What is Cartographer and how it helps in secure software supply chain? (Quick Introduction)

What is Cartographer?

Cartographer allows users (both Developer and Application Operators) to define all of the steps that an application must go through to create an image, Kubernetes configuration and Deploy. Users achieve this with the Software Supply Chain abstraction provided by Cartographer.

So, What is Supply Chain?

The supply chain consists of components that are specified via Templates. Each template acts as a wrapper for existing Kubernetes resources and allows them to be used with Cartographer. There are currently four different types of templates that can be use in a Cartographer supply chain:

By design, supply chains can be reused by many workloads. Refer below picture to understand how supply chain is used.

As you can see in above picture, Supply chain have few components (specified above) and they drive the application build, security and deployment. Developer defines the workload (a Kubernetes CRD) that defines where is the source code and then rest is taken care by supply chain components.

A snippet from workload definition:

spec:
  source:
    git:
      ref:
        branch: main
      url: https://github.com/kontinue/hello-world

For more information, Here are some handy links.

More info about Cartographer: https://cartographer.sh/docs/v0.0.6/

Cartographer github repo: https://github.com/vmware-tanzu/cartographer

Installing Cartographer: https://cartographer.sh/docs/v0.0.6/install/

In the next blog, i will cover the installation and creating a secure supply chain.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s