url.com" - Path to any key representing a YAML object
-
Examples:
-
Path
spec.registry:config: overrides: - path: spec.registry value: repository: "https://my-registry.url.com" -
Path
spec. In this example, there is no value forspec.registry.server, it will not be available to modify in theWorkload.config: overrides: - path: spec value: registry: repository: "https://my-registry.url.com" -
Path
specwith empty value. This example results in aWorkloadwithout a spec.config: defaults: - path: spec value: {}
-
Generate SupplyChain with defaults
Platform engineers generate SupplyChains with defaults to allow them to define default values that can be changed by developers using the Workload (Developer API). By configuring defaults for each component in the SupplyChain, the generated Workload contains default values.
Defaults consist of:
path: path to the configuration value, formatted as either:- The full path to the field you want to set.
- The path to any structure where all desired child fields must be set.
value: String or YAML structured value.
Defaults use case
-
Generate the
SupplyChainby supplying the--allow-defaultsflag:tanzu supplychain generate \ --kind AppBuildV1 \ --description "Supply chain that pulls the source code from git repo, builds it using buildpacks and package the output as Carvel package." --component "source-git-provider-1.0.0" --component "buildpack-build-1.0.0" --component "conventions-1.0.0" \ --component "app-config-server-1.0.0" \ --component "carvel-package-1.0.0" \ --component "git-writer-pr-1.0.0" \ --allow-defaultsThe Tanzu Supply Chain CLI plug-in creates the required files to deploy your
SupplyChainin the current directory:✓ Successfully fetched all component dependencies Created file supplychains/appbuildv1.yaml ... -
To configure defaults, open the
supplychains/appbuildv1.yamlfile in your editor and navigate to the following section:... config: defaults: # Platform Engineer provided registry defaults - path: spec.registry.repository value: "YOUR-REGISTRY-REPO" - path: spec.registry.server value: "YOUR-REGISTRY-SERVER" # Platform Engineer provided build defaults - path: spec.build.builder.kind value: clusterbuilder - path: spec.build.builder.name value: default - path: spec.build.cache.enabled value: false - path: spec.build.cache.image value: "" - path: spec.build.serviceAccountName value: default # Platform Engineer provided carvel package component defaults - path: spec.carvel.caCertData value: "" - path: spec.carvel.iaasAuthEnabled value: false - path: spec.carvel.packageDomain value: "default.tap" - path: spec.carvel.serviceAccountName value: "default" - path: spec.carvel.valuesSecretName value: "" # Platform Engineer provided GitOps repo defaults - path: spec.gitOps.baseBranch value: main - path: spec.gitOps.branch value: main - path: spec.gitOps.subPath value: "YOUR-GITOPS-REPO-SUBPATH" - path: spec.gitOps.url value: "YOUR-GITOPS-REPO-URL" -
Configure defaults using either a full path to the field you want to set or a path to any structure where all desired child fields must be set.
- Full path
-
Example path
spec.registry.repository:config: defaults: - path: spec.registry.repository value: "https://my-default-registry.url.com" - Path to any key representing a YAML object
-
Examples
-
Path
spec.registry:config: defaults: - path: spec.registry value: repository: "https://my-default-registry.url.com" -
Path
spec:config: defaults: - path: spec value: registry: repository: "https://my-default-registry.url.com"
-
Reference Guides
SupplyChain API
Reference Guides
