Tanzu Platform SaaS

PDF
self.managed.10.1 10.0 saas

Set up a supply chain

Last Updated February 19, 2025

This topic is for platform engineers who want to provide supply chains in Tanzu Platform. Supply chains simplify developer cognitive load, and ensure compliant, secure delivery of source to production.

Before you begin

Before you can author a supply chain, you must have:

  • A Kubernetes cluster that is attached to a cluster group on Tanzu Platform.
  • Tanzu CLI v1.5.3 or later.

  • The latest Tanzu plug-ins that have the workflow CLI plug-in v0.1.5 or later. Install the plug-in by running:

    tanzu plugin install --group vmware-tanzu/platform-engineer

Generate an API token

You must have an API token to use when configuring the required Capabilities for supply chains in Tanzu Platform.

The Supply Chain Controller, Tanzu Build Supply Chain, and Tanzu Deploy Supply Chain Capabilities use the platform endpoint and authentication settings, for example, to send the logs and WorkflowRun data to Tanzu Platform to be displayed on the UI and the CLI.

When the token expires, the connection to the Tanzu Platform is severed. This causes the WorkflowRun and logs data stop being sent to long-term storage and visibility. In future releases, VMware plans to automate the credential generation and rotation to reduce the burden on the platform engineers when installing and managing Capabilities.

The logged-in user that generates the token must have Administrator role at Project scope.

To generate an API token:

  1. Log in to Tanzu Platform using the Tanzu CLI:

    tanzu login

  2. Create an API token by running:

    tanzu api-token create

    You’ll be asked to authenticate again. After you authenticate, The API token is provided in the output.

Install the supply chain Capabilities

Before developers can create a Space with a workflow, they must have a cluster that has the supply chain Capabilities installed. To achieve this, install the Capabilities in this section on your cluster group.

Certificate Manager

The Certificate Manager Capability requires no advanced configuration. The default values are sufficient.

To install the Certificate Manager Capability:

  1. In the Tanzu Platform UI, from the Project selector in the header, ensure that you have selected the Project that you want to set up the supply chain in.

  2. Go to Capabilities > Available.

  3. From the list of Capabilities, click Certificate Manager.

  4. Click Install Package.

  5. Select a cluster group on which to deploy the package.

  6. Click Install Package.

tekton.dev

Tekton is the underlying task engine that the supply chain controller uses to execute stages of the supply chain when a Workflow is created.

The tekton.dev Capability does not require advanced configuration. The default values are sufficient. However, you can optionally configure the Capability to improve supply chain performance at scale.

To install the tekton.dev Capability:

  1. In the Tanzu Platform UI, from the Project selector in the header, ensure that you have selected the Project that you want to set up the supply chain in.

  2. Go to Capabilities > Available.

  3. From the list of Capabilities, click tekton.dev.

  4. Click Install Package.

  5. Select a cluster group on which to deploy the package.

  6. (Optional) Configure improved performance for the supply chain:

    1. Click Advanced Configuration.
    2. Click YAML.
    3. Enter YAML to configure improved performance. For the fields you can configure, see Configure Tekton performance.

  7. Click Install Package.

Egress

The Egress Capability is required for the common.supply-chains.tanzu.vmware.com Profile. It does not require advanced configuration. The default values are sufficient.

To install the Egress Capability:

  1. In the Tanzu Platform UI, from the Project selector in the header, ensure that you have selected the Project that you want to set up the supply chain in.

  2. Go to Capabilities > Available.

  3. From the list of Capabilities, click Egress.

  4. Click Install Package.

  5. Select a cluster group on which to deploy the package.

  6. Click Install Package.

Supply Chain Controller

To install the Supply Chain Controller Capability:

  1. In the Tanzu Platform UI, from the Project selector in the header, ensure that you have selected the Project that you want to set up the supply chain in.

  2. Go to Capabilities > Available.

  3. From the list of Capabilities, click Supply Chain Controller.

  4. Click Install Package.

  5. Select a cluster group on which to deploy the package.

  6. Configure the Supply Chain Controller Capability:

    1. Click Advanced Configuration.
    2. Click YAML.

    3. Enter YAML to configure the Capability. The following is the minimum configuration required for the controller:

      platform:
  auth:
    token: TANZU-API-TOKEN
  endpoint: https://platform-dev.tanzu.broadcom.com
  # defaults to prod and is not required
  env: "staging"

      Where TANZU-API-TOKEN is the token you generated in Generate an API Token earlier in this topic.

      For more configuration for the supply chain controller, see Configure the Supply Chain Controller Capability and Export telemetry data (experimental).

  7. Click Install Package.

Tanzu Build Supply Chain and Tanzu Deploy Supply Chain

You can install both of these workflows by installing the Tanzu Build Supply Chain Capability. When you install Tanzu Build Supply Chain, the Tanzu Deploy Supply Chain Capability is automatically installed as well.

To install the Tanzu Build Supply Chain Capability:

  1. In the Tanzu Platform UI, from the Project selector in the header, ensure that you have selected the Project that you want to set up the supply chain in.

  2. Go to Capabilities > Available.

  3. From the list of Capabilities, click Tanzu Build Supply Chain.

  4. Click Install Package.

  5. Select a cluster group on which to deploy the package.

  6. Configure the Tanzu Build Supply Chain Capability:

    1. Click Advanced Configuration.
    2. Click YAML.

    3. Enter YAML to configure the Capability. The following is the minimum configuration required:

      platform:
  token: TANZU-API-TOKEN
  endpoint: https://platform-dev.tanzu.broadcom.com
  # defaults to prod and is not required
  env: staging
build:
  project: build-dev-01

      Where TANZU-API-TOKEN is the token you generated in Generate an API Token earlier in this topic.

      The build.project field points to the Tanzu Platform Project that is configured to do on-platform builds. For how to configure this Project, see Configure Builds to Run on Tanzu Platform. This Project can be the same or different from the Project where the supply chain Capabilities are installed.

  7. Click Install Package.

Verify that you have installed the required Capabilities

After all of the Capabilities are installed, Capabilities > Installed for your clustergroup must include the following Capabilities with the status Succeeded:

  • Certificate Manager
  • tekton.dev
  • Egress
  • Supply Chain Controller
  • Tanzu Build Supply Chain
  • Tanzu Deploy Supply Chain

You now have a cluster that has all the required Capabilities for creating a Space with workflows.