TAP 1.7 RA updates added. (#437)

IX review added.

Signed-off-by: abhishek <[email protected]>

src/reference-designs/tap-architecture-dev-components.md

@@ -34,11 +34,11 @@ The Application Accelerator user interface (UI) enables you to discover availabl
 
 ![Accelerator Architecture](img/tap-architecture-planning/accelerator-arch.jpg)
 
-Application Accelerator allows you to generate new projects from files in Git repositories. An `accelerator.yaml` file in the repository declares input options for the accelerator. Accelerator custom resources (CRs) control which repositories appear in the Application Accelerator UI. The Accelerator controller reconciles the CRs with a Flux2 Source Controller to fetch files from GitHub or GitLab. For more information, see [Tanzu Application Platform Accelerator](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/application-accelerator-about-application-accelerator.html).
+The Application Accelerator allows you to generate new projects from files in Git repositories. An `accelerator.yaml` file in the repository declares input options for the accelerator. The Accelerator custom resources (CRs) control which repositories appear in the Application Accelerator UI. The Accelerator controller reconciles the CRs with a Flux2 Source Controller to fetch files from GitHub or GitLab. For more information, see [Tanzu Application Platform Accelerator](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/application-accelerator-about-application-accelerator.html).
 
 ## API Portal
 
-API portal enables API consumers to find APIs they can use in their own applications. API portal assembles its dashboard and detailed API documentation views by ingesting OpenAPI documentation from the source URLs. For more information, see [Tanzu Application Platform API portal](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/api-portal-install-api-portal.html).
+The API portal enables API consumers to find APIs that they can use in their own applications. The API portal assembles its dashboard and detailed API documentation views by ingesting OpenAPI documentation from the source URLs. For more information, see [Tanzu Application Platform API portal](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/api-portal-install-api-portal.html).
 
 ## AppSSO
 
@@ -106,11 +106,11 @@ spec:
 
 ```
 
-The settings in `ClientRegistration` contain the redirectURL pointing to a page in the end-user application to be redirected to after successful authentication. The settings here also reference the AuthServer by its pod’s labels on behalf of the end-user application. For more information, see [Tanzu Application Platform AppSSO](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/app-sso-about.html).
+The settings in `ClientRegistration` contain the redirectURL pointing to a page in the end-user application to be redirected to after the successful authentication. The settings here also reference the AuthServer by its pod’s labels on behalf of the end-user application. For more information, see [Tanzu Application Platform AppSSO](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/app-sso-about.html).
 
 ## API Auto Registration
 
-API Auto Registration automates the registration of API specifications defined in a workload’s configuration and makes them accessible in the Tanzu Application Platform GUI without additional steps. An automated workflow, using a supply chain, leverages API Auto Registration to create and manage a Kubernetes Custom Resource (CR) of kind [APIDescriptor](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/api-auto-registration-key-concepts.html). It automatically generates and provides API specifications in OpenAPI, AsyncAPI, GraphQL, or gRPC API formats to the Tanzu Application GUI [API Documentation plugin](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/tap-gui-plugins-api-docs.html).
+The API Auto Registration automates the registration of API specifications defined in a workload’s configuration, and makes them accessible in the Tanzu Application Platform GUI without additional steps. An automated workflow, using a supply chain, leverages API Auto Registration to create and manage a Kubernetes Custom Resource (CR) of kind [APIDescriptor](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/api-auto-registration-key-concepts.html). It automatically generates and provides API specifications in OpenAPI, AsyncAPI, GraphQL, or gRPC API formats to the Tanzu Application GUI [API Documentation plugin](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/tap-gui-plugins-api-docs.html).
 
 ### Tanzu Application Platform GUI Automated Workflow
 
@@ -122,11 +122,11 @@ API Auto Registration components are installed by the `run` and `full` profiles.
 
 ### Recommendations
 
-- The API Auto Registration package configuration in `run` clusters [must be updated](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/api-auto-registration-usage.html#update-values) to include the Tanzu Application Platform GUI URL allowing it to register workload APIs into the GUI in the `view` cluster.
+- The API Auto Registration package configuration in `run` clusters [must be updated](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/api-auto-registration-usage.html#update-values) to include the Tanzu Application Platform GUI URL allowing it to register workload APIs into the GUI in the `view` cluster.
 - Workload configuration files must set the `register-api` property to true to enable this feature and include the `api_descriptor` parameter. For example: `apis.apps.tanzu.vmware.com/register-api: "true"`. 
 - To use the OpenAPI “TRY IT OUT” feature in Tanzu Application GUI, the Workload must configure Cross-origin Resource Sharing (CORS) to allow requests originating from the GUI.
 
-For more information about API Auto Registration, see [API Auto Registration](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/api-auto-registration-about.html).
+For more information about API Auto Registration, see [API Auto Registration](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/api-auto-registration-about.html).
 
 ## AppLiveView
 
@@ -208,8 +208,8 @@ grype:
 * The `view` cluster certificate and token must be extracted and set in the `build` profile to enable the scanner components to communicate with the `view` cluster where the results of scans are stored and available for inquiry.
 
 
-## CI/CD Pipelines
+## CI/CD Pipelines for Custom Supply Chain
 
-Tanzu Application Platform supports Tekton pipelines using the `tekton-pipelines package`. It allows developers to build, test, and deploy across cloud providers and on-premises systems. For more information, see [Tekton documentation](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/tekton-tekton-about.html).
+Tanzu Application Platform supports Tekton pipelines using the `tekton-pipelines package` to customize the supply chain. It allows developers to build, test, and deploy across cloud providers and on-premises systems. For more information, see [Tekton documentation](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/tekton-tekton-about.html).
 
-To learn more about all Tanzu Application Platform components, see [Component documentation](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/components.html).
+To learn more about all Tanzu Application Platform components, see [Component documentation](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/components.html).

src/reference-designs/tap-architecture-planning.md

@@ -1,6 +1,6 @@
 # VMware Tanzu Application Platform Architecture
 
-The VMware Tanzu Application Platform architecture provides a path to creating a production deployment of Tanzu Application Platform (informally known as TAP) 1.6. However, do not feel constrained to follow this exact path if your specific use cases warrant a different architecture.
+The VMware Tanzu Application Platform architecture provides a path to creating a production deployment of Tanzu Application Platform (informally known as TAP) 1.7. However, do not feel constrained to follow this exact path if your specific use cases warrant a different architecture.
 
 Design decisions enumerated in this document exemplify the main design issues you will encounter in planning your Tanzu Application Platform environment and the rationale behind a chosen solution path. Understanding these decisions can help provide a rationale for any necessary deviation from this architecture.
 
@@ -16,7 +16,7 @@ For production deployments, VMware recommends two fully independent instances of
 |TAP-001  | Install using multiple clusters.         |  Utilizing multiple clusters allows you to separate your workloads and environments while still leveraging combined build infrastructure.   |  Multiple cluster design requires more installation effort and possibly more maintenance versus a single cluster design.
 |TAP-002  | Create an operator sandbox environment.  |  An operator sandbox environment allows platform operators to test upgrades and architectural changes before introducing them to production. |  An operator sandbox requires additional computer resources.
 |TAP-003  | Utilize a single Build Cluster and multiple Run Clusters  | Utilizing a single Build Cluster with multiple Run Clusters creates the correct production environment for the build system vs separating into dev/test/qa/prod build systems. Additionally, a single Build Cluster ensures that the container image does not change between environments.  A single Build Cluster is also easier to manage than separate components. |  *Changes lower environments are not as separated as having separate build environments.*
-|TAP-004  | Utilize a View Cluster  | Utilizing a single View Cluster with multiple Run Clusters creates the correct production perception for the common systems like learning portal, GUI, app resource monitoring, etc. |  None
+|TAP-004  | Utilize a View Cluster  | Utilizing a single View Cluster with multiple Run Clusters creates the correct production perception for the common systems like developer portal, app resource monitoring, appsso, and so on. |  None
 
 ## Build Cluster Requirements
 
@@ -26,7 +26,7 @@ The Kubernetes Build Cluster will see bursty workloads as each build or series o
 
 ### Kubernetes Requirements - Build Cluster
 
-* Supported Kubernetes versions are 1.25,1.26,1.27.
+* Supported Kubernetes versions are 1.26, 1.27, 1.28.
 * Default storage class.
 * At least 16 GB available memory that is allocatable across clusters, with at least 8 GB per node.
 * 12 vCPUs available across all nodes.
@@ -132,7 +132,7 @@ The Run Cluster's requirements are driven primarily by the applications that it
 
 ### Kubernetes Requirements - Run Cluster
 
-* Supported Kubernetes versions are 1.25,1.26,1.27.
+* Supported Kubernetes versions are 1.26, 1.27, 1.28.
 * LoadBalancer for ingress controller (requires 1 external IP address).
 * Default storage class.
 * At least 16 GB available memory that is allocatable across clusters, with at least 16 GB per node.
@@ -208,13 +208,13 @@ tap_telemetry:
 
 ## View Cluster Requirements
 
-The View Cluster is designed to run the web applications for Tanzu Application Platform. specifically, Tanzu Learning Center, Tanzu Application Portal GUI, and Tanzu API Portal.
+The View Cluster is designed to run the web applications for Tanzu Application Platform; specifically, Tanzu Application Portal GUI/Tanzu Developer Portal(TDP), and Tanzu API Portal.
 
 The View Cluster's requirements are driven primarily by the respective applications that it will be running.
 
 ### Kubernetes Requirements - View Cluster
 
-* Supported Kubernetes versions are 1.25,1.26,1.27.
+* Supported Kubernetes versions are 1.26, 1.27, 1.28.
 * LoadBalancer for ingress controller (requires 1 external IP address).
 * Default storage class.
 * At least 16 GB available memory that is allocatable across clusters, with at least 8 GB per node.
@@ -228,7 +228,7 @@ The View Cluster's requirements are driven primarily by the respective applicati
 ### Recommendations - View Cluster
 
 * Spread across three AZs for high availability.
-* Utilize a PostgreSQL database for storing user preferences and manually created entities.
+* Utilize a PostgreSQL database with minimum 20 GB storage for storing user preferences and manually created entities.
 * Add Build and all Run Clusters service accounts into View Cluster config yaml to monitor runtime resources of apps in Tanzu Application Platform GUI.
 * Tanzu Service Mesh (TSM) is not installed or is restricted to namespaces that are not for Tanzu Application Platform.
 
@@ -242,12 +242,10 @@ cert-manager.tanzu.vmware.com
 contour.tanzu.vmware.com
 controller.source.apps.tanzu.vmware.com
 fluxcd.source.controller.tanzu.vmware.com
-learningcenter.tanzu.vmware.com
 metadata-store.apps.tanzu.vmware.com
 tap-gui.tanzu.vmware.com
 tap-telemetry.tanzu.vmware.com
 tap.tanzu.vmware.com
-workshops.learningcenter.tanzu.vmware.com
 
 ```
 
@@ -310,7 +308,7 @@ The Iterate Cluster is for "inner loop" development iteration. Developers connec
 
 ### Kubernetes Requirements - Iterate Cluster
 
-* Supported Kubernetes versions are 1.25,1.26,1.27.
+* Supported Kubernetes versions are 1.26, 1.27, 1.28.
 * LoadBalancer for ingress controller (2 external IP addresses).
 * Default storage class.
 * At least 16 GB available memory that is allocatable across clusters, with at least 8 GB per node.
@@ -532,7 +530,7 @@ Logging for Tanzu Application Platform is handled by the upstream Kubernetes int
 
 There are multiple ways to set up authentication in a Tanzu Application Platform deployment. You can manage authentication at the infrastructure level with your Kubernetes provider. VMware recommends Pinniped for integrating your identity provider into Tanzu Application Platform.
 
-To use Pinniped, see [Installing Pinniped on Tanzu Application Platform](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/authn-authz-pinniped-install-guide.html) and [Login using Pinniped](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/authn-authz-pinniped-login.html).
+To use Pinniped, see [Installing Pinniped on Tanzu Application Platform](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/authn-authz-pinniped-install-guide.html) and [Login using Pinniped](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/authn-authz-pinniped-login.html).
 
 | Decision ID   | Design Decision   | Justification | Implication
 |---            |---                |---            |---
@@ -552,12 +550,12 @@ The following two roles are for service accounts associated with the Tanzu Suppl
 * `workload`
 * `deliverable`
 
-For more information, see [Tanzu Application Platform authorization](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/authn-authz-overview.html).
+For more information, see [Tanzu Application Platform authorization](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/authn-authz-overview.html).
 
 ## Developer tools (Inner-Loop)
 
 Tanzu Application Platform allows developers to quickly build and test applications and provide many in-built developer friendly platform capabilities. To learn more about these capabilities, see [Tanzu Application Platform Developer Components](tap-architecture-dev-components.md).
 
 ## Deployment Instructions
 
-For more information about deploying this reference design, see [Deploy multi-cluster Tanzu Application Platform profiles](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/multicluster-installing-multicluster.html).
+For more information about deploying this reference design, see [Deploy multi-cluster Tanzu Application Platform profiles](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.7/tap/multicluster-installing-multicluster.html).

src/reference-designs/tap-networking.md

@@ -19,8 +19,7 @@ The following table describes the networking flow in the Tanzu Application Platf
 |AppSso | Contour ingress | Run, Iterate | 443 | https | User request to AppSSO with login token (via shared ingress).Contour/envoy proxy access appsso service inside cluster.
 |Contour ingress /Envoy proxy | External Load Balancer | Run,View,Iterate | 443,80 | https(443) , http(80) | Shared ingress for view/run/iterate cluster.
 |Fluxcd source controller | Run,Build | External git/helm repository | 443,80 | https(443) , http(80) | Traffic to pull or push from git repo from internet egress.
-|Learning Center | Contour ingress| View (Learning Center package)  | 443,80 | https(443) , http(80) | Traffic routes through shared ingress.Contour/envoy proxy access learning center service inside cluster.
-|Supply Chain Security Tools/Metadata| Build (security scan plugin)| View (Gui CVE Dashboard)  | 443 | https | Traffic routes through shared ingress to report the scan results to view gui cve’s dashboard.
+|Supply Chain Security Tools/Metadata| Build (security scan plug-in)| View (Gui CVE Dashboard)  | 443 | WebSocket | Traffic routes through shared ingress to report the scan results to view gui cve’s dashboard.
 |Tanzu Application Platform Gui web| Contour ingress| View (tap-gui package)  | 443 | https | Traffic routes through shared ingress for external web url. Contour/envoy proxy access tap-gui service inside cluster.
 |Gui backend| View | Gui backend DB(postgres)  | 5432 | tcp | Gui backend DB within the k8s cluster to persist tap gui data (read/write), this traffic remains in-cluster if the database is hosted inside the same cluster.
 |Tanzu Build Service| Build | Third party dependencies repositories  | 443 | https | Downloading artifacts necessary to compile applications in different languages (Python, Java, .NET, JavaScript, golang, etc.).