Tanzu Build Service(TBS) を利用してみる - その1
「Tanzu Kubernetes Grid 上に Tanzu Build Service をインストールする」でデプロイしたTanzu Build Service(TBS) 環境を利用してみたので、そのメモです。
前提
- TBS が利用出来る事
手順
TBS のAPI リソースを確認する
「Tanzu Build Service を使ってコンテナイメージを作成する」でも確認していますが、改めて確認してみます。
$ kubectl api-resources |grep kpack
builders bldr,bldrs kpack.io/v1alpha1 true Builder
builds cnbbuild,cnbbuilds,bld,blds kpack.io/v1alpha1 true Build
clusterbuilders clstbldr,clstbldrs kpack.io/v1alpha1 false ClusterBuilder
clusterstacks kpack.io/v1alpha1 false ClusterStack
clusterstores kpack.io/v1alpha1 false ClusterStore
images cnbimage,cnbimages,img,imgs kpack.io/v1alpha1 true Image
sourceresolvers kpack.io/v1alpha1 true SourceResolver
TBS で作成したイメージを確認する
TBS で作成したイメージを確認してみます。
$ kp image list -A
NAME READY LATEST REASON LATEST IMAGE NAMESPACE
spring-petclinic True CONFIG harbor2.<MYDOMAIN>/tanzu/spring-petclinic@sha256:78f1a6620889e880037118cf03ca626b271b4f02d433deaae4d2c2cbadbb27ba demo
$ kubectl describe images.kpack.io spring-petclinic -n demo
Name: spring-petclinic
Namespace: demo
Labels: <none>
Annotations: <none>
API Version: kpack.io/v1alpha1
Kind: Image
Metadata:
Creation Timestamp: 2021-03-14T05:33:52Z
Generation: 1
Managed Fields:
API Version: kpack.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:build:
.:
f:resources:
f:builder:
.:
f:kind:
f:name:
f:serviceAccount:
f:source:
.:
f:registry:
.:
f:image:
f:tag:
Manager: kp
Operation: Update
Time: 2021-03-14T05:33:52Z
API Version: kpack.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:buildCacheName:
f:buildCounter:
f:conditions:
f:latestBuildImageGeneration:
f:latestBuildReason:
f:latestBuildRef:
f:latestImage:
f:observedGeneration:
Manager: controller
Operation: Update
Time: 2021-03-16T09:23:35Z
Resource Version: 1199457
Self Link: /apis/kpack.io/v1alpha1/namespaces/demo/images/spring-petclinic
UID: 3ae9dccd-e9aa-41d7-b442-253e892d9bc2
Spec:
Build:
Resources:
Builder:
Kind: ClusterBuilder
Name: default
Cache Size: 2G
Failed Build History Limit: 10
Image Tagging Strategy: BuildNumber
Service Account: default
Source:
Registry:
Image: harbor2.<MYDOMAIN>/tanzu/spring-petclinic-source@sha256:2743063f15ed963aa5dd47df7795f5b9d16c952f08fc2b23b0eb1ad8cbef2964
Success Build History Limit: 10
Tag: harbor2.<MYDOMAIN>/tanzu/spring-petclinic
Status:
Build Cache Name: spring-petclinic-cache
Build Counter: 2
Conditions:
Last Transition Time: 2021-03-16T09:23:35Z
Status: False
Type: Ready
Last Transition Time: 2021-03-16T09:23:35Z
Status: True
Type: BuilderReady
Latest Build Image Generation: 1
Latest Build Reason: TRIGGER
Latest Build Ref: spring-petclinic-build-2-bsr47
Latest Image: harbor2.<MYDOMAIN>/tanzu/spring-petclinic@sha256:78f1a6620889e880037118cf03ca626b271b4f02d433deaae4d2c2cbadbb27ba
Observed Generation: 1
Events: <none>
上の出力結果の
spec.Builder から使われているClusterBuilder はdefault と分かると思います。ClusterBuilder を確認してみます。
$ kubectl describe clusterbuilders.kpack.io default
Name: default
Namespace:
Labels: <none>
Annotations: kpack.io/import-timestamp: 2021-03-14T05:01:07Z
API Version: kpack.io/v1alpha1
Kind: ClusterBuilder
Metadata:
Creation Timestamp: 2021-03-14T05:01:07Z
Generation: 1
Managed Fields:
API Version: kpack.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kpack.io/import-timestamp:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:order:
f:serviceAccountRef:
.:
f:name:
f:namespace:
f:stack:
.:
f:kind:
f:name:
f:store:
.:
f:kind:
f:name:
f:tag:
Manager: kp
Operation: Update
Time: 2021-03-14T05:01:07Z
API Version: kpack.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:builderMetadata:
f:conditions:
f:latestImage:
f:observedGeneration:
f:observedStackGeneration:
f:observedStoreGeneration:
f:order:
f:os:
f:stack:
.:
f:id:
f:runImage:
Manager: controller
Operation: Update
Time: 2021-03-14T05:01:10Z
Resource Version: 357970
Self Link: /apis/kpack.io/v1alpha1/clusterbuilders/default
UID: 2e1dd14e-b924-4f84-b7cf-6182392a0828
Spec:
Order:
Group:
Id: tanzu-buildpacks/dotnet-core
Group:
Id: tanzu-buildpacks/nodejs
Group:
Id: tanzu-buildpacks/go
Group:
Id: tanzu-buildpacks/php
Group:
Id: tanzu-buildpacks/nginx
Group:
Id: tanzu-buildpacks/httpd
Group:
Id: tanzu-buildpacks/java-native-image
Group:
Id: tanzu-buildpacks/java
Group:
Id: paketo-buildpacks/procfile
Service Account Ref:
Name: canonical-registry-serviceaccount
Namespace: kpack
Stack:
Kind: ClusterStack
Name: base
Store:
Kind: ClusterStore
Name: default
Tag: harbor2.<MYDOMAIN>/tanzu/tbs/default
Status:
Builder Metadata:
Homepage: https://github.com/paketo-buildpacks/graalvm
Id: paketo-buildpacks/graalvm
Version: 4.0.0
Homepage: https://github.com/paketo-buildpacks/bellsoft-liberica
Id: paketo-buildpacks/bellsoft-liberica
Version: 6.0.0
Id: tanzu-buildpacks/go-dist
Version: 0.1.3
Id: tanzu-buildpacks/php-dist
Version: 0.0.44
Id: tanzu-buildpacks/dotnet-core-sdk
Version: 0.0.22
Id: tanzu-buildpacks/node-engine
Version: 0.1.1
Id: tanzu-buildpacks/node-engine
Version: 0.1.2
Homepage: https://github.com/pivotal-cf/tanzu-apache-skywalking
Id: tanzu-buildpacks/apache-skywalking
Version: 2.4.1
Id: tanzu-buildpacks/dotnet-core-runtime
Version: 0.0.30
Homepage: https://github.com/pivotal-cf/tanzu-jprofiler
Id: tanzu-buildpacks/jprofiler
Version: 2.2.1
Homepage: https://github.com/paketo-buildpacks/gradle
Id: paketo-buildpacks/gradle
Version: 3.5.0
Homepage: https://github.com/pivotal-cf/tanzu-appdynamics
Id: tanzu-buildpacks/appdynamics
Version: 2.11.0
Id: tanzu-buildpacks/dotnet-core-aspnet
Version: 0.0.24
Homepage: https://github.com/pivotal-cf/tanzu-new-relic
Id: tanzu-buildpacks/new-relic
Version: 2.9.0
Homepage: https://github.com/pivotal-cf/tanzu-overops
Id: tanzu-buildpacks/overops
Version: 2.7.0
Homepage: https://github.com/paketo-buildpacks/apache-tomcat
Id: paketo-buildpacks/apache-tomcat
Version: 3.2.0
Id: tanzu-buildpacks/icu
Version: 0.0.9
Homepage: https://github.com/pivotal-cf/tanzu-jrebel
Id: tanzu-buildpacks/jrebel
Version: 2.6.0
Homepage: https://github.com/paketo-buildpacks/sbt
Id: paketo-buildpacks/sbt
Version: 3.6.0
Homepage: https://github.com/paketo-buildpacks/azure-application-insights
Id: paketo-buildpacks/azure-application-insights
Version: 3.0.0
Id: tanzu-buildpacks/httpd
Version: 0.0.40
Id: tanzu-buildpacks/httpd
Version: 0.0.39
Homepage: https://github.com/pivotal-cf/tanzu-contrast-security
Id: tanzu-buildpacks/contrast-security
Version: 2.8.0
Id: tanzu-buildpacks/nginx
Version: 0.0.46
Id: tanzu-buildpacks/nginx
Version: 0.0.48
Homepage: https://github.com/paketo-buildpacks/maven
Id: paketo-buildpacks/maven
Version: 3.2.1
Homepage: https://github.com/pivotal-cf/tanzu-elastic-apm
Id: tanzu-buildpacks/elastic-apm
Version: 2.7.0
Id: tanzu-buildpacks/php-web
Version: 0.0.25
Homepage: https://github.com/paketo-buildpacks/google-stackdriver
Id: paketo-buildpacks/google-stackdriver
Version: 2.14.0
Id: tanzu-buildpacks/dep
Version: 0.0.10
Homepage: https://github.com/pivotal-cf/tanzu-yourkit
Id: tanzu-buildpacks/yourkit
Version: 2.7.0
Id: tanzu-buildpacks/php-composer
Version: 0.0.31
Id: tanzu-buildpacks/yarn
Version: 0.0.2
Homepage: https://github.com/pivotal-cf/tanzu-dynatrace
Id: tanzu-buildpacks/dynatrace
Version: 2.1.3
Homepage: https://github.com/pivotal-cf/tanzu-jacoco
Id: tanzu-buildpacks/jacoco
Version: 2.3.1
Homepage: https://github.com/paketo-buildpacks/spring-boot
Id: paketo-buildpacks/spring-boot
Version: 3.5.0
Id: tanzu-buildpacks/yarn-install
Version: 0.1.2
Homepage: https://github.com/pivotal-cf/tanzu-synopsys
Id: tanzu-buildpacks/synopsys
Version: 2.2.1
Homepage: https://github.com/pivotal-cf/tanzu-checkmarx
Id: tanzu-buildpacks/checkmarx
Version: 2.1.3
Homepage: https://github.com/paketo-buildpacks/ca-certificates
Id: paketo-buildpacks/ca-certificates
Version: 1.0.1
Homepage: https://github.com/paketo-buildpacks/encrypt-at-rest
Id: paketo-buildpacks/encrypt-at-rest
Version: 2.2.3
Homepage: https://github.com/paketo-buildpacks/debug
Id: paketo-buildpacks/debug
Version: 2.1.4
Homepage: https://github.com/paketo-buildpacks/jmx
Id: paketo-buildpacks/jmx
Version: 2.1.4
Homepage: https://github.com/paketo-buildpacks/leiningen
Id: paketo-buildpacks/leiningen
Version: 1.2.1
Homepage: https://github.com/pivotal-cf/tanzu-snyk
Id: tanzu-buildpacks/snyk
Version: 2.1.2
Homepage: https://github.com/paketo-buildpacks/spring-boot-native-image
Id: paketo-buildpacks/spring-boot-native-image
Version: 2.0.0
Homepage: https://github.com/paketo-buildpacks/executable-jar
Id: paketo-buildpacks/executable-jar
Version: 3.1.3
Id: tanzu-buildpacks/dotnet-publish
Version: 0.0.13
Id: tanzu-buildpacks/go-build
Version: 0.0.23
Homepage: https://github.com/paketo-buildpacks/environment-variables
Id: paketo-buildpacks/environment-variables
Version: 2.1.2
Homepage: https://github.com/pivotal-cf/tanzu-aspectj
Id: tanzu-buildpacks/aspectj
Version: 2.1.3
Homepage: https://github.com/paketo-buildpacks/procfile
Id: paketo-buildpacks/procfile
Version: 3.0.0
Homepage: https://github.com/paketo-buildpacks/dist-zip
Id: paketo-buildpacks/dist-zip
Version: 2.2.2
Homepage: https://github.com/paketo-buildpacks/image-labels
Id: paketo-buildpacks/image-labels
Version: 2.0.6
Id: tanzu-buildpacks/dotnet-execute
Version: 0.0.28
Id: tanzu-buildpacks/npm-install
Version: 0.1.1
Id: tanzu-buildpacks/dep-ensure
Version: 0.0.29
Id: tanzu-buildpacks/yarn-start
Version: 0.0.4
Id: tanzu-buildpacks/npm-start
Version: 0.0.2
Id: tanzu-buildpacks/go-mod-vendor
Version: 0.0.26
Id: tanzu-buildpacks/node-start
Version: 0.0.3
Homepage: https://github.com/pivotal-cf/tanzu-java
Id: tanzu-buildpacks/java
Version: 4.1.0
Homepage: https://github.com/pivotal-cf/tanzu-java-native-image
Id: tanzu-buildpacks/java-native-image
Version: 3.10.0
Id: tanzu-buildpacks/dotnet-core
Version: 0.0.7
Id: tanzu-buildpacks/nodejs
Version: 1.2.3
Id: tanzu-buildpacks/php
Version: 0.0.5
Id: tanzu-buildpacks/go
Version: 1.0.9
Conditions:
Last Transition Time: 2021-03-14T05:01:10Z
Status: True
Type: Ready
Latest Image: harbor2.<MYDOMAIN>/tanzu/tbs/default@sha256:e5bceac410f63800c0b56eb58b0e9db689165321cc78d8b856a12133da5095fe
Observed Generation: 1
Observed Stack Generation: 1
Observed Store Generation: 1
Order:
Group:
Id: tanzu-buildpacks/dotnet-core
Version: 0.0.7
Group:
Id: tanzu-buildpacks/nodejs
Version: 1.2.3
Group:
Id: tanzu-buildpacks/go
Version: 1.0.9
Group:
Id: tanzu-buildpacks/php
Version: 0.0.5
Group:
Id: tanzu-buildpacks/nginx
Version: 0.0.48
Group:
Id: tanzu-buildpacks/httpd
Version: 0.0.40
Group:
Id: tanzu-buildpacks/java-native-image
Version: 3.10.0
Group:
Id: tanzu-buildpacks/java
Version: 4.1.0
Group:
Id: paketo-buildpacks/procfile
Version: 3.0.0
Os: linux
Stack:
Id: io.buildpacks.stacks.bionic
Run Image: harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:64b97816ff8e96bfacd804bb994f76c93d210cee8f726ce7bdad4a1a4e858e7f
Events: <none>
TBS のベースイメージを更新する
ClusterStack のbase を更新してみます。base は、spring-petclinic イメージで利用されているClusterStack になります。ですので、base を更新すると、TBS がそれを検知し、spring-petclinic で利用しているベースOSイメージ(stack)のみを更新します(Rebase)。この機能により、Platform 側で
ClusterStack を更新する事で、コンテナイメージをDeveloper 側の稼働を費やす事なく、セキュアに保つ事が出来ます。この記事では1つのイメージだけしかありませんが、対象が多く、適切にガバナンスを利かしたいエンタープライズユースケースでは有用な機能かと思います。
descriptor-100.0.61 にはClusterStack の更新が含まれているので、今回はこちらを利用します。registry.pivotal.io から直接イメージを更新するため、事前にVMware Tanzu Network にログインしておきます。$ docker login registry.pivotal.io -u <vmware-tanzu-network-user>
VMware Tanzu Network に記載のあるコマンドを実行します。実際
ClusterStack を更新する際は、公式ドキュメントの「Tanzu Build Service - Updating Build Service Dependencies」を確認して下さい。また、air-gapped 環境におけるアップデート手順も用意されていますので、環境に応じて参照してみて下さい。$ kp clusterstack update base --build-image registry.pivotal.io/tbs-dependencies/build-base@sha256:a6b7409c156a2b52f843f749fed91a07c569b663a526906c2dfee89859d31164 --run-image registry.pivotal.io/tbs-dependencies/run-base@sha256:4944b79a3c228cb08ed29f4addb4382c26b3b49c9abdcb66a183a0b7851f7e39
Updating ClusterStack...
Uploading to 'harbor2.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:a6b7409c156a2b52f843f749fed91a07c569b663a526906c2dfee89859d31164'
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:4944b79a3c228cb08ed29f4addb4382c26b3b49c9abdcb66a183a0b7851f7e39'
ClusterStack "base" updated
spring-petclinic イメージを確認してみます。利用しているClusterStack が更新された事をトリガーに新しいイメージがビルドされている事が分かります。$ kp build list -n demo
BUILD STATUS IMAGE REASON
1 SUCCESS harbor2.<MYDOMAIN>/tanzu/spring-petclinic@sha256:78f1a6620889e880037118cf03ca626b271b4f02d433deaae4d2c2cbadbb27ba CONFIG
2 BUILDING STACK
$ kp build list -n demo
BUILD STATUS IMAGE REASON
1 SUCCESS harbor2.<MYDOMAIN>/tanzu/spring-petclinic@sha256:78f1a6620889e880037118cf03ca626b271b4f02d433deaae4d2c2cbadbb27ba CONFIG
2 SUCCESS harbor2.<MYDOMAIN>/tanzu/spring-petclinic@sha256:ec63dc8345669ffd18eb2c9ca8c93f68f40ff486701e3cda663924ee2d0f6230 STACK
Harbor 側でも確認してみます。イメージスキャニングをしましたが、脆弱性周りでの改善はされていないようです。
ClusterBuilder を更新する
上の手順では、
ClusterStack のbase のみを更新しましたが、他のClusterStack、ClusterStore 含め更新してみます。この環境は、
descriptor-100.0.60 を用いて構築しているので、descriptor-100.0.61 を利用して、TBS のClusterBuilder(ClusterStack + ClusterStore)を更新してみます。手順としては、TBS デプロイ時に利用したコマンドと同じものを利用します。
$ kp import -f descriptor-100.0.61.yaml
Importing ClusterStore 'default'...
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_go@sha256:64ba98089642bdb1ae22fde9b12fb905e0034a2e99c4564249bbc5190dcef8f9'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_java@sha256:9c03a98642c39daad05a7803ee00ee6543aa0561cb18da169ac2d7f24a73b792'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_nodejs@sha256:19bdfcee5d5cedeb5ad9fd704d52b21be286e5ce3a5c3b8cabc30204f490f8d4'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_java-native-image@sha256:6aa4a1904362624ee5937271e05fdeaa4669ac4fed808346327927c3090e280e'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_dotnet-core@sha256:303675080e1220af51fa08c7d20ba87fb7f4c662ceb756c6333fe01dec61adc1'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_php@sha256:fd5abb334f4adbcf46f42977992af145db04fb262d4c516ff4264f94e1fcd689'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_nginx@sha256:e67d5cd2e5240a9eb7a899b9b5d979ad85d0cf6c8182e15424516dac9f577371'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_httpd@sha256:34989fb8e264ccaea7916a9017b306d621b017920f71439fc515164ac0484cf5'
Buildpackage already exists in the store
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/paketo-buildpacks_procfile@sha256:bf6a4265db23ae25b34d402cd24e04c36dccdf24d6a6b9297f1d154a9d0b8062'
Added Buildpackage
Importing ClusterStack 'tiny'...
Uploading to 'harbor2.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:64d500ca33238ffedafdb4e990522b23639c7088721c6975bd632fc16a1f2319'
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:4b3b0cbe8b9bd6e68f6f8c681eae7189e99323540ff152e10fb38e4875280900'
Importing ClusterStack 'base'...
Uploading to 'harbor2.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:a6b7409c156a2b52f843f749fed91a07c569b663a526906c2dfee89859d31164'
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:4944b79a3c228cb08ed29f4addb4382c26b3b49c9abdcb66a183a0b7851f7e39'
Importing ClusterStack 'full'...
Uploading to 'harbor2.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:c3136dec66307645a3f0809cb732bee4fcd72fe1ba65c555367b054eaf14c602'
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:ec9ef0c4230f337b400574db726ed13c0d5407d87978d2bd14a27d9725cac16b'
Importing ClusterStack 'default'...
Uploading to 'harbor2.<MYDOMAIN>/tanzu/tbs'...
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:a6b7409c156a2b52f843f749fed91a07c569b663a526906c2dfee89859d31164'
Uploading 'harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:4944b79a3c228cb08ed29f4addb4382c26b3b49c9abdcb66a183a0b7851f7e39'
Importing ClusterBuilder 'base'...
Importing ClusterBuilder 'full'...
Importing ClusterBuilder 'tiny'...
Importing ClusterBuilder 'default'...
Imported resources
ClusterBuilder, ClusterStack, ClusterStore を確認してみます。$ kp clusterbuilder status default
Status: Ready
Image: harbor2.<MYDOMAIN>/tanzu/tbs/default@sha256:745d2ac19b448caccd5f1307ef0d587306871c00caedae6c7f0080d585cd0e1c
Stack: io.buildpacks.stacks.bionic
Run Image: harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:4944b79a3c228cb08ed29f4addb4382c26b3b49c9abdcb66a183a0b7851f7e39
BUILDPACK ID VERSION HOMEPAGE
paketo-buildpacks/graalvm 4.0.0 https://github.com/paketo-buildpacks/graalvm
paketo-buildpacks/bellsoft-liberica 6.0.0 https://github.com/paketo-buildpacks/bellsoft-liberica
tanzu-buildpacks/go-dist 0.1.3
tanzu-buildpacks/php-dist 0.0.44
tanzu-buildpacks/dotnet-core-sdk 0.0.22
tanzu-buildpacks/node-engine 0.1.1
tanzu-buildpacks/node-engine 0.1.2
tanzu-buildpacks/apache-skywalking 2.4.1 https://github.com/pivotal-cf/tanzu-apache-skywalking
tanzu-buildpacks/dotnet-core-runtime 0.0.30
tanzu-buildpacks/jprofiler 2.2.1 https://github.com/pivotal-cf/tanzu-jprofiler
paketo-buildpacks/gradle 3.5.0 https://github.com/paketo-buildpacks/gradle
tanzu-buildpacks/appdynamics 2.11.0 https://github.com/pivotal-cf/tanzu-appdynamics
tanzu-buildpacks/dotnet-core-aspnet 0.0.24
tanzu-buildpacks/new-relic 2.9.0 https://github.com/pivotal-cf/tanzu-new-relic
tanzu-buildpacks/overops 2.7.0 https://github.com/pivotal-cf/tanzu-overops
paketo-buildpacks/apache-tomcat 3.2.0 https://github.com/paketo-buildpacks/apache-tomcat
tanzu-buildpacks/icu 0.0.9
tanzu-buildpacks/jrebel 2.6.0 https://github.com/pivotal-cf/tanzu-jrebel
paketo-buildpacks/sbt 3.6.0 https://github.com/paketo-buildpacks/sbt
paketo-buildpacks/azure-application-insights 3.0.0 https://github.com/paketo-buildpacks/azure-application-insights
tanzu-buildpacks/httpd 0.0.40
tanzu-buildpacks/httpd 0.0.39
tanzu-buildpacks/contrast-security 2.8.0 https://github.com/pivotal-cf/tanzu-contrast-security
tanzu-buildpacks/nginx 0.0.46
tanzu-buildpacks/nginx 0.0.48
paketo-buildpacks/maven 3.2.1 https://github.com/paketo-buildpacks/maven
tanzu-buildpacks/elastic-apm 2.7.0 https://github.com/pivotal-cf/tanzu-elastic-apm
tanzu-buildpacks/php-web 0.0.25
paketo-buildpacks/google-stackdriver 2.14.0 https://github.com/paketo-buildpacks/google-stackdriver
tanzu-buildpacks/dep 0.0.10
tanzu-buildpacks/yourkit 2.7.0 https://github.com/pivotal-cf/tanzu-yourkit
tanzu-buildpacks/php-composer 0.0.31
tanzu-buildpacks/yarn 0.0.2
tanzu-buildpacks/dynatrace 2.1.3 https://github.com/pivotal-cf/tanzu-dynatrace
tanzu-buildpacks/jacoco 2.3.1 https://github.com/pivotal-cf/tanzu-jacoco
paketo-buildpacks/spring-boot 3.5.0 https://github.com/paketo-buildpacks/spring-boot
tanzu-buildpacks/yarn-install 0.1.2
tanzu-buildpacks/synopsys 2.2.1 https://github.com/pivotal-cf/tanzu-synopsys
tanzu-buildpacks/checkmarx 2.1.3 https://github.com/pivotal-cf/tanzu-checkmarx
paketo-buildpacks/ca-certificates 1.0.1 https://github.com/paketo-buildpacks/ca-certificates
paketo-buildpacks/encrypt-at-rest 2.2.3 https://github.com/paketo-buildpacks/encrypt-at-rest
paketo-buildpacks/debug 2.1.4 https://github.com/paketo-buildpacks/debug
paketo-buildpacks/jmx 2.1.4 https://github.com/paketo-buildpacks/jmx
paketo-buildpacks/leiningen 1.2.1 https://github.com/paketo-buildpacks/leiningen
tanzu-buildpacks/snyk 2.1.2 https://github.com/pivotal-cf/tanzu-snyk
paketo-buildpacks/spring-boot-native-image 2.0.0 https://github.com/paketo-buildpacks/spring-boot-native-image
paketo-buildpacks/executable-jar 3.1.3 https://github.com/paketo-buildpacks/executable-jar
tanzu-buildpacks/dotnet-publish 0.0.13
tanzu-buildpacks/go-build 0.0.23
paketo-buildpacks/environment-variables 2.1.2 https://github.com/paketo-buildpacks/environment-variables
tanzu-buildpacks/aspectj 2.1.3 https://github.com/pivotal-cf/tanzu-aspectj
paketo-buildpacks/procfile 3.0.0 https://github.com/paketo-buildpacks/procfile
paketo-buildpacks/dist-zip 2.2.2 https://github.com/paketo-buildpacks/dist-zip
paketo-buildpacks/image-labels 2.0.6 https://github.com/paketo-buildpacks/image-labels
tanzu-buildpacks/dotnet-execute 0.0.28
tanzu-buildpacks/npm-install 0.1.1
tanzu-buildpacks/dep-ensure 0.0.29
tanzu-buildpacks/yarn-start 0.0.4
tanzu-buildpacks/npm-start 0.0.2
tanzu-buildpacks/go-mod-vendor 0.0.26
tanzu-buildpacks/node-start 0.0.3
tanzu-buildpacks/java 4.1.0 https://github.com/pivotal-cf/tanzu-java
tanzu-buildpacks/java-native-image 3.10.0 https://github.com/pivotal-cf/tanzu-java-native-image
tanzu-buildpacks/dotnet-core 0.0.7
tanzu-buildpacks/nodejs 1.2.3
tanzu-buildpacks/php 0.0.5
tanzu-buildpacks/go 1.0.9
DETECTION ORDER
Group #1
tanzu-buildpacks/dotnet-core@0.0.7
Group #2
tanzu-buildpacks/nodejs@1.2.3
Group #3
tanzu-buildpacks/go@1.0.9
Group #4
tanzu-buildpacks/php@0.0.5
Group #5
tanzu-buildpacks/nginx@0.0.48
Group #6
tanzu-buildpacks/httpd@0.0.40
Group #7
tanzu-buildpacks/java-native-image@3.10.0
Group #8
tanzu-buildpacks/java@4.1.0
Group #9
paketo-buildpacks/procfile@3.0.0
$ kp clusterstack list
NAME READY ID
base True io.buildpacks.stacks.bionic
default True io.buildpacks.stacks.bionic
full True io.buildpacks.stacks.bionic
tiny True io.paketo.stacks.tiny
$ kp clusterstack status base
Status: Ready
Id: io.buildpacks.stacks.bionic
Run Image: harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:4944b79a3c228cb08ed29f4addb4382c26b3b49c9abdcb66a183a0b7851f7e39
Build Image: harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:a6b7409c156a2b52f843f749fed91a07c569b663a526906c2dfee89859d31164
$ kp clusterstack status default
Status: Ready
Id: io.buildpacks.stacks.bionic
Run Image: harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:64b97816ff8e96bfacd804bb994f76c93d210cee8f726ce7bdad4a1a4e858e7f
Build Image: harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:f2b6d8e5f674a687131468640c50e3405ab6bb66ab820a0264635a0a1a35265d
$ kp clusterstack status full
Status: Ready
Id: io.buildpacks.stacks.bionic
Run Image: harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:26cf2ed7fbb994d6347de901fdddc12decfe37d3f9f38c7b3404c46533a90e32
Build Image: harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:6f8c43753d908ca737f1620fb4a7a63bae392a4674f5ddfc9ac362b9cd6b4fab
$ kp clusterstack status tiny
Status: Ready
Id: io.paketo.stacks.tiny
Run Image: harbor2.<MYDOMAIN>/tanzu/tbs/run@sha256:1b36a50f20b3ba648d427e6dcd813c35fee99034f479c503ad104b58f2de3c2d
Build Image: harbor2.<MYDOMAIN>/tanzu/tbs/build@sha256:0e17e2dcbf4c4eb1fe15a113619a53847dc3ebf9276d6535d2abb9c9e5e60493
$ kp clusterstore list
NAME READY
default True
$ kp clusterstore status default
Status: Ready
BUILDPACKAGE ID VERSION HOMEPAGE
paketo-buildpacks/procfile 2.0.2 https://github.com/paketo-buildpacks/procfile
tanzu-buildpacks/dotnet-core 0.0.7
tanzu-buildpacks/go 1.0.9
tanzu-buildpacks/httpd 0.0.40
tanzu-buildpacks/java 4.1.0 https://github.com/pivotal-cf/tanzu-java
tanzu-buildpacks/java-native-image 3.10.0 https://github.com/pivotal-cf/tanzu-java-native-image
tanzu-buildpacks/nginx 0.0.48
tanzu-buildpacks/nodejs 1.2.3
tanzu-buildpacks/php 0.0.5
$ kp clusterstore status default -v
Status: Ready
Buildpackage: paketo-buildpacks/procfile@2.0.2
Image: harbor2.<MYDOMAIN>/tanzu/tbs/paketo-buildpacks_procfile@sha256:861d9c93924dd1db3fbe6663754da603398931cdc4dee3da5c057ffa65cb383d
Homepage: https://github.com/paketo-buildpacks/procfile
BUILDPACK ID VERSION HOMEPAGE
DETECTION ORDER
Buildpackage: tanzu-buildpacks/dotnet-core@0.0.7
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_dotnet-core@sha256:303675080e1220af51fa08c7d20ba87fb7f4c662ceb756c6333fe01dec61adc1
Homepage: --
BUILDPACK ID VERSION HOMEPAGE
tanzu-buildpacks/dotnet-core-aspnet 0.0.24
tanzu-buildpacks/dotnet-core-runtime 0.0.30
tanzu-buildpacks/dotnet-core-sdk 0.0.22
tanzu-buildpacks/dotnet-execute 0.0.28
tanzu-buildpacks/dotnet-publish 0.0.13
tanzu-buildpacks/icu 0.0.9
tanzu-buildpacks/node-engine 0.1.1
DETECTION ORDER
Group #1
tanzu-buildpacks/node-engine (Optional)
tanzu-buildpacks/icu (Optional)
tanzu-buildpacks/dotnet-core-runtime (Optional)
tanzu-buildpacks/dotnet-core-aspnet (Optional)
tanzu-buildpacks/dotnet-core-sdk (Optional)
tanzu-buildpacks/dotnet-publish (Optional)
tanzu-buildpacks/dotnet-execute
Buildpackage: tanzu-buildpacks/go@1.0.9
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_go@sha256:64ba98089642bdb1ae22fde9b12fb905e0034a2e99c4564249bbc5190dcef8f9
Homepage: --
BUILDPACK ID VERSION HOMEPAGE
tanzu-buildpacks/dep-ensure 0.0.29
tanzu-buildpacks/dep 0.0.10
tanzu-buildpacks/go-build 0.0.23
tanzu-buildpacks/go-dist 0.1.3
tanzu-buildpacks/go-mod-vendor 0.0.26
DETECTION ORDER
Group #1
tanzu-buildpacks/go-dist
tanzu-buildpacks/go-mod-vendor
tanzu-buildpacks/go-build
Group #2
tanzu-buildpacks/go-dist
tanzu-buildpacks/dep
tanzu-buildpacks/dep-ensure
tanzu-buildpacks/go-build
Group #3
tanzu-buildpacks/go-dist
tanzu-buildpacks/go-build
Buildpackage: tanzu-buildpacks/httpd@0.0.40
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_httpd@sha256:34989fb8e264ccaea7916a9017b306d621b017920f71439fc515164ac0484cf5
Homepage: --
BUILDPACK ID VERSION HOMEPAGE
DETECTION ORDER
Buildpackage: tanzu-buildpacks/java-native-image@3.10.0
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_java-native-image@sha256:6aa4a1904362624ee5937271e05fdeaa4669ac4fed808346327927c3090e280e
Homepage: https://github.com/pivotal-cf/tanzu-java-native-image
BUILDPACK ID VERSION HOMEPAGE
paketo-buildpacks/environment-variables 2.1.2 https://github.com/paketo-buildpacks/environment-variables
paketo-buildpacks/executable-jar 3.1.3 https://github.com/paketo-buildpacks/executable-jar
paketo-buildpacks/graalvm 4.0.0 https://github.com/paketo-buildpacks/graalvm
paketo-buildpacks/gradle 3.5.0 https://github.com/paketo-buildpacks/gradle
paketo-buildpacks/image-labels 2.0.6 https://github.com/paketo-buildpacks/image-labels
paketo-buildpacks/leiningen 1.2.1 https://github.com/paketo-buildpacks/leiningen
paketo-buildpacks/maven 3.2.1 https://github.com/paketo-buildpacks/maven
paketo-buildpacks/procfile 3.0.0 https://github.com/paketo-buildpacks/procfile
paketo-buildpacks/sbt 3.6.0 https://github.com/paketo-buildpacks/sbt
paketo-buildpacks/spring-boot-native-image 2.0.0 https://github.com/paketo-buildpacks/spring-boot-native-image
paketo-buildpacks/spring-boot 3.5.0 https://github.com/paketo-buildpacks/spring-boot
DETECTION ORDER
Group #1
paketo-buildpacks/graalvm
paketo-buildpacks/gradle (Optional)
paketo-buildpacks/maven (Optional)
paketo-buildpacks/leiningen (Optional)
paketo-buildpacks/sbt (Optional)
paketo-buildpacks/executable-jar (Optional)
paketo-buildpacks/spring-boot (Optional)
paketo-buildpacks/spring-boot-native-image
paketo-buildpacks/procfile (Optional)
paketo-buildpacks/environment-variables (Optional)
paketo-buildpacks/image-labels (Optional)
Buildpackage: tanzu-buildpacks/java@4.1.0
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_java@sha256:9c03a98642c39daad05a7803ee00ee6543aa0561cb18da169ac2d7f24a73b792
Homepage: https://github.com/pivotal-cf/tanzu-java
BUILDPACK ID VERSION HOMEPAGE
paketo-buildpacks/apache-tomcat 3.2.0 https://github.com/paketo-buildpacks/apache-tomcat
paketo-buildpacks/azure-application-insights 3.0.0 https://github.com/paketo-buildpacks/azure-application-insights
paketo-buildpacks/bellsoft-liberica 6.0.0 https://github.com/paketo-buildpacks/bellsoft-liberica
paketo-buildpacks/ca-certificates 1.0.1 https://github.com/paketo-buildpacks/ca-certificates
paketo-buildpacks/debug 2.1.4 https://github.com/paketo-buildpacks/debug
paketo-buildpacks/dist-zip 2.2.2 https://github.com/paketo-buildpacks/dist-zip
paketo-buildpacks/encrypt-at-rest 2.2.3 https://github.com/paketo-buildpacks/encrypt-at-rest
paketo-buildpacks/environment-variables 2.1.2 https://github.com/paketo-buildpacks/environment-variables
paketo-buildpacks/executable-jar 3.1.3 https://github.com/paketo-buildpacks/executable-jar
paketo-buildpacks/google-stackdriver 2.14.0 https://github.com/paketo-buildpacks/google-stackdriver
paketo-buildpacks/gradle 3.5.0 https://github.com/paketo-buildpacks/gradle
paketo-buildpacks/image-labels 2.0.6 https://github.com/paketo-buildpacks/image-labels
paketo-buildpacks/jmx 2.1.4 https://github.com/paketo-buildpacks/jmx
paketo-buildpacks/leiningen 1.2.1 https://github.com/paketo-buildpacks/leiningen
paketo-buildpacks/maven 3.2.1 https://github.com/paketo-buildpacks/maven
paketo-buildpacks/procfile 3.0.0 https://github.com/paketo-buildpacks/procfile
paketo-buildpacks/sbt 3.6.0 https://github.com/paketo-buildpacks/sbt
paketo-buildpacks/spring-boot 3.5.0 https://github.com/paketo-buildpacks/spring-boot
tanzu-buildpacks/apache-skywalking 2.4.1 https://github.com/pivotal-cf/tanzu-apache-skywalking
tanzu-buildpacks/appdynamics 2.11.0 https://github.com/pivotal-cf/tanzu-appdynamics
tanzu-buildpacks/aspectj 2.1.3 https://github.com/pivotal-cf/tanzu-aspectj
tanzu-buildpacks/checkmarx 2.1.3 https://github.com/pivotal-cf/tanzu-checkmarx
tanzu-buildpacks/contrast-security 2.8.0 https://github.com/pivotal-cf/tanzu-contrast-security
tanzu-buildpacks/dynatrace 2.1.3 https://github.com/pivotal-cf/tanzu-dynatrace
tanzu-buildpacks/elastic-apm 2.7.0 https://github.com/pivotal-cf/tanzu-elastic-apm
tanzu-buildpacks/jacoco 2.3.1 https://github.com/pivotal-cf/tanzu-jacoco
tanzu-buildpacks/jprofiler 2.2.1 https://github.com/pivotal-cf/tanzu-jprofiler
tanzu-buildpacks/jrebel 2.6.0 https://github.com/pivotal-cf/tanzu-jrebel
tanzu-buildpacks/new-relic 2.9.0 https://github.com/pivotal-cf/tanzu-new-relic
tanzu-buildpacks/overops 2.7.0 https://github.com/pivotal-cf/tanzu-overops
tanzu-buildpacks/snyk 2.1.2 https://github.com/pivotal-cf/tanzu-snyk
tanzu-buildpacks/synopsys 2.2.1 https://github.com/pivotal-cf/tanzu-synopsys
tanzu-buildpacks/yourkit 2.7.0 https://github.com/pivotal-cf/tanzu-yourkit
DETECTION ORDER
Group #1
paketo-buildpacks/ca-certificates (Optional)
tanzu-buildpacks/snyk (Optional)
paketo-buildpacks/bellsoft-liberica
paketo-buildpacks/gradle (Optional)
paketo-buildpacks/leiningen (Optional)
paketo-buildpacks/maven (Optional)
paketo-buildpacks/sbt (Optional)
paketo-buildpacks/executable-jar (Optional)
paketo-buildpacks/apache-tomcat (Optional)
paketo-buildpacks/dist-zip (Optional)
paketo-buildpacks/spring-boot (Optional)
paketo-buildpacks/procfile (Optional)
paketo-buildpacks/azure-application-insights (Optional)
paketo-buildpacks/debug (Optional)
paketo-buildpacks/google-stackdriver (Optional)
paketo-buildpacks/jmx (Optional)
tanzu-buildpacks/apache-skywalking (Optional)
tanzu-buildpacks/appdynamics (Optional)
tanzu-buildpacks/aspectj (Optional)
tanzu-buildpacks/checkmarx (Optional)
tanzu-buildpacks/contrast-security (Optional)
tanzu-buildpacks/dynatrace (Optional)
tanzu-buildpacks/elastic-apm (Optional)
tanzu-buildpacks/jacoco (Optional)
tanzu-buildpacks/jprofiler (Optional)
tanzu-buildpacks/jrebel (Optional)
tanzu-buildpacks/new-relic (Optional)
tanzu-buildpacks/overops (Optional)
tanzu-buildpacks/synopsys (Optional)
tanzu-buildpacks/yourkit (Optional)
paketo-buildpacks/encrypt-at-rest (Optional)
paketo-buildpacks/environment-variables (Optional)
paketo-buildpacks/image-labels (Optional)
Buildpackage: tanzu-buildpacks/nginx@0.0.48
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_nginx@sha256:e67d5cd2e5240a9eb7a899b9b5d979ad85d0cf6c8182e15424516dac9f577371
Homepage: --
BUILDPACK ID VERSION HOMEPAGE
DETECTION ORDER
Buildpackage: tanzu-buildpacks/nodejs@1.2.3
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_nodejs@sha256:19bdfcee5d5cedeb5ad9fd704d52b21be286e5ce3a5c3b8cabc30204f490f8d4
Homepage: --
BUILDPACK ID VERSION HOMEPAGE
tanzu-buildpacks/node-engine 0.1.2
tanzu-buildpacks/node-start 0.0.3
tanzu-buildpacks/npm-install 0.1.1
tanzu-buildpacks/npm-start 0.0.2
tanzu-buildpacks/yarn-install 0.1.2
tanzu-buildpacks/yarn-start 0.0.4
tanzu-buildpacks/yarn 0.0.2
DETECTION ORDER
Group #1
tanzu-buildpacks/node-engine
tanzu-buildpacks/yarn
tanzu-buildpacks/yarn-install
tanzu-buildpacks/yarn-start
Group #2
tanzu-buildpacks/node-engine
tanzu-buildpacks/npm-install
tanzu-buildpacks/npm-start
Group #3
tanzu-buildpacks/node-engine
tanzu-buildpacks/node-start
Buildpackage: tanzu-buildpacks/php@0.0.5
Image: harbor2.<MYDOMAIN>/tanzu/tbs/tanzu-buildpacks_php@sha256:fd5abb334f4adbcf46f42977992af145db04fb262d4c516ff4264f94e1fcd689
Homepage: --
BUILDPACK ID VERSION HOMEPAGE
tanzu-buildpacks/httpd 0.0.39
tanzu-buildpacks/nginx 0.0.46
tanzu-buildpacks/php-composer 0.0.31
tanzu-buildpacks/php-dist 0.0.44
tanzu-buildpacks/php-web 0.0.25
DETECTION ORDER
Group #1
tanzu-buildpacks/httpd (Optional)
tanzu-buildpacks/nginx (Optional)
tanzu-buildpacks/php-dist
tanzu-buildpacks/php-composer (Optional)
tanzu-buildpacks/php-web
ClusterStack のtiny を確認してみると、脆弱性リスクとしてHigh となっていたものがClusterBuilder の更新によって、改善されている事が分かります。
まとめ
TBS を利用し、イメージのベースOS のアップデートを実施してみました。また、
ClusterBuilder のアップデートも実施してみました。次は、TBS そのもののアップデートを実施、更に
ClusterBuilder も現在提供されている最新のものにアップデートしてみます。
