TAP 1.4 is a major release for Tanzu Application Platform which includes a bunch of really awesome new features, as well as improvements to existing features in terms of stability and UX.
My favorite new features:
- Developer Namespace Preparation Controller
- TLS Management with the new Shared Cluster Issuer Integration
- Inner Loop support for Dotnet Core Applications
- Prisma Scanner (Alpha)
My favorite enhancements:
- Live update and Debug can run together
- Application Accelerator enhancements
Lets take a look at each of these features and what they bring to the platform
Developer Namespace Preparation Controller
One of the key difficulties with managing TAP till version 1.4, was the walls of YAML that were needed in order to prepare a namespace for TAP workloads.
This process entailed creating RBAC resources, Scan Templates, Scan Policies, Service Accounts, secrets, Testing Pipelines etc.
While this was always possible to automate as i discussed in a previous blog post using tools like Kyverno, having a built in solution is a huge improvement.
As of TAP 1.4, we now have an additional component called “Namespace Provisioner” which allows operators to easily prepare namespaces for TAP workloads.
The solution can deploy out of the box resources, that correspond to the Supply chain you have installed in the cluster, as well as any other resources you desire via a simple git integration mechanism, which is based on the Carvel tooling, namely kapp controller and YTT.
The docs are quite informative and give good examples of how to extend the functionality of the new package to adapt it to your own needs.
While this is just the initial release, and it is not perfect yet, It covers the vast majority of use cases already, and is a huge step in the right direction, towards making TAP much easier to consume which is awesome!!!
TLS Management with the new Shared Cluster Issuer Integration
One of the new features that came along with TAP 1.4 is the new and improved integration with Cert Manager.
While Cert Manager was always included in TAP, this new integration gives us some pretty great new functionalities.
First of all, TAP components that are exposed via ingress, are now signed with certificates generated from a single CA, making TLS trust much smoother. While not all components have moved to using this issuer, the majority are, and the rest will be added in upcoming releases.
beyond the TAP components themselves, we also now get auto generated per workload certificates using the same issuer for all deployed applications! this is a huge improvement and makes the security posture OOTB with TAP much better.
The integration by default uses a self signed CA issuer, however you can easily integrate this with any other issuer and TAP will use that issuer be it LetsEncrypt, Venafi, Vault or really any other CA you use to sign the certificates used by the system and workloads!
Previously the common solution was to use a wildcard certificate, which while it did work in many cases, had some serious limitations, as well as security implications, which are resolved through this new integration which is really a great step towards a secure by default app platform!
Inner Loop support for Dotnet Core Applications
The inner loop development support for Spring boot in VSCode and Intellij is one of the greatest features of TAP. In this release, VMware have added support for inner loop development of dotnet core applications via a new IDE plugin for Visual Studio.
This is a great addition to TAP, as it broadens the amount of use cases and customers the platform can be applicable for.
dotnet core is extremely popular, and with steeltoe, we can even get spring like functionality really easily for dotnet based applications such as actuator endpoints which is awesome!
supporting Visual Studio for this flow is a huge improvement as well, as many enterprise organizations have standardized around Visual Studio as their IDE.
While currently the 2 supported languages for Inner Loop development are Java and Dotnet, I have been able to make it work as well with Golang and Python, making the solution really easy to extend, and I’m sure we will se more languages and IDEs added in future releases, further enhancing the experience for developers in the language and IDE of their choosing.
Prisma Scanner (Alpha)
One of the most exciting new features in my opinion is the new Alpha integration of Prisma as a scanner for both Source code and image scanning in TAP.
TAP has always had a pluggable mechanism for scanners, and as TAP has matured, more and more scanners have been added to the platform.
Prisma is one of the most common scanners on the market today, and is used by many customers, especially those in the cloud, that use Prisma as not only a scanner, but also as a very powerful CSPM and Kubernetes runtime protection tool.
Adding support for Prisma in TAP, makes the onboarding to the platform in brownfield environments much easier, as policies and knowledge already exist in many customers environments, around Prisma, making this a huge plus for many potential TAP users!
While building your own scanner integration is not a very difficult task in many cases, as I have discussed in length in a previous post where I discussed how I integrated trivy as a scanner within TAP, having a supported integration from VMware is always better and this is a great addition!
Live update and Debug can run together
This is a huge improvement in functionality added in TAP 1.4 in both Intellij as well as in VSCode.
The inner loop development capabilities in TAP are a key feature of TAP and being able to both run remote debugging as well as live update in parallel on our workloads, increases the developer velocity, and makes the Developers experience so much better.
It truly is awesome to see all of the improvements being made in this area from release to release, and seeing how this is helping customers is really awesome!
Application Accelerator enhancements
The entry point into TAP for developers is application accelerator, and i believe that it is one of the most integral parts of TAP, which brings some amazing capabilities to all organizations.
The 4 key features that have been added to App Accelerator in TAP 1.4 which I am excited about are:
- Loop transform
- Custom Type definitions
- Git repo creation from VSCode
- Code completion & validation for accelerator YAML definitions
Lets look at each of these new features briefly
This is a huge improvement with many different use cases. previously if we had an array as an input, that array was passed to a transform step as is, and the transform itself would deal with the array input, however this means that we only execute a transform a single time per accelerator run.
Now with the loop transform, we can iterate over elements in an array and apply transformations for each and every element of that array.
This can be extremely beneficial when trying to do bulk operations, and i have already started working on some new accelerators i will be sharing publicly that utilize this feature extensively.
This is another huge feature add, which when paired with the loop transform becomes even more powerful.
Till now, every input was of a simple type basically a string, a number, or a boolean. In many cases, we may have a set of values that are all related to one another, and that actually would be better suited with something like a map in programming terms. a simple example of this could be settings key value pairs for things like labels or annotations in kubernetes.
The cool thing with being able to define custom types which as mentioned are basically maps in programming terms, is that when used with the loop transformations, are options are truly endless. we can build some pretty amazing and complex accelerators, which can offer huge value to our organizations in a simple and streamlined approach.
Git Repo Creation From VSCode
Since the VSCode extension was added for application accelerators in TAP 1.2, I have been using it all the time. I love backstage, and the app accelerator plugin in TAP GUI is great, but in the end when working on code, the place you really want to work from is your IDE, and the VSCode plugin is exactly what I wished for.
While this was great and offered huge value already, in TAP 1.3 we got a great new feature in app accelerator which was the ability to auto create the Git Repo for us when generating a new project. This however was only possible when accessing app accelerator via TAP GUI and was not part of the VSCode extension.
Now in TAP 1.4 we can have the same experience and functionality directly from my IDE as well, which make the experience so much better, and enables all the needed functionality from app accelerator to be done without ever leaving my IDE. I can now generate a project from an accelerator, create a repo, deploy an app in my iterate cluster, live update and debug it, and deploy it to my production cluster without ever leaving the comfort of my precious IDE!
Code completion & validation for accelerator YAML definitions
This is a really nice feature, which is available in VSCode as well as Intellij.
Its not always easy to remember the exact syntax, or what the exact structure should be for an accelerator YAML file. with this new feature, we get code completion as well as validations for our accelerator YAML files in these 2 IDEs.
making the experience of authoring accelerators easier is a great thing, as it is democratizing who can create these accelerators, and can enable quicker delivery of new accelerators within your organizations, which in turn brings value quicker to your customers which are the developers in your org.
TAP 1.4 is a huge milestone, and has added some amazing features. This blog only covers the tip of the iceberg of all the changes and enhancements that were added into TAP 1.4.
The pace at which TAP is advancing is truly amazing, and now more then ever, you should start hopping on the TAP train, cause its a pretty awesome ride!