This topic gives you reference information about the BuildConfiguration resource in Tanzu Platform.
Example BuildConfiguration with an egress point
apiVersion: build.tanzu.vmware.com/v1
kind: BuildConfiguration
metadata:
annotations: {}
name: dev-project-bld-cfg
namespace: default
spec:
availabilityTarget: all-regions.tanzu.vmware.com
caCertificateSecretRefs:
- name: ca-cert
bindingSecretRefs:
- name: maven-settings
imageRepositorySecretRefs:
- name: reg-cred
- name: artifactory-secret-tap-saas
imageRepositoryTemplate: my-registry.io/containerapp-{name}
egressPointTemplate:
targets:
- hosts:
- my-registry.io
port:
number: 443
protocol: HTTPS
The following table provides information for configuring the BuildConfiguration file:
| Field Name | Required? | Data Type | Description |
|---|---|---|---|
availabilityTarget | Required | string | The availability target to use for the build. See spec.availabilityTarget in the BuildConfiguration example. |
egressPointTemplate | Required | see EgressPointSpec | Egress endpoints that the build needs to accesses. You can configure approved endpoints that the build can access to generate artifacts. For an example, see spec.egressPointTemplate in the Example BuildConfiguration with an egress point. If egressPointTemplate is empty or if the hosts list is empty, no additional egress traffic is allowed. If you want to allow all egress, see Allow all egress. |
imageRepositoryTemplate | Required | string | A templated string that is used to generate the URL of the repository to which to push built images. For example, for a ContainerApp named foo with spec.contact.team: bar and imageRepositoryTemplate my-registry.io/{contact.team}/containerapp-{name}, the URL renders as my-registry.io/bar/containerapp-foo. See spec.imageRepositoryTemplate in the BuildConfiguration example. |
imageRepositorySecretRefs | Required | array (string) | One or more Kubernetes secret resources. This field is required if the image registry implements authentication when storing build artifacts. The referenced secret stores the credentials for accessing the image registry. Secrets must be of either the kubernetes.io/dockercfg or kubernetes.io/dockerconfigjson types. Referenced secret resources must be created in the Project Space. NOTE: In order to pull the Builder Images add secret name artifactory-secret-tap-saas to the list of secrets referenced in ImageRepositorySecretRefs. See spec.imageRepositorySecretRefs in the BuildConfiguration example and Example secret to store image registry credentials. |
caCertificateSecretRefs | Optional | array (string) | One or more Kubernetes secret resources. The referenced secrets must be Opaque secrets that contain data for CA Certificates. Data must be provided as a base64-encoded string. See caCertificateSecretRefs in the BuildConfiguration example and Example CA Certificate used in caCertificateSecretRefs. |
bindingSecretRefs | Optional | array (string) | One or more Kubernetes secret resources. The referenced secrets must be Opaque secrets that contain data for any service bindings that the build requires, such as Maven settings, and so on. Data must be provided as a base64-encoded string. |
defaultBuildPlanName | Optional | string | The name of a ContainerAppBuildPlan to use for builds in this Project by default. To override this configuration, set a value for spec.build.buildPlanName in your ContainerApp. |
Example egress point templates
This section shows you how to allow or deny all egress using the egressPointTemplate field.
Allow all egress
This egressPointTemplate fragment shows how to define the build configuration to allow all egress.
egressPointTemplate:
targets:
- hosts:
- "*"
port:
number: 0
protocol: ANY
Deny all egress
These egressPointTemplate fragments show how to define the build configuration to deny all egress.
egressPointTemplate: {}
or
egressPointTemplate:
targets: []
Kubernetes secret resources
The example BuildConfiguration file above references the following example Kubernetes secret resources.
Example secret to store image registry credentials
apiVersion: v1
data:
.dockerconfigjson: eyJhdX[...]]J9fX0=
kind: Secret
metadata:
name: reg-cred
namespace: default
type: kubernetes.io/dockerconfigjson
Example CA certificate used in caCertificateSecretRefs
apiVersion: v1
data:
platform-cert.pem: LS0[...]0tLQ==
kind: Secret
metadata:
name: ca-cert
type: Opaque
Content feedback and comments