Kubernetes and Tanzu Ramblings
What Is Crossplane Crossplane is an open source, CNCF project built on the foundation of Kubernetes to orchestrate anything. Its basically the kubernetes native approach to solve similar issues and challenges that tools like Terraform, Pulumi and IDEM are trying to solve. Tanzu Application Platform makes use of Crossplane to power a number of capabilities, …
Continue reading "TAP 1.5 – Dynamic Service Provisioning With Crossplane"
What Is The TAP Namespace Provisioner Namespace Provisioner provides a secure, automated way for platform operators to provision namespaces with the resources and namespace-level privileges required for their workloads to function as intended. It enables operators to add additional customized namespace-scoped resources using GitOps to meet their organization's requirements and provides continuous reconciliation using the …
Continue reading "TAP 1.5 – Namespace Provisioner Gets A Major Update"
In TAP 1.4, VMware added an additional optional package to TAP for the External Secrets Operator, and in TAP 1.5 they have enhanced the integration. What Is External Secrets Operator (ESO) The External Secrets Operator is a Kubernetes operator that integrates with external secret management systems, for example, AWS Secrets Manager, Google Secrets Manager and …
Continue reading "TAP 1.5 – External Secrets Operator Enhancements"
TAP 1.5 is a major release for Tanzu Application Platform!!!!! This release includes, new components, new features, enhancements to existing features, and many bug fixes, all coming together to create an amazing release! There are way to many features in this release for a single blog post, so I have split the key enhancements I …
Learn how to securely and easily manage package deployments to all attached clusters in TMC, using Carvel + Flux + Magic
TLDR - as of January 26th, you will need to update your TBS dependencies if you are building Spring Boot applications.This is related to the linked Known issue in TAP 1.4 but also effects previous versions of TAP. Preface A few days ago i was working on some TAP related testing, and all of a …
Learn how to make it transparent for applications to move from EKS to TKGm on vSphere by using IRSA
One of the really great features in TAP is the pluggable architecture of the scanning tools. In this blog post, we will discuss how one could build such a custom integration, using the very common scanner Trivy.
When we setup a TAP environment, one of the key aspects we must take into account is how we will be exposing our workloads outside of the cluster. By default, TAP workloads are deployed as Knative services and are exposed via plain HTTP which is not a very secure or production ready solution. Another option …
Continue reading "Auto Generation of Certs for TAP Workloads"
Securing our Software Supply Chains is something that we really need to tackle and make as simple as possible. When we work to secure our software supply chain, there are many aspects we must consider. One of the key aspects is how to attest that a specific image has passed through our supply chain and …
Continue reading "Securing Our Software Supply Chain With Cosign And Prisma Cloud Sandboxing"