Tanzu Application Platform is a modular, composable platform that comprises the following components.
-
API Auto Registration When users deploy a workload that exposes an API, they want that API to automatically show in TAP GUI without needing any other manual steps.
API Auto Registration is an automated workflow that will can use a supply chain to create and manage a k8s Custom Resource (CR) of type APIDescriptor, a controller to reconcile the CR and update the API entity in TAP GUI to achieve automated API registration from workloads. You can also use API Auto Registration without supply chains by directly applying an APIDescriptor to the cluster.
-
API portal for VMware Tanzu API portal for VMware Tanzu enables API consumers to find APIs they can use in their own applications.
Consumers can view detailed API documentation and try out an API to see if it meets their needs. API portal assembles its dashboard and detailed API documentation views by ingesting OpenAPI documentation from the source URLs. An API portal operator can add any number of OpenAPI source URLs to be displayed in a single instance.
-
Application Accelerator for VMware Tanzu
The Application Accelerator component helps app developers and app operators through the creation and generation of application accelerators.
Accelerators are templates that codify best practices and ensure important configurations and structures are in place from the start. Developers can bootstrap their applications and get started with feature development right away.
Application operators can create custom accelerators that reflect their desired architectures and configurations and enable fleets of developers to use them, decreasing operator concerns about whether developers are implementing their desired best practices.
-
Application Live View for VMware Tanzu
Application Live View is a lightweight insight and troubleshooting tool that helps application developers and application operators look inside running applications.
It is based on the concept of Spring Boot Actuators. Fundamentally, the application provides information from inside the running processes by using endpoints (in our case, HTTP endpoints). Application Live View uses those endpoints to get the data from the application and to interact with it.
-
Application Single Sign-On for VMware Tanzu
Application Single Sign-On enables application users to sign into their identity provider once and be authorized and identified to access any Kubernetes-deployed workload. It is a secure, straightforward, and delightful approach for developers and operators to manage access across all workloads in the enterprise.
-
Cloud Native Runtimes for VMware Tanzu
Cloud Native Runtimes for Tanzu is a serverless application runtime for Kubernetes that is based on Knative and runs on a single Kubernetes cluster. For information about Knative, see the Knative documentation. Cloud Native Runtimes capabilities are included in VMware Tanzu Advanced Edition and VMware Tanzu Application Platform.
-
Convention Service for VMware Tanzu
The convention service provides a means for people in operational roles to express their hard-won knowledge and opinions about how apps should run on Kubernetes as a convention. The convention service applies these opinions to fleets of developer workloads as they are deployed to the platform, saving operator and developer time.
-
Default roles for Tanzu Application Platform
This package includes five default roles for users including app-editor, app-viewer, app-operator, and service accounts including workload and deliverable. These roles are available to help operators limit the permissions that a user or service account requires on a cluster that runs Tanzu Application Platform. They are built by using aggregated cluster roles in Kubernetes role-based access control (RBAC).
Default roles only apply to a user interacting with the cluster using kubectl and Tanzu CLI. Tanzu Application Platform GUI support for default roles is planned for a future release.
-
Developer conventions configure workloads to prepare them for inner loop development.
It’s meant to be a “deploy and forget” component for developers: after it is installed on the cluster with the Tanzu Package CLI, developers do not need to directly interact with it. Developers instead interact with the Tanzu Developer Tools for VSCode IDE Extension or Tanzu CLI Apps plug-in, which rely on the Developer Conventions to modify the workload to enable inner loop capabilities.
-
Eventing for VMware Tanzu focuses on providing tooling and patterns for Kubernetes applications to manage event-triggered systems via Knative Eventing. For information about Knative, see the Knative documentation.
-
The main role of the source management component is to provide a common interface for artifact acquisition.
-
Grype is a vulnerability scanner for container images and file systems.
-
Services Toolkit comprises a number of Kubernetes-native components that support the management, life cycle, discoverability, and connectivity of Service Resources (databases, message queues, DNS records, and so on) on Kubernetes.
-
Supply Chain Choreographer for VMware Tanzu
Supply Chain Choreographer is based on open-source Cartographer. It enables app operators to create preapproved paths to production by integrating Kubernetes resources with the elements of their existing toolchains, such as Jenkins.
Each preapproved supply chain creates a paved road to production. It orchestrates supply chain resources, namely test, build, scan, and deploy, enabling developers to focus on delivering value to their users. Preapproved supply chains also give application operators the peace of mind that all code in production has passed through all the steps of an approved workflow.
-
Supply Chain Security tools for Tanzu - Scan
With Supply Chain Security Tools for VMware Tanzu - Scan, Tanzu customers can build and deploy secure trusted software that complies with their corporate security requirements.
To enable this, Supply Chain Security Tools - Scan provides scanning and gatekeeping capabilities that Application and DevSecOps teams can incorporate earlier in their path to production. This is an established industry best practice for reducing security risk and ensuring more efficient remediation.
-
Supply Chain Security Tools - Sign (Deprecated)
Supply Chain Security Tools - Sign provides an admission controller that allows a cluster operator to specify a policy that allows or denies images from running based on signature verification against public keys. It works with cosign signature format and allows for fine-tuned configuration based on image source patterns.
-
Supply Chain Security Tools - Policy Controller
Supply Chain Security Tools - Policy is an admission controller that allows a cluster operator to specify policies to verify image container signatures before admitting them to a cluster. It works with cosign signature format and allows for fine-tuned configuration of policies based on image source patterns.
-
Supply Chain Security Tools - Store
Supply Chain Security Tools - Store saves software bills of materials (SBoMs) to a database and enables you to query for image, source, package, and vulnerability relationships. It integrates with Supply Chain Security Tools - Scan to automatically store the resulting source and image vulnerability reports.
-
Overview of Tanzu Application Platform GUI
Tanzu Application Platform GUI lets your developers view your organization's running applications and services. It provides a central location for viewing dependencies, relationships, technical documentation, and even service status. Tanzu Application Platform GUI is built from the Cloud Native Computing Foundation's project Backstage.
-
Tanzu Build Service uses the open-source Cloud Native Buildpacks project to turn application source code into container images.
Build Service executes reproducible builds that align with modern container standards and keeps images up to date. It does so by leveraging Kubernetes infrastructure with kpack, a Cloud Native Buildpacks Platform, to orchestrate the image life cycle.
The kpack CLI tool, kp, can aid in managing kpack resources. Build Service helps you develop and automate containerized software workflows securely and at scale.
-
Tanzu Developer Tools for VSCode
Tanzu Developer Tools for Visual Studio Code is the official VMware Tanzu IDE extension for VSCode to help you develop code using the Tanzu Application Platform. The VSCode extension enables live updates of your application while it runs on the cluster and lets you debug your application directly on the cluster.
-
Learning Center provides a platform for creating and self-hosting workshops. With Learning Center, content creators can create workshops from markdown files that learners can view in a terminal shell environment with an instructional wizard UI. The UI can embed slide content, an integrated development environment (IDE), a web console for accessing the Kubernetes cluster, and other custom web applications.
Although Learning Center requires Kubernetes to run, and it teaches users about Kubernetes, you can use it to host training for other purposes as well. For example, you can use it to train users on web-based applications, use of databases, or programming languages.
-
Tekton is a powerful and flexible open-source framework for creating CI/CD systems, enabling developers to build, test, and deploy across cloud providers and on-premise systems.
-
Tanzu Application Platform Telemetry
Tanzu Application Platform Telemetry is a set of objects that collect data about the usage of Tanzu Application Platform and send it back to VMware for product improvements. A benefit of remaining enrolled in telemetry and identifying your company during Tanzu Application Platform installation is that VMware can provide your organization with usage reports about Tanzu Application Platform. See Tanzu Application Platform usage reports for more information about enrolling in telemetry reports.
Note: You can opt out of telemetry collection by following the instructions in Opting out of telemetry collection.
You can deploy Tanzu Application Platform through predefined profiles, each containing various packages, or you can install packages individually. The profiles are designed to allow the Tanzu Application Platform to scale across an organization's multicluster, multicloud, or hybrid cloud infrastructure. These profiles are not meant to cover all customer use cases, but serve as a starting point to allow for further customization.
The following profiles are available in Tanzu Application Platform:
-
Full (
full): Contains all of the Tanzu Application Platform packages. -
Iterate (
iterate): Intended for iterative application development. -
Build (
build): Intended for the transformation of source revisions to workload revisions. Specifically, hosting workloads and SupplyChains. -
Run (
run): Intended for the transformation of workload revisions to running pods. Specifically, hosting deliveries and deliverables. -
View (
view): Intended for instances of applications related to centralized developer experiences. Specifically, Tanzu Application Platform GUI and Metadata Store.
The following table lists the packages contained in each profile:
| Capability Name | Full | Iterate | Build | Run | View |
| API Auto Registration | ✓ | ✓ | ✓ | ||
| API Portal | ✓ | ✓ | |||
| Application Accelerator | ✓ | ✓ | |||
| Application Live View (Build) | ✓ | ✓ | ✓ | ||
| Application Live View (Run) | ✓ | ✓ | ✓ | ||
| Application Live View GUI Backend | ✓ | ✓ | |||
| Application Single Sign-On | ✓ | ✓ | ✓ | ||
| Cloud Native Runtimes | ✓ | ✓ | ✓ | ||
| Convention Controller | ✓ | ✓ | ✓ | ||
| Default Roles | ✓ | ✓ | ✓ | ✓ | |
| Developer Conventions | ✓ | ✓ | |||
| Eventing | ✓ | ✓ | ✓ | ||
| Flux Source Controller | ✓ | ✓ | ✓ | ✓ | ✓ |
| Grype | ✓ | ✓ | |||
| Learning Center | ✓ | ✓ | |||
| Out of the Box Delivery - Basic | ✓ | ✓ | ✓ | ||
| Out of the Box Supply Chain - Basic | ✓ | ✓ | ✓ | ||
| Out of the Box Supply Chain - Testing | ✓ | ✓ | ✓ | ||
| Out of the Box Supply Chain - Testing and Scanning | ✓ | ✓ | |||
| Out of the Box Templates | ✓ | ✓ | ✓ | ✓ | |
| Service Bindings | ✓ | ✓ | ✓ | ||
| Services Toolkit | ✓ | ✓ | ✓ | ||
| Source Controller | ✓ | ✓ | ✓ | ✓ | ✓ |
| Spring Boot Convention | ✓ | ✓ | ✓ | ||
| Supply Chain Choreographer | ✓ | ✓ | ✓ | ✓ | |
| Supply Chain Security Tools - Policy Controller | ✓ | ✓ | ✓ | ||
| Supply Chain Security Tools - Scan | ✓ | ✓ | |||
| Supply Chain Security Tools - Sign (deprecated) | ✓ | ✓ | ✓ | ||
| Supply Chain Security Tools - Store | ✓ | ✓ | |||
| Tanzu Build Service | ✓ | ✓ | ✓ | ||
| Tanzu Application Platform GUI | ✓ | ✓ | |||
| Tekton Pipelines | ✓ | ✓ | ✓ | ||
| Telemetry | ✓ | ✓ | ✓ | ✓ | ✓ |
* Only one supply chain should be installed at any given time. For information on switching from one supply chain to another, see Add testing and security scanning to your application.
The following table shows the languages and frameworks that are supported by Tanzu Application Platform components.
| Language or Framework | Tanzu Build Service | Runtime Conventions | Tanzu Developer Tooling \*\* | Application Live View for VMware Tanzu | Functions | Extended Scanning Coverage using Anchore Grype \*\*\* | Application Accelerators for VMware Tanzu |
| Java | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Spring Boot | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| .NET Core | ✓ | ✓ | |||||
| Steeltoe | ✓ | ✓ | |||||
| NodeJS | ✓ | ✓ | |||||
| Python | ✓ | ✓ | ✓ | ||||
| Golang | ✓ | ✓ | |||||
| PHP | ✓ | ||||||
| Ruby | ✓ | ✓ |
** Tanzu Developer Tooling refers to the developer conventions that enable debugging and Live Update functionality in the inner loop.
*** Extended Scanning Coverage: Supply Chain Security Tools - Scan and Store using Anchore Grype. Out of the Box Tanzu Application Platform scanning leverages a tool by Anchore called Grype. Grype provides standard CVE scanning support for a wide variety of languages. However, if you use Tanzu Build Service to build application images by using a buildpack that produces a Bill of Materials in the Syft format, Tanzu Application Platform scanning can provide a more comprehensive scan of the application image.
To install the Tanzu Application Platform profiles, see Installing the Tanzu Application Platform package and profiles.