Skip to content

Latest commit

 

History

History
2433 lines (2022 loc) · 69 KB

ootb-template-reference.hbs.md

File metadata and controls

2433 lines (2022 loc) · 69 KB

Template reference

All the objects referenced in this topic are Cartographer Templates packaged in Out of the Box Templates. Their purpose, the one or more objects they create, the supply chains that include them, and the parameters they use are detailed in this topic.

source-template

Purpose

Creates an object to fetch source code and make that code available to other objects in the supply chain. See Building from Source.

Used by

Creates

The source-template creates one of three objects, either:

  • GitRepository. Created if the workload has .spec.source.git defined.
  • MavenArtifact. Created if the template is provided a value for the parameter maven.
  • ImageRepository. Created if the workload has .spec.source.image defined.

GitRepository

GitRepository makes source code from a particular commit available as a tarball in the cluster. Other resources in the supply chain can then access that code.

Parameters
Parameter name Meaning Example
gitImplementation The library used to fetch source code. If not provided, Tanzu Application Platform's default implementation uses go-git, which works with the providers supported by Tanzu Application Platform: GitHub and GitLab. An alternate value that can be used with other Git providers is libgit2. ` - name: gitImplementation value: libgit2`
gitops_ssh_secret Name of the secret used to provide credentials for the Git repository. The secret with this name must exist in the same namespace as the Workload. The credentials must be sufficient to read the repository. If not provided, Tanzu Application Platform defaults to look for a secret named git-ssh. See Git authentication. ` - name: gitops_ssh_secret value: git-credentials`

Note Some Git providers, notably Azure DevOps, require you to use libgit2 due to the server-side implementation providing support only for git's v2 protocol. For information about the features supported by each implementation, see git implementation in the flux documentation.

More information

For an example using the Tanzu CLI to create a Workload using GitHub as the provider of source code, see Create a workload from GitHub repository.

For information about GitRepository objects, see GitRepository.

ImageRepository

ImageRepository makes the contents of a container image available as a tarball on the cluster.

Parameters
Parameter name Meaning Example
serviceAccount Name of the service account, providing credentials to `ImageRepository` for fetching container images. The service account must exist in the same namespace as the Workload. ` - name: serviceAccount value: default`

Note When using the Tanzu CLI to configure this serviceAccount parameter, use --param serviceAccount=.... The similarly named --service-account flag sets a different value: the spec.serviceAccountName key in the Workload object.

More information

For information about the ImageRepository resource, see the ImageRepository reference documentation.

For information about how to use the Tanzu CLI to create a workload leveraging ImageRepository, see Create a workload from local source code.

MavenArtifact

MavenArtifact makes a pre-built Java artifact available to as a tarball on the cluster.

While the source-template leverages the workload's .spec.source field when creating a GitRepository or ImageRepository object, the creation of the MavenArtifact relies only on parameters in the Workload.

Parameters
Parameter name Meaning Example
maven Points to the Maven artifact to fetch and the polling interval. ` - name: maven value: artifactId: springboot-initial groupId: com.example version: RELEASE classifier: sources # optional type: jar # optional artifactRetryTimeout: 1m0s # optional` maven_repository_url Specifies the Maven repository from which to fetch ` - name: maven_repository_url value: https://repo1.maven.org/maven2/` maven_repository_secret_name Specifies the secret containing credentials necessary to fetch from the Maven repository. The secret named must exist in the same workspace as the workload. ` - name: maven_repository_secret_name value: auth-secret`
More information

For information about the custom resource, see MavenArtifact reference docs.

For information about how to use the custom resource with the tanzu apps workload CLI plug-in Create a Workload from Maven repository artifact.

testing-pipeline

Purpose

Tests the source code provided in the supply chain. Testing depends on a user provided Tekton Pipeline. Parameters for this template allow for selection of the proper Pipeline and for specification of additional values to pass to the Pipeline.

Used by

These are used as the source-tester resource.

Creates

testing-pipelinecreates a Runnable object. This Runnable provides inputs to the ClusterRunTemplate named tekton-source-pipelinerun.

Parameters

Parameter name Meaning Example
testing_pipeline_matching_labels Set of labels to use when searching for Tekton Pipeline objects in the same namespace as the Workload. By default, a Pipeline labeled as `apps.tanzu.vmware.com/pipeline: test` is selected. ` - name: testing_pipeline_matching_labels value: apps.tanzu.vmware.com/pipeline: test my.company/language: golang`
testing_pipeline_params Set of parameters to pass to the Tekton Pipeline. To this set of parameters, the template always adds the source URL and revision as `source-url` and `source-revision`. ` - name: testing_pipeline_params value: - name: verbose value: true - name: foo value: bar`

More information

For information about the ClusterRunTemplate that pairs with the Runnable, read tekton-source-pipelinerun

For information about the Tekton Pipeline that the user must create, read the OOTB Supply Chain Testing documentation of the Pipeline

source-scanner-template

Purpose

Scans the source code for vulnerabilities.

Used by

This is used as the source-scanner resource.

Creates

SourceScan

Parameters

Parameter name Meaning Example
scanning_source_template Name of the ScanTemplate object to use for running the scans. The ScanTemplate must be in the same namespace as the Workload. ` - name: scanning_source_template value: private-source-scan-template `
scanning_source_policy Name of the ScanPolicy object to use when evaluating the scan results of a source scan. The ScanPolicy must be in the same namespace as the Workload. ` - name: scanning_source_policy value: allowlist-policy `

More information

For information about how to set up the Workload namespace with the ScanPolicy and ScanTemplate required for this resource, see Out of the Box Supply Chain with Testing and Scanning.

For information about the SourceScan custom resource, see SourceScan reference.

For information about how the artifacts found during scanning are catalogued, see Supply Chain Security Tools for Tanzu – Store.

image-provider-template

Purpose

Fetches a container image of a prebuilt application, specified in the workload's .spec.image field. This makes the content-addressable name, (e.g. the image name containing the digest) available to other resources in the supply chain.

Used by

These are used as the image-provider resource.

Creates

ImageRepository.source.apps.tanzu.vmware.com

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account providing credentials for the target image registry. The service account must exist in the same namespace as the Workload. ` - name: serviceAccount value: default`

Note When using the Tanzu CLI to configure this serviceAccount parameter, use --param serviceAccount=.... The similarly named --service-account flag sets a different value: the spec.serviceAccountName key in the Workload object.

More information

For information about the ImageRepository resource, see ImageRepository reference docs.

For information about prebuilt images, see Using a prebuilt image.

kpack-template

Purpose

Builds an container image from source code using cloud native buildpacks.

Used by

These are used as the image-provider resource when the workload parameter dockerfile is not defined.

Creates

Image.kpack.io

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account providing credentials for the configured image registry. `Image` uses these credentials to push built container images to the registry. The service account must exist in the same namespace as the Workload. ` - name: serviceAccount value: default`
clusterBuilder Name of the Kpack Cluster Builder to use. ` - name: clusterBuilder value: nodejs-cluster-builder`
buildServiceBindings Definition of a list of service bindings to make use at build time. For example, providing credentials for fetching dependencies from repositories that require credentials. ` - name: buildServiceBindings value: - name: settings-xml kind: Secret apiVersion: v1`
live-update Enable the use of Tilt's live-update function. ` - name: live-update value: "true" `

Note When using the Tanzu CLI to configure this serviceAccount parameter, use --param serviceAccount=.... The similarly named --service-account flag sets a different value: the spec.serviceAccountName key in the Workload object.

More information

For information about the integration with Tanzu Build Service, see Tanzu Build Service Integration.

For information about live-update, see Developer Conventions and Overview of Tanzu Developer Tools for IntelliJ.

For information about using Kpack builders with clusterBuilder, see Builders.

For information about buildServiceBindings, see Service Bindings.

kaniko-template

Purpose

Build an image for source code that includes a Dockerfile.

Used by

These are used as the image-provider resource when the workload parameter dockerfile is defined.

Creates

A taskrun.tekton.dev which provides configuration to a Tekton ClusterTask to build an image with kaniko.

This template uses the lifecycle: tekton flag to create new immutable objects rather than updating the previous object.

Parameters

Parameter name Meaning Example
dockerfile relative path to the Dockerfile file in the build context `./Dockerfile`
docker_build_context relative path to the directory where the build context is `.`
docker_build_extra_args List of flags to pass directly to kaniko,such as providing arguments to a build. `- --build-arg=FOO=BAR`
serviceAccount Name of the service account to use for providing Docker credentials. The service account must exist in the same namespace as the Workload. The service account must have a secret associated with the credentials. See Configuring authentication for Docker in the Tekton documentation. ` - name: serviceAccount value: default `
registry Specification of the registry server and repository in which the built image is placed. ` - name: registry value: server: index.docker.io repository: web-team `

More information

For information about how to use Dockerfile-based builds and limits associated with the function, see Dockerfile-based builds.

For information about lifecycle:tekton, read Cartographer Lifecycle.

image-scanner-template

Purpose

Scans the container image for vulnerabilities, persists the results in a store, and prevents the image from moving forward if CVEs are found which are not compliant with its referenced ScanPolicy.

Used by

Creates

ImageScan.scanning.apps.tanzu.vmware.com

Parameters

Parameter name Meaning Example
scanning_image_template Name of the ScanTemplate object for running the scans against a container image. The ScanTemplate must be in the same namespace as the Workload. ` - name: scanning_image_template value: private-image-scan-template `
scanning_image_policy Name of the ScanPolicy object for evaluating the scan results of an image scan. The ScanPolicy must be in the same namespace as the Workload. ` - name: scanning_image_policy value: allowlist-policy `

More information

For information about the ImageScan custom resource, see ImageScan reference.

For information about how the artifacts found during scanning are catalogued, see Supply Chain Security Tools for Tanzu – Store.

convention-template

Purpose

Create the PodTemplateSpec for the Kubernetes configuration (e.g. the knative service or kubernetes deployment) which are applied to the cluster.

Used by

Creates

Creates a PodIntent object. The PodIntent leverages conventions installed on the cluster. The PodIntent object is responsible for generating a PodTemplateSpec. The PodTemplateSpec is used in app configs, such as knative services and deployments, to represent the shape of the pods to run the application in containers.

Parameters

Parameter name Meaning Example
serviceAccount Name of the serviceAccount providing necessary credentials to `PodIntent`. The serviceAccount must be in the same namespace as the Workload. The serviceAccount is set as the `serviceAccountName` in the podtemplatespec. The credentials associated with the serviceAccount must allow fetching the container image used to inspect the metadata passed to convention servers. ` - name: serviceAccount value: default `
annotations Extra set of annotations to pass down to the PodTemplateSpec. ` - name: annotations value: name: my-application version: v1.2.3 team: store `
debug Put the workload in debug mode. ` - name: debug value: "true" `
live-update Enable live-updating of the code (for innerloop development). ` - name: live-update value: "true" `

Note When using the Tanzu CLI to configure this serviceAccount parameter, use --param serviceAccount=.... The similarly named --service-account flag sets a different value: the spec.serviceAccountName key in the Workload object.

More information

For information about PodTemplateSpec, see PodTemplateSpec in the Kubernetes documentation.

For information about conventions, see Cartographer Conventions.

For information about the two convention servers enabled by default in Tanzu Application Platform installations, see Developer Conventions and Spring Boot Conventions.

config-template

Purpose

For workloads with the label apps.tanzu.vmware.com/workload-type: web, define a knative service.

Used by

Creates

A ConfigMap, in which the data field has a key delivery.yaml whose value is the definition of a knative service.

Parameters

None

More information

See workload types for more details about the three different types of workloads.

worker-template

Purpose

For workloads with the label apps.tanzu.vmware.com/workload-type: worker, define a Kubernetes Deployment.

Used by

Creates

A ConfigMap, in which the data field has a key delivery.yaml whose value is the definition of a Kubernetes Deployment.

Parameters

None

More information

For information about the three different types of workloads, see workload types.

server-template

Purpose

For workloads with the label apps.tanzu.vmware.com/workload-type: server, define a Kubernetes Deployment and a Kubernetes Service.

Used by

Creates

A ConfigMap, in which the data field has a key delivery.yaml whose value is the definitions of a Kubernetes Deployment and a Kubernetes Service to expose the pods.

Parameters

Parameter name Meaning Example
ports Set of network ports to expose from the application to the Kubernetes cluster. ` - name: ports value: - containerPort: 2025 name: smtp port: 25 `

More information

For information about the three different types of workloads, see workload types.

For information about the ports parameter, see server-specific Workload parameters.

service-bindings

Purpose

Adds ServiceBindings to the set of Kubernetes configuration files.

Used by

Creates

A ConfigMap. This template consumes input of multiple deployment YAML files and enriches the input with ResourceClaims and ServiceBindings if the workload contains serviceClaims.

Parameters

Parameter name Meaning Example
annotations Extra set of annotations to pass down to the ServiceBinding and ResourceClaim objects. ` - name: annotations value: name: my-application version: v1.2.3 team: store `

More information

For an example, see --service-ref in the Tanzu CLI documentation.

For an overview of the function, see Consume services on Tanzu Application Platform.

api-descriptors

Purpose

The api-descriptor resource takes care of adding an APIDescriptor to the set of Kubernetes objects to deploy such that API auto registration takes place.

Used by

Creates

A ConfigMap. This template consumes input of multiple YAML files and enriches the input with an APIDescriptor if the workload has a label apis.apps.tanzu.vmware.com/register-api == to true.

Parameters

Parameter name Meaning Example
annotations Extra set of annotations to pass down to the APIDescriptor object. ` - name: annotations value: name: my-application version: v1.2.3 team: store `
api_descriptor Information used to fill the state that you want of the APIDescriptor object (its spec). ` - name: api_descriptor value: type: openapi location: baseURL: http://petclinic-hard-coded.my-apps.tapdemo.vmware.com/ path: "/v3/api owner: team-petclinic system: pet-clinics description: "example" `

More information

For information about API auto registration, see Use API Auto Registration.

config-writer-template

Purpose

Persist in an external system, such as a registry or git repository, the Kubernetes configuration passed to the template.

Used by

Creates

A runnable which creates a Tekton TaskRun that refers either to the Tekton Task git-writer or the Tekton Task image-writer.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account which provides the credentials to the registry or repository. The service account must exist in the same namespace as the Workload. ` - name: serviceAccount value: default `
gitops_branch Name of the branch to push the configuration to. ` - name: gitops_branch value: main `
gitops_user_name User name to use in the commits. ` - name: gitops_user_name value: "Alice Lee" `
gitops_user_email User email address to use in the commits. ` - name: gitops_user_email value: [email protected] `
gitops_commit_message Message to write as the body of the commits produced for pushing configuration to the Git repository. ` - name: gitops_commit_message value: "ci bump" `
gitops_repository The full repository URL to which the configuration is committed. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/cartographer" `
gitops_repository_prefix The prefix of the repository URL. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/" `
gitops_server_address The server URL of the Git repository to which configuration is applied. ` - name: gitops_server_address value: "https://github.com/" `
gitops_repository_owner The owner/organization to which the repository belongs. ` - name: gitops_repository_owner value: vmware-tanzu `
gitops_repository_name The name of the repository. ` - name: gitops_repository_name value: cartographer `
registry Specification of the registry server and repository in which the configuration is placed. ` - name: registry value: server: index.docker.io repository: web-team ca_cert_data: -----BEGIN CERTIFICATE----- MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY... -----END CERTIFICATE----- `

More information

For information about operating this template, see Gitops vs RegistryOps and the config-writer-and-pull-requester-template.

config-writer-and-pull-requester-template

Purpose

Persist the passed in Kubernetes configuration to a branch in a repository and open a pull request to another branch. This process allows for manual review of configuration before deployment to a cluster.

Used by

Creates

A runnable which provides configuration to the ClusterRunTemplate commit-and-pr-pipelinerun to create a Tekton TaskRun. The Tekton TaskRun refers to the Tekton Task commit-and-pr.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account which provides the credentials to the registry or repository. The service account must exist in the same namespace as the Workload. ` - name: serviceAccount value: default `
gitops_commit_branch Name of the branch to which configuration is pushed. ` - name: gitops_commit_branch value: feature `
gitops_branch Name of the branch to which a pull request is opened. ` - name: gitops_branch value: main `
gitops_user_name User name to use in the commits. ` - name: gitops_user_name value: "Alice Lee" `
gitops_user_email User email address to use in the commits. ` - name: gitops_user_email value: [email protected] `
gitops_commit_message Message to write as the body of the commits produced for pushing configuration to the Git repository. ` - name: gitops_commit_message value: "ci bump" `
gitops_pull_request_title Title of the pull request to be opened. ` - name: gitops_pull_request_title value: "ready for review" `
gitops_pull_request_body Body of the pull request to be opened. ` - name: gitops_pull_request_body value: "generated by supply chain" `
gitops_server_address The server URL of the Git repository to which configuration is applied. ` - name: gitops_server_address value: "https://github.com/" `
gitops_repository_owner The owner/organization to which the repository belongs. ` - name: gitops_repository_owner value: vmware-tanzu `
gitops_repository_name The name of the repository. ` - name: gitops_repository_name value: cartographer `
gitops_server_kind The kind of Git provider ` - name: gitops_server_kind value: gitlab `

More information

For information about the operation of this template, see Gitops vs RegistryOps and the config-writer-template.

deliverable-template

Purpose

Create a deliverable which pairs with a Delivery to deploy Kubernetes configuration on the cluster.

Used by

Creates

A Deliverable preconfigured with reference to a repository or registry from which to fetch Kubernetes configuration.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account providing the necessary permissions for the Delivery to create children objects. Populates the Deliverable's serviceAccount parameter. The service account must be in the same namespace as the Deliverable. ` - name: serviceAccount value: default `
gitops_ssh_secret Name of the secret where credentials exist for fetching the configuration from a Git repository. Populates the Deliverable's gitops_ssh_secret parameter. The service account must be in the same namespace as the Deliverable. ` - name: gitops_ssh_secret value: ssh-secret `
gitops_branch Name of the branch from which to fetch the configuration. ` - name: gitops_branch value: main `
gitops_repository The full repository URL to which the configuration is fetched. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/cartographer" `
gitops_repository_prefix The prefix of the repository URL. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/" `
gitops_server_address The server URL of the Git repository from which configuration is fetched. ` - name: gitops_server_address value: "https://github.com/" `
gitops_repository_owner The owner/organization to which the repository belongs. ` - name: gitops_repository_owner value: vmware-tanzu `
gitops_repository_name The name of the repository. ` - name: gitops_repository_name value: cartographer `
registry Specification of the registry server and repository from which the configuration is fetched. ` - name: registry value: server: index.docker.io repository: web-team ca_cert_data: -----BEGIN CERTIFICATE----- MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY... -----END CERTIFICATE----- `

Note When using the Tanzu CLI to configure this serviceAccount parameter, use --param serviceAccount=.... The similarly named --service-account flag sets a different value: the spec.serviceAccountName key in the Workload object.

More information

For information about the ClusterDelivery shipped with ootb-delivery-basic, see Out of the Box Delivery Basic.

external-deliverable-template

Purpose

Create a definition of a deliverable which a user can manually applied to an external kubernetes cluster. When a properly configured Delivery is installed on that external cluster, the Deliverable will pair with the Delivery to deploy Kubernetes configuration on the cluster. For example, the OOTB Delivery.

Used by

Creates

A configmap in which the .data field has a key deliverable for which the value is the YAML definition of a Deliverable.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account providing the necessary permissions for the Delivery to create children objects. Populates the Deliverable's serviceAccount parameter. The service account must be in the same namespace as the Deliverable. ` - name: serviceAccount value: default `
gitops_ssh_secret Name of the secret where credentials exist for fetching the configuration from a Git repository. Populates the Deliverable's gitops_ssh_secret parameter. The service account must be in the same namespace as the Deliverable. ` - name: gitops_ssh_secret value: ssh-secret `
gitops_branch Name of the branch from which to fetch the configuration. ` - name: gitops_branch value: main `
gitops_repository The full repository URL to which the configuration is fetched. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/cartographer" `
gitops_repository_prefix The prefix of the repository URL. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/" `
gitops_server_address The server URL of the Git repository from which configuration is fetched. ` - name: gitops_server_address value: "https://github.com/" `
gitops_repository_owner The owner/organization to which the repository belongs. ` - name: gitops_repository_owner value: vmware-tanzu `
gitops_repository_name The name of the repository. ` - name: gitops_repository_name value: cartographer `
registry Specification of the registry server and repository from which the configuration is fetched. ` - name: registry value: server: index.docker.io repository: web-team ca_cert_data: -----BEGIN CERTIFICATE----- MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY... -----END CERTIFICATE----- `

More information

For information about the ClusterDelivery shipped with ootb-delivery-basic, see Out of the Box Delivery Basic.

For information about using the Deliverable object in a multicluster environment, see Getting started with multicluster Tanzu Application Platform.

delivery-source-template

Purpose

Continuously fetches Kubernetes configuration files from a Git repository or container image registry and makes them available on the cluster.

Used by

Creates

The source-template creates one of three objects, either:

  • GitRepository. Created if the deliverable has .spec.source.git defined.
  • ImageRepository. Created if the deliverable has .spec.source.image defined.

GitRepository

GitRepository makes source code from a particular commit available as a tarball in the cluster. Other resources in the supply chain can then access that code.

Parameters
Parameter name Meaning Example
gitImplementation The library used to fetch source code. If not provided, Tanzu Application Platform's default implementation uses go-git, which works with the providers supported by Tanzu Application Platform: GitHub and GitLab. An alternate value that you can use with other Git providers is libgit2. ` - name: gitImplementation value: libgit2 `
gitops_ssh_secret Name of the secret used to provide credentials for the Git repository. The secret with this name must exist in the same namespace as the Deliverable. The credentials must be sufficient to read the repository. If not provided, Tanzu Application Platform defaults to look for a secret named git-ssh. See Git authentication. ` - name: gitops_ssh_secret value: git-credentials `

Note Some Git providers, notably Azure DevOps, require you to use libgit2 due to the server-side implementation providing support only for git's v2 protocol. For information about the features supported by each implementation, see git implementation in the flux documentation.

More information

For an example using the Tanzu CLI to create a Workload using GitHub as the provider of source code, see Create a workload from GitHub repository.

For information about GitRepository objects, see GitRepository.

ImageRepository

ImageRepository makes the contents of a container image available as a tarball on the cluster.

Parameters
Parameter name Meaning Example
serviceAccount Name of the service account, providing credentials to `ImageRepository` for fetching container images. The service account must exist in the same namespace as the Deliverable. ` - name: serviceAccount value: default `
More information

For information about the ImageRepository resource, see ImageRepository reference docs.

app-deploy

Purpose

Applies Kubernetes configuration to the cluster.

Used by

Creates

A kapp App.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account providing the necessary privileges for `App` to apply the Kubernetes objects to the cluster. The service account must be in the same namespace as the Deliverable. ` - name: serviceAccount value: default `
gitops_sub_path (deprecated) Sub directory within the configuration bundle that is used for looking up the files to apply to the Kubernetes cluster. DEPRECATED ` - name: gitops_sub_path value: ./config `

Note The gitops_sub_path parameter is deprecated. Use deliverable.spec.source.subPath instead.

More information

For details about RBAC and how kapp-controller makes use of the ServiceAccount provided through the Deliverable's serviceAccount parameter, see kapp-controller's Security Model.

carvel-package (experimental)

Purpose

Bundles Kubernetes configuration into a Carvel Package.

Used by

Creates

A taskrun.tekton.dev which provides configuration to a Tekton ClusterTask to bundle Kubernetes configuration into a Carvel Package.

This template uses the lifecycle: tekton flag to create new immutable objects rather than updating the previous object.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account to use for providing Docker credentials. The service account must exist in the same namespace as the Workload. The service account must have a secret associated with the credentials. See Configuring authentication for Docker in the Tekton documentation. ` - name: serviceAccount value: default `
registry Specification of the registry server and repository in which the built image is placed. ` - name: registry value: server: index.docker.io repository: web-team `
carvel_package_gitops_subpath Specifies the subpath to which Carvel Packages should be written. ` - name: carvel_package_gitops_subpath value: path/to/my/dir `
carvel_package_name_suffix Specifies the suffix to append to the Carvel Package name. The format is WORKLOAD_NAME.WORKLOAD_NAMESPACE.carvel_package_name_suffix The full Carvel Package name must be a valid DNS subdomain name as defined in RFC 1123. ` - name: carvel_package_name_suffix value: vmware.com `

More information

To read more about lifecycle:tekton, read Cartographer Lifecycle.

package-config-writer-template (experimental)

Purpose

Persist in an external git repository the Carvel Package Kubernetes configuration passed to the template.

Used by

Creates

A runnable which creates a Tekton TaskRun that refers either to the Tekton Task git-writer.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account which provides the credentials to the registry or repository. The service account must exist in the same namespace as the Workload. ` - name: serviceAccount value: default `
gitops_branch Name of the branch to push the configuration to. ` - name: gitops_branch value: main `
gitops_user_name User name to use in the commits. ` - name: gitops_user_name value: "Alice Lee" `
gitops_user_email User email address to use in the commits. ` - name: gitops_user_email value: [email protected] `
gitops_commit_message Message to write as the body of the commits produced for pushing configuration to the Git repository. ` - name: gitops_commit_message value: "ci bump" `
gitops_repository The full repository URL to which the configuration is committed. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/cartographer" `
gitops_repository_prefix The prefix of the repository URL. DEPRECATED ` - name: gitops_repository value: "https://github.com/vmware-tanzu/" `
gitops_server_address The server URL of the Git repository to which configuration is applied. ` - name: gitops_server_address value: "https://github.com/" `
gitops_repository_owner The owner/organization to which the repository belongs. ` - name: gitops_repository_owner value: vmware-tanzu `
gitops_repository_name The name of the repository. ` - name: gitops_repository_name value: cartographer `
registry Specification of the registry server and repository in which the configuration is placed. ` - name: registry value: server: index.docker.io repository: web-team ca_cert_data: -----BEGIN CERTIFICATE----- MIIFXzCCA0egAwIBAgIJAJYm37SFocjlMA0GCSqGSIb3DQEBDQUAMEY... -----END CERTIFICATE----- `
carvel_package_gitops_subpath Specifies the subpath to which Carvel Packages should be written. ` - name: carvel_package_gitops_subpath value: path/to/my/dir `
carvel_package_name_suffix Specifies the suffix to append to the Carvel Package name. The format is WORKLOAD_NAME.WORKLOAD_NAMESPACE.carvel_package_name_suffix The full Carvel Package name must be a valid DNS subdomain name as defined in RFC 1123. ` - name: carvel_package_name_suffix value: vmware.com `

More information

See Gitops vs RegistryOps for more information about the operation of this template and of the package-config-writer-and-pull-requester-template (experimental).

package-config-writer-and-pull-requester-template (experimental)

Purpose

Persist the passed in Carvel Package Kubernetes configuration to a branch in a repository and open a pull request to another branch. (This process allows for manual review of configuration before deployment to a cluster)

Used by

Creates

A runnable which provides configuration to the ClusterRunTemplate commit-and-pr-pipelinerun to create a Tekton TaskRun. The Tekton TaskRun refers to the Tekton Task commit-and-pr.

Parameters

Parameter name Meaning Example
serviceAccount Name of the service account which provides the credentials to the registry or repository. The service account must exist in the same namespace as the Workload. ` - name: serviceAccount value: default `
gitops_commit_branch Name of the branch to which configuration is pushed. ` - name: gitops_commit_branch value: feature `
gitops_branch Name of the branch to which a pull request is opened. ` - name: gitops_branch value: main `
gitops_user_name User name to use in the commits. ` - name: gitops_user_name value: "Alice Lee" `
gitops_user_email User email address to use in the commits. ` - name: gitops_user_email value: [email protected] `
gitops_commit_message Message to write as the body of the commits produced for pushing configuration to the Git repository. ` - name: gitops_commit_message value: "ci bump" `
gitops_pull_request_title Title of the pull request to be opened. ` - name: gitops_pull_request_title value: "ready for review" `
gitops_pull_request_body Body of the pull request to be opened. ` - name: gitops_pull_request_body value: "generated by supply chain" `
gitops_server_address The server URL of the Git repository to which configuration is applied. ` - name: gitops_server_address value: "https://github.com/" `
gitops_repository_owner The owner/organization to which the repository belongs. ` - name: gitops_repository_owner value: vmware-tanzu `
gitops_repository_name The name of the repository. ` - name: gitops_repository_name value: cartographer `
gitops_server_kind The kind of Git provider ` - name: gitops_server_kind value: gitlab `
carvel_package_gitops_subpath Specifies the subpath to which Carvel Packages should be written. ` - name: carvel_package_gitops_subpath value: path/to/my/dir `
carvel_package_name_suffix Specifies the suffix to append to the Carvel Package name. The format is WORKLOAD_NAME.WORKLOAD_NAMESPACE.carvel_package_name_suffix The full Carvel Package name must be a valid DNS subdomain name as defined in RFC 1123. ` - name: carvel_package_name_suffix value: vmware.com `

More information

See Gitops vs RegistryOps for more information about the operation of this template and of the package-config-writer-template (experimental).