Kubernetes and Platform Engineering Ramblings
Managing SSO for applications is a complex task, and since TAP 1.4, we have had a great feature called AppSSO, which is aimed at helping make the story of SSO integration much easier for developers and operators. In TAP 1.6, a major effort was put into AppSSO to make it even more streamlined, and simple …
The Metadata Store has been a key element in a secure supply chain within TAP since the GA of TAP, and it provides a central location where all CVE data and SBOMs are stored for our source code and images. In TAP 1.6, we get a great new set of functionality in the metadata store, …
One of the best new features, if not the best new feature in TAP 1.6, is the introduction of a new component called Local Source Proxy (LSP). One of the main challenges we have seen with rolling out TAP, is that while TAP aims to provide an abstraction above kubernetes, making the infrastructure invisible to …
Tanzu Build Service (TBS) is a key component of TAP, allowing for building images directly from source code without needing to write and maintain docker files. TBS itself is built upon the opensource project kpack which till recently was hosted under the pivotal github repo, and recently was donated to the Cloud Native Buildpacks project …
Crossplane has been updated to version 1.12.1 in TAP 1.6 and this bring along some really amazing features! Beyond the bump of crossplane which we will discuss in length bellow, a few more fixes and additions were made to the TAP packaging of Crossplane to improve the UX. These updates include the support for installing …
What Is The TAP Namespace Provisioner Namespace Provisioner provides a secure, automated way for platform operators to provision namespaces with the resources and namespace-level privileges required for their workloads to function as intended. It enables operators to add additional customized namespace-scoped resources using GitOps to meet their organization’s requirements and provides continuous reconciliation using the …
Continue reading "TAP 1.6 – Namespace Provisioner Improvements"
The TAP IDE plugins are a critical element of the platform, as they are the main interface for most developers to the platform, and meeting developers where they want to be, which is within their IDE is a critical element of any good platform. As is the case with every release of TAP, the IDE …
TAP has many features which help with securing our software supply chain. One of the key elements of security is obviously source code and image scanning which TAP has had since GA, but as we all know, finding the vulnerabilities is one thing, but how to triage these found vulnerabilities is an entire beast in …
As part of the new version of the scanning mechanism in TAP which was released in Alpha in version 1.5, and has now been promoted to Beta in TAP 1.6, we now have a new component called the Artifact Metadata Repository Observer (AMR Observer). Overview This new component is part of the Artifact Metadata Repository …
The new scanning model "Supply Chain Security Tools - Scan 2.0" which was introduced back in TAP 1.5, now includes some great new improvements, and has been promoted from Alpha to Beta! The new model, is much easier to extend and customize to your own organizations needs, and is built with a more scalable and …