From 33cb5028848244edf9ec2cf1b62f797154ddc17f Mon Sep 17 00:00:00 2001 From: razzle Date: Tue, 18 Apr 2023 20:49:35 -0500 Subject: [PATCH 1/9] Cleanup root (#1603) ## Description Cleanup the root files a bit, remove `vagrant` references, update the README w/ new features. ## NOTICE @mike-winberry This changes how NPM stuff gets run. Either run w/ `npm --prefix src/ui COMMAND`, or cd into `src/ui` before running npm things. Additionally, since `package.json` is not in root, you will need to do `export NODE_PATH=$(pwd)/src/ui/node_modules` at root before running `npm --prefix src/ui run test` in order for the UI tests to resolve `node_modules`. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Signed-off-by: razzle Co-authored-by: Wayne Starr --- .github/actions/node/action.yaml | 1 + .github/workflows/Vagrantfile | 138 ------------------ .github/workflows/test-ui.yml | 7 +- Makefile | 16 +- README.md | 35 ++--- Vagrantfile | 52 ------- docs/0-zarf-overview.md | 40 ++--- docs/5-operator-manual/90-supported-oses.md | 75 ---------- docs/6-developer-guide/2-testing.md | 12 +- hack/ui-dev.sh | 2 +- .eslintignore => src/ui/.eslintignore | 0 .eslintrc.cjs => src/ui/.eslintrc.cjs | 0 .npmrc => src/ui/.npmrc | 0 .prettierignore => src/ui/.prettierignore | 4 +- .prettierrc => src/ui/.prettierrc | 0 package-lock.json => src/ui/package-lock.json | 0 package.json => src/ui/package.json | 6 +- .../ui/playwright.config.ts | 4 +- svelte.config.js => src/ui/svelte.config.js | 20 +-- tsconfig.json => src/ui/tsconfig.json | 16 +- vite.config.ts => src/ui/vite.config.ts | 2 +- 21 files changed, 80 insertions(+), 350 deletions(-) delete mode 100644 .github/workflows/Vagrantfile delete mode 100644 Vagrantfile delete mode 100644 docs/5-operator-manual/90-supported-oses.md rename .eslintignore => src/ui/.eslintignore (100%) rename .eslintrc.cjs => src/ui/.eslintrc.cjs (100%) rename .npmrc => src/ui/.npmrc (100%) rename .prettierignore => src/ui/.prettierignore (84%) rename .prettierrc => src/ui/.prettierrc (100%) rename package-lock.json => src/ui/package-lock.json (100%) rename package.json => src/ui/package.json (97%) rename playwright.config.ts => src/ui/playwright.config.ts (95%) rename svelte.config.js => src/ui/svelte.config.js (67%) rename tsconfig.json => src/ui/tsconfig.json (66%) rename vite.config.ts => src/ui/vite.config.ts (93%) diff --git a/.github/actions/node/action.yaml b/.github/actions/node/action.yaml index f4e4789f6c..6e063fa384 100644 --- a/.github/actions/node/action.yaml +++ b/.github/actions/node/action.yaml @@ -8,3 +8,4 @@ runs: with: node-version: 18 cache: "npm" + cache-dependency-path: "src/ui/package-lock.json" diff --git a/.github/workflows/Vagrantfile b/.github/workflows/Vagrantfile deleted file mode 100644 index c07c834d6a..0000000000 --- a/.github/workflows/Vagrantfile +++ /dev/null @@ -1,138 +0,0 @@ -# Github self-hosted runner config -# Usage: -# DOCKER_LOGIN="REPLACE_ME_DOCKER_TOKEN_FOR_PULL_LIMIT" GITHUB_TOKEN="REPLACE_ME_GITHUB_ACTION_TOKEN" vagrant up --provision - -GITHUB_RUNNER_VERSION = "2.296.0" -GITHUB_RUNNER_SHASUM = "d1fa9768ef81de108db24645cba174096dfb59b4dbb883016192384827f29e43" -UBUNTU_NODE_COUNT = 6 -ROCKY_NODE_COUNT = 2 - -require 'securerandom' - -Vagrant.configure("2") do |config| - - config.vm.synced_folder '.', '/vagrant', disabled: true - config.ssh.insert_key = false - - config.vm.provider "virtualbox" do |vb| - vb.check_guest_additions = false - vb.cpus = 6 - vb.memory = 16384 - end - - config.disksize.size = '200GB' - - ##################################################################### - # Common setup scripts # - ##################################################################### - config.vm.provision "shell", inline: <<-SHELL - # Elasticsearch needs this - sysctl -w vm.max_map_count=262144 - - # Write the runner pre/posts scripts - cat > /home/vagrant/runner-cleanup.sh << EOF -#!/bin/bash -set +e - -sudo chown -R vagrant /home/vagrant || echo '' -sudo /opt/zarf/zarf-clean-k3s.sh || echo '' -sudo rm -fr ~/.kube -sudo rm -fr /root/.kube -sudo rm -fr /tmp/zarf* -EOF - - # Make it executable - chmod 755 /home/vagrant/runner-cleanup.sh - - # Create a folder - mkdir -p actions-runner && cd actions-runner - - # Download the latest runner package & validate the shasum - curl -o actions-runner-linux-x64-#{GITHUB_RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v#{GITHUB_RUNNER_VERSION}/actions-runner-linux-x64-#{GITHUB_RUNNER_VERSION}.tar.gz - echo "#{GITHUB_RUNNER_SHASUM} actions-runner-linux-x64-#{GITHUB_RUNNER_VERSION}.tar.gz" | sha256sum -c - - # Extract the installer - tar xzf ./actions-runner-linux-x64-#{GITHUB_RUNNER_VERSION}.tar.gz - - ./bin/installdependencies.sh - SHELL - - - ##################################################################### - # Ubuntu-specific configs # - ##################################################################### - (1..UBUNTU_NODE_COUNT).each do |i| - config.vm.define "ubuntu-#{i}" do |subconfig| - subconfig.vm.hostname = "ubuntu-#{i}-dallas-#{SecureRandom.hex(6)}" - - subconfig.vm.box = "ubuntu/focal64" - - subconfig.vm.provision "shell", inline: <<-SHELL - # Install tools - apt-get update -y - apt-get install docker.io make build-essential curl -y - - # Grant vagrant docker access without sudo - usermod -aG docker vagrant - - # Docker login to avoid pull limits - docker login -u zarfdev -p #{ENV['DOCKER_LOGIN']} - - # Tell github to use the cleanup script and allow sudo - export ACTIONS_RUNNER_HOOK_JOB_STARTED=/home/vagrant/runner-cleanup.sh - export ACTIONS_RUNNER_HOOK_JOB_COMPLETED=/home/vagrant/runner-cleanup.sh - export RUNNER_ALLOW_RUNASROOT=1 - - # Create the runner and start the configuration, allow sudo due to k3s tests - ./actions-runner/config.sh --url https://github.com/defenseunicorns/zarf --token #{ENV['GITHUB_TOKEN']} --unattended --labels ubuntu - - # Start the runner - ./actions-runner/run.sh & - SHELL - end - end - - ##################################################################### - # Rocky-specific configs # - ##################################################################### - (1..ROCKY_NODE_COUNT).each do |i| - config.vm.define "rocky-#{i}" do |subconfig| - subconfig.vm.hostname = "rocky-#{i}-dallas-#{SecureRandom.hex(6)}" - - subconfig.vm.box = "rockylinux/8" - - # Setup for Rocky (k3s test only) - subconfig.vm.provision "shell", inline: <<-SHELL - - # Grow the disk - dnf install -y cloud-utils-growpart - growpart /dev/sda 1 - xfs_growfs /dev/sda1 - - # Install docker - dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo - dnf update -y - dnf install -y docker-ce docker-ce-cli containerd.io - dnf groupinstall "Development Tools" -y - - # Configure docker - systemctl enable docker --now - usermod -aG docker vagrant - docker login -u zarfdev -p #{ENV['DOCKER_LOGIN']} - - - # Tell github to use the cleanup script and allow sudo - export ACTIONS_RUNNER_HOOK_JOB_STARTED=/home/vagrant/runner-cleanup.sh - export ACTIONS_RUNNER_HOOK_JOB_COMPLETED=/home/vagrant/runner-cleanup.sh - export RUNNER_ALLOW_RUNASROOT=1 - - # Create the runner and start the configuration, allow sudo due to k3s tests - ./actions-runner/config.sh --url https://github.com/defenseunicorns/zarf --token #{ENV['GITHUB_TOKEN']} --unattended --labels rhel,rocky - - # Start the runner - ./actions-runner/run.sh & - SHELL - end - end - -end diff --git a/.github/workflows/test-ui.yml b/.github/workflows/test-ui.yml index ec5ce0b4af..c8de942222 100644 --- a/.github/workflows/test-ui.yml +++ b/.github/workflows/test-ui.yml @@ -47,9 +47,10 @@ jobs: - name: Run UI tests run: > - npm run test:pre-init && - npm run test:init && - npm run test:post-init + export NODE_PATH=$(pwd)/src/ui/node_modules && + npm --prefix src/ui run test:pre-init && + npm --prefix src/ui run test:init && + npm --prefix src/ui run test:post-init - name: Save logs if: always() diff --git a/Makefile b/Makefile index 826bfb5879..25220902b3 100644 --- a/Makefile +++ b/Makefile @@ -37,14 +37,6 @@ help: ## Display this help information | sort | awk 'BEGIN {FS = ":.*?## "}; \ {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' -vm-init: ## Make a vagrant VM (usage -> make vm-init OS=ubuntu) - vagrant destroy -f - vagrant up --no-color ${OS} - echo -e "\n\n\n\033[1;93m ✅ BUILD COMPLETE. To access this environment, run \"vagrant ssh ${OS}\"\n\n\n" - -vm-destroy: ## Destroy the vagrant VM - vagrant destroy -f - clean: ## Clean the build directory rm -rf build @@ -72,8 +64,8 @@ check-ui: fi build-ui: ## Build the Zarf UI - npm ci - npm run build + npm --prefix src/ui ci + npm --prefix src/ui run build build-cli-linux-amd: check-ui ## Build the Zarf CLI for Linux on AMD64 CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$(BUILD_ARGS)" -o build/zarf main.go @@ -103,8 +95,8 @@ docs-and-schema: ensure-ui-build-dir ## Generate the Zarf Documentation and Sche dev: ensure-ui-build-dir ## Start a Dev Server for the Zarf UI go mod download - npm ci - npm run dev + npm --prefix src/ui ci + npm --prefix src/ui run dev # INTERNAL: a shim used to build the agent image only if needed on Windows using the `test` command init-package-local-agent: diff --git a/README.md b/README.md index a99b1c9ad1..6e782cc7f4 100644 --- a/README.md +++ b/README.md @@ -1,42 +1,41 @@ # Zarf - DevSecOps for Air Gap [![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/zarf)](https://github.com/defenseunicorns/zarf/releases) -[![Zarf Slack Channel](https://img.shields.io/badge/k8s%20slack-zarf-40a3dd)](https://kubernetes.slack.com/archives/C03B6BJAUJ3) -[![Zarf Website](https://img.shields.io/badge/web-zarf.dev-6d87c3)](https://zarf.dev/) -[![Zarf Documentation](https://img.shields.io/badge/docs-docs.zarf.dev-775ba1)](https://docs.zarf.dev/) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf) [![Go version](https://img.shields.io/github/go-mod/go-version/defenseunicorns/zarf?filename=go.mod)](https://go.dev/) +[![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/zarf/release.yml)](https://github.com/defenseunicorns/zarf/actions/workflows/release.yml) +[![Zarf Documentation Status](https://api.netlify.com/api/v1/badges/fe846ae4-25fb-4274-9968-90782640ee9f/deploy-status)](https://app.netlify.com/sites/zarf-docs/deploys) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf) -||Build Status| -|---|---| -|Zarf|[![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/zarf/release.yml)](https://github.com/defenseunicorns/zarf/actions/workflows/release.yml)| -|Zarf Documentation|[![Zarf Documentation Status](https://api.netlify.com/api/v1/badges/fe846ae4-25fb-4274-9968-90782640ee9f/deploy-status)](https://app.netlify.com/sites/zarf-docs/deploys)| +[![Zarf Website](https://img.shields.io/badge/web-zarf.dev-6d87c3)](https://zarf.dev/) +[![Zarf Documentation](https://img.shields.io/badge/docs-docs.zarf.dev-775ba1)](https://docs.zarf.dev/) +[![Zarf Slack Channel](https://img.shields.io/badge/k8s%20slack-zarf-40a3dd)](https://kubernetes.slack.com/archives/C03B6BJAUJ3) zarf logo Zarf eliminates the [complexity of air gap software delivery](https://www.itopstimes.com/contain/air-gap-kubernetes-considerations-for-running-cloud-native-applications-without-the-cloud/) for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments. -📦 Out of the Box Features +## 📦 Out of the Box Features - Automate Kubernetes deployments in disconnected environments - Automate [Software Bill of Materials (SBOM)](https://www.linuxfoundation.org/tools/the-state-of-software-bill-of-materials-sbom-and-cybersecurity-readiness/) generation - Provide a [web dashboard](https://docs.zarf.dev/docs/dashboard-ui/sbom-dashboard) for viewing SBOM output +- Create and verify package signatures with [cosign](https://github.com/sigstore/cosign) +- [Publish](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_publish), [pull](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_pull), and [deploy](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_deploy) packages from an [OCI registry](https://opencontainers.org/) +- Powerful component lifecycle [actions](https://docs.zarf.dev/docs/user-guide/component-actions) - Deploy a new cluster while fully disconnected with [K3s](https://k3s.io/) or into any existing cluster using a [kube config](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) - Builtin logging stack with [Loki](https://grafana.com/oss/loki/) -- Builtin git server with [Gitea](https://gitea.com/) -- Builtin docker registry +- Builtin Git server with [Gitea](https://gitea.com/) +- Builtin Docker registry - Builtin [K9s Dashboard](https://k9scli.io/) for managing a cluster from the terminal - [Mutating Webhook](adr/0005-mutating-webhook.md) to automatically update Kubernetes pod's image path and pull secrets as well as [Flux Git Repository](https://fluxcd.io/docs/components/source/gitrepositories/) URLs and secret references -- Builtin [command to find images](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_prepare_find-images) and resources from a helm chart +- Builtin [command to find images](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_prepare_find-images) and resources from a Helm chart - Tunneling capability to [connect to Kuberenetes resources](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_connect) without network routing, DNS, TLS or Ingress configuration required -🛠️ Configurable Features +## 🛠️ Configurable Features -- Customizable [variables](examples/variables/README.md) with defaults and user prompting +- Customizable [variables and package templates](examples/variables/README.md) with defaults and user prompting - [Composable packages](https://docs.zarf.dev/docs/user-guide/zarf-packages/zarf-components#composing-package-components) to include multiple sub-packages/components -- Filters to select the correct architectures/operating systems for packages - -> Early Zarf research and prototypes were developed jointly with [United States Naval Postgraduate School](https://nps.edu/) research you can read [here](https://calhoun.nps.edu/handle/10945/68688). +- Component-level OS/architecture filtering ## Demo @@ -62,6 +61,8 @@ To contribute, please see our [Contributor Guide](https://docs.zarf.dev/docs/dev ## Special Thanks +> Early Zarf research and prototypes were developed jointly with [United States Naval Postgraduate School](https://nps.edu/) research you can read [here](https://calhoun.nps.edu/handle/10945/68688). + We would also like to thank the following awesome libraries and projects without which Zarf would not be possible! [![pterm/pterm](https://img.shields.io/badge/pterm%2Fpterm-007d9c?logo=go&logoColor=white)](https://github.com/pterm/pterm) diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 7daaec5845..0000000000 --- a/Vagrantfile +++ /dev/null @@ -1,52 +0,0 @@ -Vagrant.configure("2") do |config| - - config.vm.provider "virtualbox" do |vb| - vb.check_guest_additions = false - vb.cpus = 6 - vb.memory = 8192 - end - - config.vm.disk :disk, size: "20GB", primary: true - - config.vm.define "rhel7" do |target| - target.vm.box = "generic/rhel7" - end - - config.vm.define "rhel8" do |target| - target.vm.box = "generic/rhel8" - end - - config.vm.define "centos7" do |target| - target.vm.box = "boxomatic/centos-7" - end - - config.vm.define "centos8" do |target| - target.vm.box = "boxomatic/centos-8" - end - - config.vm.define "ubuntu" do |target| - target.vm.box = "boxomatic/ubuntu-20.04" - end - - config.vm.define "debian" do |target| - target.vm.box = "boxomatic/debian-11" - end - - config.vm.define "rocky" do |target| - target.vm.box = "boxomatic/rocky-8.4" - end - - config.vm.hostname = "zarf-test" - config.vm.synced_folder '.', '/vagrant', disabled: true - config.vm.synced_folder 'build', '/opt/zarf', SharedFoldersEnableSymlinksCreate: false - - config.vm.network "forwarded_port", guest: 80, host: 8080 - config.vm.network "forwarded_port", guest: 443, host: 8443 - - config.ssh.insert_key = false - - config.vm.provision "shell", inline: <<-SHELL - # Airgap images please - echo "0.0.0.0 registry.hub.docker.com hub.docker.com charts.helm.sh repo1.dso.mil github.com registry.dso.mil registry1.dso.mil docker.io index.docker.io auth.docker.io registry-1.docker.io dseasb33srnrn.cloudfront.net production.cloudflare.docker.com registry.opensource.zalan.do" >> /etc/hosts - SHELL -end diff --git a/docs/0-zarf-overview.md b/docs/0-zarf-overview.md index a0d415c897..3245979112 100644 --- a/docs/0-zarf-overview.md +++ b/docs/0-zarf-overview.md @@ -41,7 +41,6 @@ A typical Zarf deployment is made up of three parts: 3. A Zarf Package: - A compressed tarball package that contains all of the files, manifests, source repositories, and images needed to deploy your infrastructure, application, and resources in a disconnected environment. - :::note For more technical information on how Zarf works and to view the Zarf architecture, visit our [Nerd Notes page](./6-developer-guide/3-nerd-notes.md). @@ -66,7 +65,6 @@ Given Zarf's being a "K8s cluster to serve _other_ K8s clusters", the following - Helm charts, kustomizations, and other K8s manifests: to apply in a Kubernetes cluster. - [Data injections](../examples/data-injection/README.md): to declaratively inject data into running containers in a Kubernetes cluster. - ## How To Use Zarf Zarf is intended for use in a software deployment process that looks similar to this: @@ -87,7 +85,7 @@ For additional information, see the [Building a package](./13-walkthroughs/0-usi ### (2) Ship the Package to the System Location -Zarf enables secure software delivery for various environments, such as remote, constrained, independent, and air-gapped systems. Considering there are various target environments with their own appropriate transferring mechanisms, Zarf does not determine _how_ packages are moved so long as they can arrive in your downstream environment. +Zarf enables secure software delivery for various environments, such as remote, constrained, independent, and air-gapped systems. Considering there are various target environments with their own appropriate transferring mechanisms, Zarf does not determine _how_ packages are moved so long as they can arrive in your downstream environment. ### (3) Deploy the Package @@ -117,7 +115,7 @@ In the more complex use case, your package consists of updates for many apps/sys - 💸 **Free and Open-Source.** Zarf will always be free to use and maintained by the open-source community. - 🔓 **No Vendor Lock.** There is no proprietary software that locks you into using Zarf. If you want to remove it, you still can use your helm charts to deploy your software manually. -- 💻 **OS Agnostic.** Zarf supports numerous operating systems. For a full list, visit the [Supported OSes](./5-operator-manual/90-supported-oses.md) page. +- 💻 **OS Agnostic.** Zarf supports numerous operating systems. A full matrix of supported OSes, architectures and featuresets is coming soon. - 📦 **Highly Distributable.** Integrate and deploy software from multiple secure development environments including edge, embedded systems, secure cloud, data centers, and even local environments. - 🚀 **Develop Connected Deploy Disconnected.** Teams can build and configure individual applications or entire DevSecOps environments while connected to the internet. Once created, they can be packaged and shipped to a disconnected environment to be deployed. - 💿 **Single File Deployments.** Zarf allows you to package the parts of the internet your app needs into a single compressed file to be installed without connectivity. @@ -126,26 +124,30 @@ In the more complex use case, your package consists of updates for many apps/sys ## Features + + ### 📦 Out of the Box Features -- Automates Kubernetes deployments in disconnected environments. -- Automates [Software Bill of Materials (SBOM)](https://www.linuxfoundation.org/tools/the-state-of-software-bill-of-materials-sbom-and-cybersecurity-readiness/) generation. -- Provides an [SBOM dashboard UI](dashboard-ui/sbom-dashboard). -- Convert SBOM JSON file into government compliant format (.xpdx or .cyclone.dx). -- Deploys a new cluster while fully disconnected with [K3s](https://k3s.io/) or into any existing cluster using a [Kube config](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/). -- Built-in logging stack with [Loki](https://grafana.com/oss/loki/). -- Built-in git server with [Gitea](https://gitea.com/). -- Built-in docker registry. -- Built-in [K9s Dashboard](https://k9scli.io/) for managing a cluster from the terminal. -- [Mutating Webhook](adr/0005-mutating-webhook.md) to automatically update Kubernetes pod's image path and pull secrets as well as [Flux Git Repository](https://fluxcd.io/docs/components/source/gitrepositories/) URLs and secret references. -- Built-in [command to find images](user-guide/the-zarf-cli/cli-commands/zarf_prepare_find-images) and resources from a helm chart. -- Tunneling capability to [connect to Kubernetes resources](user-guide/the-zarf-cli/cli-commands/zarf_connect) without network routing, DNS, TLS, or Ingress configuration required. +- Automate Kubernetes deployments in disconnected environments +- Automate [Software Bill of Materials (SBOM)](https://www.linuxfoundation.org/tools/the-state-of-software-bill-of-materials-sbom-and-cybersecurity-readiness/) generation +- Provide a [web dashboard](https://docs.zarf.dev/docs/dashboard-ui/sbom-dashboard) for viewing SBOM output +- Create and verify package signatures with [cosign](https://github.com/sigstore/cosign) +- [Publish](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_publish), [pull](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_pull), and [deploy](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_deploy) packages from an [OCI registry](https://opencontainers.org/) +- Powerful component lifecycle [actions](https://docs.zarf.dev/docs/user-guide/component-actions) +- Deploy a new cluster while fully disconnected with [K3s](https://k3s.io/) or into any existing cluster using a [kube config](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) +- Builtin logging stack with [Loki](https://grafana.com/oss/loki/) +- Builtin Git server with [Gitea](https://gitea.com/) +- Builtin Docker registry +- Builtin [K9s Dashboard](https://k9scli.io/) for managing a cluster from the terminal +- [Mutating Webhook](adr/0005-mutating-webhook.md) to automatically update Kubernetes pod's image path and pull secrets as well as [Flux Git Repository](https://fluxcd.io/docs/components/source/gitrepositories/) URLs and secret references +- Builtin [command to find images](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_prepare_find-images) and resources from a Helm chart +- Tunneling capability to [connect to Kuberenetes resources](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_connect) without network routing, DNS, TLS or Ingress configuration required ### 🛠️ Configurable Features -- Customizable [variables](examples/variables/README.md) with defaults and user prompting. -- [Composable packages](user-guide/zarf-packages/zarf-components#composing-package-components) to include multiple sub-packages/components. -- Filters to select the correct architectures/operating systems for packages. +- Customizable [variables and package templates](examples/variables/README.md) with defaults and user prompting +- [Composable packages](https://docs.zarf.dev/docs/user-guide/zarf-packages/zarf-components#composing-package-components) to include multiple sub-packages/components +- Component-level OS/architecture filtering ## Quick Start diff --git a/docs/5-operator-manual/90-supported-oses.md b/docs/5-operator-manual/90-supported-oses.md deleted file mode 100644 index 9bdd92b946..0000000000 --- a/docs/5-operator-manual/90-supported-oses.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -sidebar_position: 8 ---- -# Supported OSes - -Zarf is intended to install & run on a multitude of 64-bit Linux distributions. - -Check the table below to understand which distros which we test against & if there are any known issues or usage caveats. - - -## Support Matrix - -|OS |VM_ID |Notes| -|--- |--- |---| -|RHEL 7 |rhel7 || -|RHEL 8 |rhel8 || -|CentOS 7 |centos7 || -|CentOS 8 |centos8 || -|Ubuntu 20.04 |ubuntu || -|Debian 11 |debian || -|Rocky 8.4 |rocky || - - -## Demo Environments - -We support running an instance of Zarf _inside a local VM_ (of any of the [supported OSes](#support-matrix)) for test & demonstration purposes. - -> _**Take note**_ -> -> Run the following commands from _**the project root directory**_. - -### Startup - -To get a VM running, it's as easy as running a single command: - -``` bash -make vm-init OS=[VM_ID] # e.g. make vm-init OS=ubuntu -``` - -> _**Warning!**_ -> -> Besure to pass a VM_ID or you'll start a VM instance for _every one of the supported OS types_. Yikes! - -### Work in the VM - -To connect into the VM instance you just started, run: - -``` bash -vagrant ssh [VM_ID] # e.g. vagrant ssh ubuntu -``` - -Once connected, you can work with your mounted-from-the-host copy of Zarf like so: - -``` bash -sudo su # escalate permissions (to "root" user) -cd /opt/zarf # access Zarf -./zarf help -``` - -When you're done with the VM, you can exit back to the host terminal by running: - -``` bash -exit # de-escalate permissions (back to "vagrant" user) -exit # exits VM shel & drops you back on the host -``` - -### Shutdown - -Closing out the demo environment is _also_ a single command: - -``` bash -make vm-destroy -``` - -This will shutdown & destroy _all_ the demo VM instances it can find. Easy-peasy—nice and clean. diff --git a/docs/6-developer-guide/2-testing.md b/docs/6-developer-guide/2-testing.md index 456f12099c..5e76477779 100644 --- a/docs/6-developer-guide/2-testing.md +++ b/docs/6-developer-guide/2-testing.md @@ -113,17 +113,17 @@ There are several ways to run tests depending on your specific situation, such a ```shell # dont forget to install dependencies -npm ci +npm --prefix src/ui ci -# get help with playwright -npx playwright --help +# allow playwright to find the node modules +export NODE_PATH=$(pwd)/src/ui/node_modules # run tests with @pre-init tag -npm run test:pre-init +npm --prefix src/ui run test:pre-init # run tests with @init tag -npm run test:init +npm --prefix src/ui run test:init # run tests with @post-init tag -npm run test:post-init +npm --prefix src/ui run test:post-init ``` diff --git a/hack/ui-dev.sh b/hack/ui-dev.sh index 359681e608..9e76453bfc 100755 --- a/hack/ui-dev.sh +++ b/hack/ui-dev.sh @@ -12,4 +12,4 @@ API_DEV_PORT=5173 \ concurrently --names "ui,api" \ -c "gray.bold,yellow" \ "vite dev" \ - "nodemon -e go -x 'go run -ldflags=\"$BUILD_ARGS\" main.go dev ui -l=trace || exit 1'" + "nodemon -e go -x 'go run -ldflags=\"$BUILD_ARGS\" ../../main.go dev ui -l=trace || exit 1'" diff --git a/.eslintignore b/src/ui/.eslintignore similarity index 100% rename from .eslintignore rename to src/ui/.eslintignore diff --git a/.eslintrc.cjs b/src/ui/.eslintrc.cjs similarity index 100% rename from .eslintrc.cjs rename to src/ui/.eslintrc.cjs diff --git a/.npmrc b/src/ui/.npmrc similarity index 100% rename from .npmrc rename to src/ui/.npmrc diff --git a/.prettierignore b/src/ui/.prettierignore similarity index 84% rename from .prettierignore rename to src/ui/.prettierignore index 24e0748d8f..02cb6e22d0 100644 --- a/.prettierignore +++ b/src/ui/.prettierignore @@ -1,8 +1,6 @@ .DS_Store node_modules -/build -/.svelte-kit -/package +.svelte-kit .env .env.* !.env.example diff --git a/.prettierrc b/src/ui/.prettierrc similarity index 100% rename from .prettierrc rename to src/ui/.prettierrc diff --git a/package-lock.json b/src/ui/package-lock.json similarity index 100% rename from package-lock.json rename to src/ui/package-lock.json diff --git a/package.json b/src/ui/package.json similarity index 97% rename from package.json rename to src/ui/package.json index d14f8316f1..3a800d5bf9 100644 --- a/package.json +++ b/src/ui/package.json @@ -1,10 +1,10 @@ { "name": "zarf-ui", "private": true, - "version": "0.0.1", "type": "module", + "version": "0.0.1", "scripts": { - "dev": "hack/ui-dev.sh", + "dev": "../../hack/ui-dev.sh", "build": "vite build", "test": "playwright test -x --reporter github,html", "test:pre-init": "playwright test -x --reporter github,html --grep @pre-init", @@ -17,7 +17,7 @@ "nodemonConfig": { "delay": 5000, "watch": [ - "src" + "../../src" ], "signal": "SIGKILL", "extensions": [ diff --git a/playwright.config.ts b/src/ui/playwright.config.ts similarity index 95% rename from playwright.config.ts rename to src/ui/playwright.config.ts index ad48cfcbc7..c44fc5170a 100644 --- a/playwright.config.ts +++ b/src/ui/playwright.config.ts @@ -11,7 +11,7 @@ import type { PlaywrightTestConfig } from '@playwright/test'; * See https://playwright.dev/docs/test-configuration. */ const config: PlaywrightTestConfig = { - testDir: './src/test/ui', + testDir: '../test/ui', /* This is 10 minutes jon */ timeout: 10 * 60 * 1000, expect: { @@ -75,7 +75,7 @@ const config: PlaywrightTestConfig = { /* Run your local dev server before starting the tests */ webServer: { - command: process.env.CI ? 'make test-built-ui' : 'npm run dev', + command: process.env.CI ? 'cd ../.. && make test-built-ui' : 'npm run dev', port: 3333, reuseExistingServer: true, timeout: 120 * 1000 diff --git a/svelte.config.js b/src/ui/svelte.config.js similarity index 67% rename from svelte.config.js rename to src/ui/svelte.config.js index 5f55b9940e..a7dd5fd6dc 100644 --- a/svelte.config.js +++ b/src/ui/svelte.config.js @@ -7,23 +7,23 @@ const config = { // disable css-unused warnings if (warning.code.startsWith("css-unused-")) return; handler(warning); - }, + }, + root: ".", // Consult https://github.com/sveltejs/svelte-preprocess // for more information about preprocessors preprocess: preprocess(), kit: { - files: { - assets: 'src/ui/static', - lib: 'src/ui/lib', - params: 'src/ui/params', - routes: 'src/ui/routes', - serviceWorker: 'src/ui/service-worker', - appTemplate: 'src/ui/app.html' + assets: 'static', + lib: 'lib', + params: 'params', + routes: 'routes', + serviceWorker: 'service-worker', + appTemplate: 'app.html' }, adapter: adapter({ - pages: 'build/ui', - assets: 'build/ui', + pages: '../../build/ui', + assets: '../../build/ui', fallback: "index.html", }), }, diff --git a/tsconfig.json b/src/ui/tsconfig.json similarity index 66% rename from tsconfig.json rename to src/ui/tsconfig.json index 3c38eb22dc..c108021511 100644 --- a/tsconfig.json +++ b/src/ui/tsconfig.json @@ -8,19 +8,19 @@ "sourceMap": true, "strict": true, "paths": { - "$lib": ["./src/ui/lib"], - "$lib/*": ["./src/ui/lib/*"], - "@assets/*": ["./src/ui/static/*"], - "@images/*": ["./src/ui/images/*"], + "$lib": ["./lib"], + "$lib/*": ["./lib/*"], + "@assets/*": ["./static/*"], + "@images/*": ["./images/*"], "@ui": ["./node_modules/@defense-unicorns/unicorn-ui"], "@ui/*": ["./node_modules/@defense-unicorns/unicorn-ui/*"] } }, "include": [ - "src/ui/**/*.d.ts", - "src/ui/**/*.ts", - "src/ui/**/*.js", - "src/ui/**/*.svelte", + "**/*.d.ts", + "**/*.ts", + "**/*.js", + "**/*.svelte", "jest.config.js", ".svelte-kit/ambient.d.ts", ] diff --git a/vite.config.ts b/src/ui/vite.config.ts similarity index 93% rename from vite.config.ts rename to src/ui/vite.config.ts index 825d08e6d6..82cb156825 100644 --- a/vite.config.ts +++ b/src/ui/vite.config.ts @@ -27,7 +27,7 @@ const config: UserConfig = { }, resolve: { alias: { - '@images': __dirname + '/src/ui/images', + '@images': __dirname + '/images', '@ui': __dirname + '/node_modules/@defense-unicorns/unicorn-ui', }, }, From 0daaf503f492a02debd0c105abd59c20f313316a Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Wed, 19 Apr 2023 11:23:22 -0500 Subject: [PATCH 2/9] Fix linting and UI version check (#1624) ## Description This cleans up the UI diff check script for local dev and a few linting issues. ## Related Issue Fixes #1614 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --- .github/workflows/release.yml | 2 +- .goreleaser.yaml | 2 +- README.md | 4 ++-- hack/print-ui-diff.sh | 3 --- src/internal/packager/images/pull.go | 3 ++- src/pkg/message/message.go | 6 ++---- src/pkg/packager/deprecated/common.go | 1 + src/pkg/transform/image.go | 4 ++-- 8 files changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6cc11776cd..dd3ec1bbd4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,7 @@ jobs: push-resources: runs-on: ubuntu-latest permissions: - contents: read + contents: write packages: write steps: - name: Checkout diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 54e89d2b6d..828e9ed462 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -15,7 +15,7 @@ builds: - darwin - windows ldflags: - - -s -w -X github.com/defenseunicorns/zarf/src/config.CLIVersion={{.Tag}} + - -s -w -X github.com/defenseunicorns/zarf/src/config.CLIVersion={{.Tag}} -X k8s.io/component-base/version.gitVersion=v0.0.0+zarf{{.Tag}} -X k8s.io/component-base/version.gitCommit={{.FullCommit}} -X k8s.io/component-base/version.buildDate={{.Date}} goarch: - amd64 - arm64 diff --git a/README.md b/README.md index 6e782cc7f4..facb99a82a 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,12 @@ [![Zarf Documentation Status](https://api.netlify.com/api/v1/badges/fe846ae4-25fb-4274-9968-90782640ee9f/deploy-status)](https://app.netlify.com/sites/zarf-docs/deploys) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/zarf) +zarf logo + [![Zarf Website](https://img.shields.io/badge/web-zarf.dev-6d87c3)](https://zarf.dev/) [![Zarf Documentation](https://img.shields.io/badge/docs-docs.zarf.dev-775ba1)](https://docs.zarf.dev/) [![Zarf Slack Channel](https://img.shields.io/badge/k8s%20slack-zarf-40a3dd)](https://kubernetes.slack.com/archives/C03B6BJAUJ3) -zarf logo - Zarf eliminates the [complexity of air gap software delivery](https://www.itopstimes.com/contain/air-gap-kubernetes-considerations-for-running-cloud-native-applications-without-the-cloud/) for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments. ## 📦 Out of the Box Features diff --git a/hack/print-ui-diff.sh b/hack/print-ui-diff.sh index e8758612fa..1ab4616f9f 100755 --- a/hack/print-ui-diff.sh +++ b/hack/print-ui-diff.sh @@ -2,9 +2,6 @@ # Get the diff for UI related files git diff HEAD src/ui -git diff HEAD package.json -git diff HEAD package-lock.json -git diff HEAD .npmrc git diff HEAD .eslint* git diff HEAD ts* git diff HEAD prettier* diff --git a/src/internal/packager/images/pull.go b/src/internal/packager/images/pull.go index 32948059d4..49f3b6bfab 100644 --- a/src/internal/packager/images/pull.go +++ b/src/internal/packager/images/pull.go @@ -7,6 +7,7 @@ package images import ( "context" "encoding/json" + "errors" "fmt" "io" "os" @@ -63,7 +64,7 @@ func (i *ImgConfig) PullAll() error { // Create the ImagePath directory err := os.Mkdir(i.ImagesPath, 0755) - if err != nil { + if err != nil && !errors.Is(err, os.ErrExist) { return fmt.Errorf("failed to create image path %s: %w", i.ImagesPath, err) } diff --git a/src/pkg/message/message.go b/src/pkg/message/message.go index 459e6031ee..e304670f8a 100644 --- a/src/pkg/message/message.go +++ b/src/pkg/message/message.go @@ -35,9 +35,6 @@ const ( // NoProgress tracks whether spinner/progress bars show updates. var NoProgress bool -// Separator is a string of 100 spaces to provide visual separation between elements. -var Separator = strings.Repeat(" ", 100) - var logLevel = InfoLevel // Write logs to stderr and a buffer for logFile generation. @@ -45,6 +42,7 @@ var logFile *os.File var useLogFile bool +// DebugWriter represents a writer interface that writes to message.Debug type DebugWriter struct{} func (d *DebugWriter) Write(raw []byte) (int, error) { @@ -220,7 +218,7 @@ func HorizontalRule() { pterm.Println(strings.Repeat("━", 100)) } -// HorizontalRule prints a yellow horizontal rule to separate the terminal +// HorizontalNoteRule prints a yellow horizontal rule to separate the terminal func HorizontalNoteRule() { pterm.Println() pterm.FgYellow.Println(strings.Repeat("━", 100)) diff --git a/src/pkg/packager/deprecated/common.go b/src/pkg/packager/deprecated/common.go index 5e7e5ffbdb..c8d3907f7b 100644 --- a/src/pkg/packager/deprecated/common.go +++ b/src/pkg/packager/deprecated/common.go @@ -15,6 +15,7 @@ import ( "github.com/pterm/pterm" ) +// BreakingChange represents a breaking change that happened on a specified Zarf version type BreakingChange struct { version *semver.Version title string diff --git a/src/pkg/transform/image.go b/src/pkg/transform/image.go index d461c13587..53dcc5167c 100644 --- a/src/pkg/transform/image.go +++ b/src/pkg/transform/image.go @@ -35,9 +35,9 @@ func ImageTransformHost(targetHost, srcReference string) (string, error) { // If this image is specified by digest then don't add a checksum it as it will already be a specific SHA if image.Digest != "" { return fmt.Sprintf("%s/%s@%s", targetHost, image.Path, image.Digest), nil - } else { - return fmt.Sprintf("%s/%s:%s-zarf-%d", targetHost, image.Path, image.Tag, checksum), nil } + + return fmt.Sprintf("%s/%s:%s-zarf-%d", targetHost, image.Path, image.Tag, checksum), nil } // ImageTransformHostWithoutChecksum replaces the base url for an image but avoids adding a checksum of the original url (note image refs are not full URLs). From 2fb5f1cc7bdd068547cd849282b3d098593181fd Mon Sep 17 00:00:00 2001 From: Danny Gershman Date: Fri, 21 Apr 2023 09:12:41 -0400 Subject: [PATCH 3/9] adding renovate support for bigbang (#1585) ## Description Adding renovate support for Big Bang Releases, inline. If this is not acceptable will go with the JSON method. ## Related Issue Relates to #1569 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --- examples/big-bang/zarf.yaml | 2 ++ renovate.json | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/examples/big-bang/zarf.yaml b/examples/big-bang/zarf.yaml index 46f9b25d49..5bb0a52a6d 100644 --- a/examples/big-bang/zarf.yaml +++ b/examples/big-bang/zarf.yaml @@ -2,6 +2,7 @@ kind: ZarfPackageConfig metadata: name: big-bang-example description: "Deploy Big Bang Core" + # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ version: 1.57.1 url: https://p1.dso.mil/products/big-bang # Big Bang / Iron Bank are only amd64 @@ -17,6 +18,7 @@ components: required: true extensions: bigbang: + # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ version: 1.57.1 valuesFiles: # Istio configs diff --git a/renovate.json b/renovate.json index 2319b8dcf6..4c8dcb765e 100644 --- a/renovate.json +++ b/renovate.json @@ -40,6 +40,16 @@ "- name: (?.+)(.|\n)*?url: (?.+)(.|\n)*?version: (?.+)" ], "datasourceTemplate": "helm" + }, + { + "fileMatch": [ + "(^|/)zarf.yaml$" + ], + "matchStringsStrategy": "recursive", + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( registryUrl=(?.*?))?\\s.*?version: (?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" } ] } From 79971f437e64b09151a0bd63f1e29ec803a14c45 Mon Sep 17 00:00:00 2001 From: Jessy-Morris <123977818+Jessy-Morris@users.noreply.github.com> Date: Fri, 21 Apr 2023 09:18:03 -0400 Subject: [PATCH 4/9] IA: Renaming Developer Guide to Contribute to Zarf (#1634) ## Description Based on user feedback and to improve the information architecture, we are changing the Developer Guide to Contribute to Zarf. All links associated with the Developer Guide have been modified accordingly. ## Related Issue Fixes #1629 Relates to #1397 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed Co-authored-by: Wayne Starr --- CONTRIBUTING.md | 2 +- README.md | 2 +- docs/0-zarf-overview.md | 2 +- docs/13-walkthroughs/0-using-zarf-package-create.md | 2 +- docs/4-user-guide/index.md | 2 +- .../1-contributor-guide.md | 0 docs/{6-developer-guide => 6-contribute-to-zarf}/2-testing.md | 0 .../3-nerd-notes.md | 0 .../4-style-guide.md | 0 docs/6-contribute-to-zarf/_category_.json | 4 ++++ docs/6-developer-guide/_category_.json | 4 ---- 11 files changed, 9 insertions(+), 9 deletions(-) rename docs/{6-developer-guide => 6-contribute-to-zarf}/1-contributor-guide.md (100%) rename docs/{6-developer-guide => 6-contribute-to-zarf}/2-testing.md (100%) rename docs/{6-developer-guide => 6-contribute-to-zarf}/3-nerd-notes.md (100%) rename docs/{6-developer-guide => 6-contribute-to-zarf}/4-style-guide.md (100%) create mode 100644 docs/6-contribute-to-zarf/_category_.json delete mode 100644 docs/6-developer-guide/_category_.json diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 127dced861..7437aa3c88 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -42,7 +42,7 @@ Our E2E tests can be found in the `/test` folder and follow the journey of someo Our Unit tests can be found as `*_test.go` files inside the package that they are designed to test. These are also run in CI and are designed to test small functions with clear interfaces that would be difficult to test otherwise. As a general rule, we are limiting unit tests to the `src/pkg/*` folder. All of our tests should be able to be run locally or in CI. -You can learn more about the testing of Zarf [here](docs/6-developer-guide/2-testing.md). +You can learn more about the testing of Zarf [here](docs/6-contribute-to-zarf/2-testing.md). ## Documentation diff --git a/README.md b/README.md index facb99a82a..2458308c40 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ Using Zarf in Github workflows? Check out the [setup-zarf](https://github.com/de ## Developing -To contribute, please see our [Contributor Guide](https://docs.zarf.dev/docs/developer-guide/contributor-guide). Below is an architectural diagram showing the basics of how Zarf functions which you can read more about [here](https://docs.zarf.dev/docs/developer-guide/nerd-notes). +To contribute, please see our [Contributor Guide](https://docs.zarf.dev/docs/contribute-to-zarf/contributor-guide). Below is an architectural diagram showing the basics of how Zarf functions which you can read more about [here](https://docs.zarf.dev/docs/contribute-to-zarf/nerd-notes). ![Architecture Diagram](./docs/.images/architecture.drawio.svg) diff --git a/docs/0-zarf-overview.md b/docs/0-zarf-overview.md index 3245979112..589df09adf 100644 --- a/docs/0-zarf-overview.md +++ b/docs/0-zarf-overview.md @@ -43,7 +43,7 @@ A typical Zarf deployment is made up of three parts: :::note -For more technical information on how Zarf works and to view the Zarf architecture, visit our [Nerd Notes page](./6-developer-guide/3-nerd-notes.md). +For more technical information on how Zarf works and to view the Zarf architecture, visit our [Nerd Notes page](./6-contribute-to-zarf/3-nerd-notes.md). ::: diff --git a/docs/13-walkthroughs/0-using-zarf-package-create.md b/docs/13-walkthroughs/0-using-zarf-package-create.md index 6098e04cb6..73eb3213c2 100644 --- a/docs/13-walkthroughs/0-using-zarf-package-create.md +++ b/docs/13-walkthroughs/0-using-zarf-package-create.md @@ -24,7 +24,7 @@ zarf package create . # Run the command to create the zarf package This set of commands will create a zarf package in the current directory. In this case, the package name should look something like `zarf-init-amd64-v0.24.0.tar.zst`, although it might be slightly different depending on your system architecture. :::note -If you continue without entering an agent image, package create will fail. The Zarf Agent is required to rewrite Kubernetes objects in the air gap via what is known as a Mutating Webhook. More technical information about it can be found [here](../6-developer-guide/3-nerd-notes.md). +If you continue without entering an agent image, package create will fail. The Zarf Agent is required to rewrite Kubernetes objects in the air gap via what is known as a Mutating Webhook. More technical information about it can be found [here](../6-contribute-to-zarf/3-nerd-notes.md). ::: When you execute the `zarf package create` command, Zarf will prompt you to confirm that you want to create the package by displaying the package definition and asking you to respond with either `y` or `n`. diff --git a/docs/4-user-guide/index.md b/docs/4-user-guide/index.md index 89d002d4c5..75e05109f1 100644 --- a/docs/4-user-guide/index.md +++ b/docs/4-user-guide/index.md @@ -84,5 +84,5 @@ Once your package has arrived, you will need to: If you are looking for more advanced information on how to operate and customize Zarf to your specific environment needs, check out these additional resources: - For information on how to create a custom configuration of the Zarf CLI see the [Operator Manual](../5-operator-manual/_category_.json). -- For information on how to create your own Zarf Packages see the [Developer Guide](../6-developer-guide/1-contributor-guide.md). +- For information on how to create your own Zarf Packages see the [Zarf Packages](https://docs.zarf.dev/docs/user-guide/zarf-packages/) page. - To see some of the ways our community is using Zarf to deploy code onto air-gapped systems see the [Zarf Examples](../../examples/README.md). diff --git a/docs/6-developer-guide/1-contributor-guide.md b/docs/6-contribute-to-zarf/1-contributor-guide.md similarity index 100% rename from docs/6-developer-guide/1-contributor-guide.md rename to docs/6-contribute-to-zarf/1-contributor-guide.md diff --git a/docs/6-developer-guide/2-testing.md b/docs/6-contribute-to-zarf/2-testing.md similarity index 100% rename from docs/6-developer-guide/2-testing.md rename to docs/6-contribute-to-zarf/2-testing.md diff --git a/docs/6-developer-guide/3-nerd-notes.md b/docs/6-contribute-to-zarf/3-nerd-notes.md similarity index 100% rename from docs/6-developer-guide/3-nerd-notes.md rename to docs/6-contribute-to-zarf/3-nerd-notes.md diff --git a/docs/6-developer-guide/4-style-guide.md b/docs/6-contribute-to-zarf/4-style-guide.md similarity index 100% rename from docs/6-developer-guide/4-style-guide.md rename to docs/6-contribute-to-zarf/4-style-guide.md diff --git a/docs/6-contribute-to-zarf/_category_.json b/docs/6-contribute-to-zarf/_category_.json new file mode 100644 index 0000000000..1fc92b801a --- /dev/null +++ b/docs/6-contribute-to-zarf/_category_.json @@ -0,0 +1,4 @@ +{ + "label": "Contribute to Zarf" + } + \ No newline at end of file diff --git a/docs/6-developer-guide/_category_.json b/docs/6-developer-guide/_category_.json deleted file mode 100644 index b95172da24..0000000000 --- a/docs/6-developer-guide/_category_.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "label": "Developer Guide" - } - \ No newline at end of file From ae1d45d4ad96f7f476b9cfb0d83815d074bbe4c9 Mon Sep 17 00:00:00 2001 From: Danny Gershman Date: Fri, 21 Apr 2023 14:36:50 -0400 Subject: [PATCH 5/9] Big Bang 2.0 support (#1611) ## Description This adds support for Big Bang 2.0.0 (which was released today, Thursday April 20, 2023), and is backward compatible. ## Related Issue N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --- examples/big-bang/config/disable-all.yaml | 10 +++++----- examples/big-bang/config/kyverno.yaml | 2 +- examples/big-bang/config/loki.yaml | 6 +++--- examples/big-bang/zarf.yaml | 4 ++-- src/extensions/bigbang/manifests.go | 2 +- src/extensions/bigbang/test/package/disable-all.yaml | 10 +++++----- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/examples/big-bang/config/disable-all.yaml b/examples/big-bang/config/disable-all.yaml index 016e829e96..439f10c994 100644 --- a/examples/big-bang/config/disable-all.yaml +++ b/examples/big-bang/config/disable-all.yaml @@ -2,7 +2,7 @@ istio: enabled: false -istiooperator: +istioOperator: enabled: false jaeger: @@ -20,16 +20,16 @@ gatekeeper: kyverno: enabled: false -kyvernopolicies: +kyvernoPolicies: enabled: false -kyvernoreporter: +kyvernoReporter: enabled: false -logging: +elasticsearchKibana: enabled: false -eckoperator: +eckOperator: enabled: false fluentbit: diff --git a/examples/big-bang/config/kyverno.yaml b/examples/big-bang/config/kyverno.yaml index 5ee8cf4750..0270d2975f 100644 --- a/examples/big-bang/config/kyverno.yaml +++ b/examples/big-bang/config/kyverno.yaml @@ -5,7 +5,7 @@ clusterAuditor: enabled: false kyverno: enabled: true -kyvernopolicies: +kyvernoPolicies: enabled: true values: policies: diff --git a/examples/big-bang/config/loki.yaml b/examples/big-bang/config/loki.yaml index 4c7f4c82b2..8a85cfd658 100644 --- a/examples/big-bang/config/loki.yaml +++ b/examples/big-bang/config/loki.yaml @@ -1,13 +1,13 @@ # Use Loki instead of EFK -logging: +elasticsearchKibana: enabled: false -eckoperator: +eckOperator: enabled: false fluentbit: enabled: false - + loki: enabled: true diff --git a/examples/big-bang/zarf.yaml b/examples/big-bang/zarf.yaml index 5bb0a52a6d..f18ede1f9d 100644 --- a/examples/big-bang/zarf.yaml +++ b/examples/big-bang/zarf.yaml @@ -3,7 +3,7 @@ metadata: name: big-bang-example description: "Deploy Big Bang Core" # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ - version: 1.57.1 + version: 2.0.0 url: https://p1.dso.mil/products/big-bang # Big Bang / Iron Bank are only amd64 architecture: amd64 @@ -19,7 +19,7 @@ components: extensions: bigbang: # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ - version: 1.57.1 + version: 2.0.0 valuesFiles: # Istio configs - config/ingress.yaml diff --git a/src/extensions/bigbang/manifests.go b/src/extensions/bigbang/manifests.go index a07f112f78..fd5ae3b1be 100644 --- a/src/extensions/bigbang/manifests.go +++ b/src/extensions/bigbang/manifests.go @@ -42,7 +42,7 @@ git: # -- HTTP git credentials, both username and password must be provided username: "###ZARF_GIT_PUSH###" password: "###ZARF_GIT_AUTH_PUSH###" -kyvernopolicies: +kyvernoPolicies: values: exclude: any: diff --git a/src/extensions/bigbang/test/package/disable-all.yaml b/src/extensions/bigbang/test/package/disable-all.yaml index 016e829e96..439f10c994 100644 --- a/src/extensions/bigbang/test/package/disable-all.yaml +++ b/src/extensions/bigbang/test/package/disable-all.yaml @@ -2,7 +2,7 @@ istio: enabled: false -istiooperator: +istioOperator: enabled: false jaeger: @@ -20,16 +20,16 @@ gatekeeper: kyverno: enabled: false -kyvernopolicies: +kyvernoPolicies: enabled: false -kyvernoreporter: +kyvernoReporter: enabled: false -logging: +elasticsearchKibana: enabled: false -eckoperator: +eckOperator: enabled: false fluentbit: From 583a3ddd73a255370dc578cd435ed1f159ddaa15 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Fri, 21 Apr 2023 16:05:27 -0500 Subject: [PATCH 6/9] Fix the Big Bang tests to support upgrading v1 to v2 (#1640) ## Description This improves BB 2.0 support and fixes upgrades. ## Related Issue Fixes #N/A ## Type of change - [X] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --- examples/big-bang/config/disable-all.yaml | 5 +- src/extensions/bigbang/bigbang.go | 2 +- src/extensions/bigbang/manifests.go | 60 ++++++++++++++----- src/extensions/bigbang/test/bigbang_test.go | 6 +- .../bigbang/test/package/disable-all-bb1.yaml | 58 ++++++++++++++++++ ...{disable-all.yaml => disable-all-bb2.yaml} | 5 +- src/extensions/bigbang/test/package/zarf.yaml | 2 +- 7 files changed, 116 insertions(+), 22 deletions(-) create mode 100644 src/extensions/bigbang/test/package/disable-all-bb1.yaml rename src/extensions/bigbang/test/package/{disable-all.yaml => disable-all-bb2.yaml} (92%) diff --git a/examples/big-bang/config/disable-all.yaml b/examples/big-bang/config/disable-all.yaml index 439f10c994..153ce37c80 100644 --- a/examples/big-bang/config/disable-all.yaml +++ b/examples/big-bang/config/disable-all.yaml @@ -53,5 +53,6 @@ monitoring: twistlock: enabled: false -metricsServer: - enabled: false +addons: + metricsServer: + enabled: false diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go index e93c2e92af..bbbb24b0f9 100644 --- a/src/extensions/bigbang/bigbang.go +++ b/src/extensions/bigbang/bigbang.go @@ -387,7 +387,7 @@ func addBigBangManifests(manifestDir string, cfg *extensions.BigBang) (types.Zar } // Create the zarf-credentials secret manifest. - if err := addManifest("bb-ext-zarf-credentials.yaml", manifestZarfCredentials()); err != nil { + if err := addManifest("bb-ext-zarf-credentials.yaml", manifestZarfCredentials(cfg.Version)); err != nil { return manifest, err } diff --git a/src/extensions/bigbang/manifests.go b/src/extensions/bigbang/manifests.go index fd5ae3b1be..f7b4b49920 100644 --- a/src/extensions/bigbang/manifests.go +++ b/src/extensions/bigbang/manifests.go @@ -11,6 +11,7 @@ import ( "regexp" "strings" + "github.com/Masterminds/semver/v3" "github.com/defenseunicorns/zarf/src/types/extensions" fluxHelmCtrl "github.com/fluxcd/helm-controller/api/v2beta1" fluxSrcCtrl "github.com/fluxcd/source-controller/api/v1beta2" @@ -20,18 +21,28 @@ import ( var nonAlphnumeric = regexp.MustCompile("[^a-zA-Z0-9]+") -func manifestZarfCredentials() corev1.Secret { - return corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - Kind: "Secret", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: bb, - Name: "zarf-credentials", - }, - StringData: map[string]string{ - "values.yaml": ` +const bbV1ZarfCredentialsValues = ` +registryCredentials: + registry: "###ZARF_REGISTRY###" + username: "zarf-pull" + password: "###ZARF_REGISTRY_AUTH_PULL###" +git: + existingSecret: "private-git-server" # -- Chart created secrets with user defined values + credentials: + # -- HTTP git credentials, both username and password must be provided + username: "###ZARF_GIT_PUSH###" + password: "###ZARF_GIT_AUTH_PUSH###" +# -- Big Bang v1 Kyverno Support +kyvernopolicies: + values: + exclude: + any: + - resources: + namespaces: + - zarf # don't have Kyverno prevent Zarf from doing zarf things + ` + +const bbV2ZarfCredentialsValues = ` registryCredentials: registry: "###ZARF_REGISTRY###" username: "zarf-pull" @@ -42,14 +53,35 @@ git: # -- HTTP git credentials, both username and password must be provided username: "###ZARF_GIT_PUSH###" password: "###ZARF_GIT_AUTH_PUSH###" +# -- Big Bang v2 Kyverno Support kyvernoPolicies: values: exclude: any: - resources: namespaces: - - zarf # don't have kyverno prevent zarf from doing zarf things - `, + - zarf # don't have Kyverno prevent Zarf from doing zarf things + ` + +func manifestZarfCredentials(version string) corev1.Secret { + values := bbV1ZarfCredentialsValues + + semverVersion, err := semver.NewVersion(version) + if err != nil && semverVersion.Major() == 2 { + values = bbV2ZarfCredentialsValues + } + + return corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: bb, + Name: "zarf-credentials", + }, + StringData: map[string]string{ + "values.yaml": values, }, } } diff --git a/src/extensions/bigbang/test/bigbang_test.go b/src/extensions/bigbang/test/bigbang_test.go index 087257f013..f5a3ad53a2 100644 --- a/src/extensions/bigbang/test/bigbang_test.go +++ b/src/extensions/bigbang/test/bigbang_test.go @@ -49,7 +49,8 @@ func TestReleases(t *testing.T) { // Build the previous version bbVersion := fmt.Sprintf("--set=BB_VERSION=%s", previous) - zarfExec(t, "package", "create", "../src/extensions/bigbang/test/package", bbVersion, "--confirm") + bbMajor := fmt.Sprintf("--set=BB_MAJOR=%s", previous[0:1]) + zarfExec(t, "package", "create", "../src/extensions/bigbang/test/package", bbVersion, bbMajor, "--confirm") // Deploy the previous version pkgPath := fmt.Sprintf("zarf-package-big-bang-test-amd64-%s.tar.zst", previous) @@ -69,7 +70,8 @@ func TestReleases(t *testing.T) { // Build the latest version bbVersion = fmt.Sprintf("--set=BB_VERSION=%s", latest) - zarfExec(t, "package", "create", "../src/extensions/bigbang/test/package", bbVersion, "--confirm") + bbMajor = fmt.Sprintf("--set=BB_MAJOR=%s", latest[0:1]) + zarfExec(t, "package", "create", "../src/extensions/bigbang/test/package", bbVersion, bbMajor, "--confirm") // Clean up zarf cache now that all packages are built to reduce disk pressure zarfExec(t, "tools", "clear-cache") diff --git a/src/extensions/bigbang/test/package/disable-all-bb1.yaml b/src/extensions/bigbang/test/package/disable-all-bb1.yaml new file mode 100644 index 0000000000..c51a3d1095 --- /dev/null +++ b/src/extensions/bigbang/test/package/disable-all-bb1.yaml @@ -0,0 +1,58 @@ +# Disable everything +istio: + enabled: false + +istiooperator: + enabled: false + +jaeger: + enabled: false + +kiali: + enabled: false + +clusterAuditor: + enabled: false + +gatekeeper: + enabled: false + +kyverno: + enabled: false + +kyvernopolicies: + enabled: false + +kyvernoreporter: + enabled: false + +logging: + enabled: false + +eckoperator: + enabled: false + +fluentbit: + enabled: false + +promtail: + enabled: false + +loki: + enabled: false + +neuvector: + enabled: false + +tempo: + enabled: false + +monitoring: + enabled: false + +twistlock: + enabled: false + +addons: + metricsServer: + enabled: false diff --git a/src/extensions/bigbang/test/package/disable-all.yaml b/src/extensions/bigbang/test/package/disable-all-bb2.yaml similarity index 92% rename from src/extensions/bigbang/test/package/disable-all.yaml rename to src/extensions/bigbang/test/package/disable-all-bb2.yaml index 439f10c994..153ce37c80 100644 --- a/src/extensions/bigbang/test/package/disable-all.yaml +++ b/src/extensions/bigbang/test/package/disable-all-bb2.yaml @@ -53,5 +53,6 @@ monitoring: twistlock: enabled: false -metricsServer: - enabled: false +addons: + metricsServer: + enabled: false diff --git a/src/extensions/bigbang/test/package/zarf.yaml b/src/extensions/bigbang/test/package/zarf.yaml index 8dc9216b51..a5257877a4 100644 --- a/src/extensions/bigbang/test/package/zarf.yaml +++ b/src/extensions/bigbang/test/package/zarf.yaml @@ -19,5 +19,5 @@ components: bigbang: version: "###ZARF_PKG_TMPL_BB_VERSION###" valuesFiles: - - disable-all.yaml + - disable-all-bb###ZARF_PKG_TMPL_BB_MAJOR###.yaml - enable-twistlock.yaml From 7ea66c96e57d586b8ff3ee755e8281322d87eaa9 Mon Sep 17 00:00:00 2001 From: Danny Gershman Date: Fri, 21 Apr 2023 19:33:37 -0400 Subject: [PATCH 7/9] Adding a helm with git example. (#1596) ## Description This adds an example to pull in a Helm chart from a git repository. ## Related Issue N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed Co-authored-by: Wayne Starr --- examples/helm-git-chart/README.md | 17 +++++++++++++++++ examples/helm-git-chart/zarf.yaml | 15 +++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 examples/helm-git-chart/README.md create mode 100644 examples/helm-git-chart/zarf.yaml diff --git a/examples/helm-git-chart/README.md b/examples/helm-git-chart/README.md new file mode 100644 index 0000000000..74aeb2e432 --- /dev/null +++ b/examples/helm-git-chart/README.md @@ -0,0 +1,17 @@ +# Helm Git Chart +This example shows how you can specify a Git repository chart for a helm source within a component's `charts`. + +:::info + +To view the example source code, select the `Edit this page` link below the article and select the parent folder. + +::: + +``` yaml +components: + - name: component-name + charts: + - name: chart-name + url: url-to-git-repo.git + gitPath: path/to/chart/in/repo +``` diff --git a/examples/helm-git-chart/zarf.yaml b/examples/helm-git-chart/zarf.yaml new file mode 100644 index 0000000000..60333f025f --- /dev/null +++ b/examples/helm-git-chart/zarf.yaml @@ -0,0 +1,15 @@ +kind: ZarfPackageConfig +metadata: + name: test-helm-git-chart + description: "Deploys a helm chart from git" +components: + - name: demo-helm-git-chart + required: true + charts: + - name: podinfo + url: https://github.com/stefanprodan/podinfo.git + gitPath: charts/podinfo + namespace: podinfo-from-git + version: 6.3.5 + images: + - "ghcr.io/stefanprodan/podinfo:6.3.5" From 96e0875e7686d653fb6ec258ea0d401bcc6028c9 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Fri, 21 Apr 2023 19:23:37 -0500 Subject: [PATCH 8/9] Adopt pre-existing resources into Zarf-managed Helm Charts (#1626) ## Description Allows for the adoption of resources in Zarf manifests. ## Related Issue Fixes #1054 Fixes #1636 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --- Makefile | 2 +- docs/0-zarf-overview.md | 12 ++-- .../1-the-zarf-cli/100-cli-commands/zarf.md | 1 - .../100-cli-commands/zarf_completion.md | 1 - .../100-cli-commands/zarf_completion_bash.md | 1 - .../100-cli-commands/zarf_completion_fish.md | 1 - .../zarf_completion_powershell.md | 1 - .../100-cli-commands/zarf_completion_zsh.md | 1 - .../100-cli-commands/zarf_connect.md | 3 +- .../100-cli-commands/zarf_connect_list.md | 1 - .../100-cli-commands/zarf_destroy.md | 1 - .../100-cli-commands/zarf_init.md | 3 +- .../100-cli-commands/zarf_package.md | 1 - .../100-cli-commands/zarf_package_create.md | 1 - .../100-cli-commands/zarf_package_deploy.md | 18 ++--- .../100-cli-commands/zarf_package_inspect.md | 1 - .../100-cli-commands/zarf_package_list.md | 1 - .../100-cli-commands/zarf_package_publish.md | 1 - .../100-cli-commands/zarf_package_pull.md | 1 - .../100-cli-commands/zarf_package_remove.md | 1 - .../100-cli-commands/zarf_prepare.md | 3 +- .../zarf_prepare_find-images.md | 1 - .../zarf_prepare_generate-config.md | 3 +- .../zarf_prepare_patch-git.md | 3 +- .../zarf_prepare_sha256sum.md | 1 - .../100-cli-commands/zarf_tools.md | 3 +- .../100-cli-commands/zarf_tools_archiver.md | 1 - .../zarf_tools_archiver_compress.md | 1 - .../zarf_tools_archiver_decompress.md | 1 - .../zarf_tools_clear-cache.md | 1 - .../100-cli-commands/zarf_tools_gen-key.md | 3 +- .../100-cli-commands/zarf_tools_gen-pki.md | 1 - .../100-cli-commands/zarf_tools_get-creds.md | 3 +- .../100-cli-commands/zarf_tools_kubectl.md | 1 - .../100-cli-commands/zarf_tools_monitor.md | 1 - .../100-cli-commands/zarf_tools_registry.md | 1 - .../zarf_tools_registry_catalog.md | 1 - .../zarf_tools_registry_copy.md | 1 - .../zarf_tools_registry_login.md | 1 - .../zarf_tools_registry_pull.md | 1 - .../zarf_tools_registry_push.md | 1 - .../100-cli-commands/zarf_tools_sbom.md | 1 - .../zarf_tools_sbom_attest.md | 1 - .../zarf_tools_sbom_convert.md | 1 - .../100-cli-commands/zarf_tools_sbom_login.md | 1 - .../zarf_tools_sbom_packages.md | 1 - .../zarf_tools_sbom_version.md | 1 - .../100-cli-commands/zarf_tools_wait-for.md | 10 ++- .../100-cli-commands/zarf_version.md | 1 - .../3-the-zarf-init-package.md | 8 +-- docs/4-user-guide/index.md | 6 +- docs/6-contribute-to-zarf/4-style-guide.md | 70 +++++++++---------- docs/9-faq.md | 12 ++++ docs/gen-cli-docs.sh | 3 +- examples/dos-games/zarf.yaml | 2 +- src/cmd/connect.go | 2 +- src/cmd/package.go | 3 + src/cmd/root.go | 2 +- src/cmd/tools/wait.go | 5 +- src/cmd/tools/zarf.go | 41 +++++------ src/config/lang/english.go | 41 +++++++---- src/internal/cluster/injector.go | 20 +++--- src/internal/cluster/namespace.go | 2 +- src/internal/cluster/state.go | 11 +-- src/internal/cluster/tunnel.go | 2 +- src/internal/cluster/zarf.go | 10 +-- src/internal/packager/helm/destroy.go | 2 +- src/internal/packager/helm/post-render.go | 37 ++++++++-- src/pkg/k8s/dynamic.go | 65 +++++++++++++++++ src/pkg/k8s/namespace.go | 46 +++++++----- src/pkg/packager/create.go | 5 +- src/pkg/packager/deploy.go | 3 +- src/pkg/packager/remove.go | 4 +- src/test/e2e/25_helm_test.go | 32 ++++++++- .../25-manifest-adoption/deployment.yaml | 34 +++++++++ src/types/runtime.go | 13 ++-- src/ui/lib/api-types.ts | 5 ++ 77 files changed, 373 insertions(+), 216 deletions(-) create mode 100644 src/pkg/k8s/dynamic.go create mode 100644 src/test/test-packages/25-manifest-adoption/deployment.yaml diff --git a/Makefile b/Makefile index 25220902b3..bcaf9898ac 100644 --- a/Makefile +++ b/Makefile @@ -142,7 +142,7 @@ build-examples: ## Build all of the example packages @test -s ./build/zarf-package-test-helm-wait-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/helm-no-wait -o build -a $(ARCH) --confirm - @test -s ./build/zarf-package-helm-oci-chart-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/helm-oci-chart -o build -a $(ARCH) --confirm + @test -s ./build/zarf-package-helm-oci-chart-$(ARCH)-0.0.1.tar.zst || $(ZARF_BIN) package create examples/helm-oci-chart -o build -a $(ARCH) --confirm @test -s ./build/zarf-package-yolo-$(ARCH).tar.zst || $(ZARF_BIN) package create examples/yolo -o build -a $(ARCH) --confirm diff --git a/docs/0-zarf-overview.md b/docs/0-zarf-overview.md index 589df09adf..260b03fe46 100644 --- a/docs/0-zarf-overview.md +++ b/docs/0-zarf-overview.md @@ -130,23 +130,23 @@ In the more complex use case, your package consists of updates for many apps/sys - Automate Kubernetes deployments in disconnected environments - Automate [Software Bill of Materials (SBOM)](https://www.linuxfoundation.org/tools/the-state-of-software-bill-of-materials-sbom-and-cybersecurity-readiness/) generation -- Provide a [web dashboard](https://docs.zarf.dev/docs/dashboard-ui/sbom-dashboard) for viewing SBOM output +- Provide a [web dashboard](./7-dashboard-ui/1-sbom-dashboard.md) for viewing SBOM output - Create and verify package signatures with [cosign](https://github.com/sigstore/cosign) -- [Publish](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_publish), [pull](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_pull), and [deploy](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_package_deploy) packages from an [OCI registry](https://opencontainers.org/) -- Powerful component lifecycle [actions](https://docs.zarf.dev/docs/user-guide/component-actions) +- [Publish](./4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_publish.md), [pull](./4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_pull.md), and [deploy](./4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md) packages from an [OCI registry](https://opencontainers.org/) +- Powerful component lifecycle [actions](./4-user-guide/5-component-actions.md) - Deploy a new cluster while fully disconnected with [K3s](https://k3s.io/) or into any existing cluster using a [kube config](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) - Builtin logging stack with [Loki](https://grafana.com/oss/loki/) - Builtin Git server with [Gitea](https://gitea.com/) - Builtin Docker registry - Builtin [K9s Dashboard](https://k9scli.io/) for managing a cluster from the terminal - [Mutating Webhook](adr/0005-mutating-webhook.md) to automatically update Kubernetes pod's image path and pull secrets as well as [Flux Git Repository](https://fluxcd.io/docs/components/source/gitrepositories/) URLs and secret references -- Builtin [command to find images](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_prepare_find-images) and resources from a Helm chart -- Tunneling capability to [connect to Kuberenetes resources](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_connect) without network routing, DNS, TLS or Ingress configuration required +- Builtin [command to find images](./4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md) and resources from a Helm chart +- Tunneling capability to [connect to Kuberenetes resources](./4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md) without network routing, DNS, TLS or Ingress configuration required ### 🛠️ Configurable Features - Customizable [variables and package templates](examples/variables/README.md) with defaults and user prompting -- [Composable packages](https://docs.zarf.dev/docs/user-guide/zarf-packages/zarf-components#composing-package-components) to include multiple sub-packages/components +- [Composable packages](./4-user-guide/2-zarf-packages/2-zarf-components.md#composing-package-components) to include multiple sub-packages/components - Component-level OS/architecture filtering ## Quick Start diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md index fc836ff2e5..ddff081c4b 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md @@ -35,4 +35,3 @@ zarf [COMMAND] [flags] * [zarf prepare](zarf_prepare.md) - Tools to help prepare assets for packaging * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier * [zarf version](zarf_version.md) - Version of the Zarf binary - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md index 3abf6c525a..6c8a72ffa3 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md @@ -34,4 +34,3 @@ See each sub-command's help for details on how to use the generated script. * [zarf completion fish](zarf_completion_fish.md) - Generate the autocompletion script for fish * [zarf completion powershell](zarf_completion_powershell.md) - Generate the autocompletion script for powershell * [zarf completion zsh](zarf_completion_zsh.md) - Generate the autocompletion script for zsh - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md index d31208c823..0a9c24bee6 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md @@ -53,4 +53,3 @@ zarf completion bash ## SEE ALSO * [zarf completion](zarf_completion.md) - Generate the autocompletion script for the specified shell - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md index cb322379c8..5961138e08 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md @@ -44,4 +44,3 @@ zarf completion fish [flags] ## SEE ALSO * [zarf completion](zarf_completion.md) - Generate the autocompletion script for the specified shell - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md index 0d901dcc34..ddd612008b 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md @@ -41,4 +41,3 @@ zarf completion powershell [flags] ## SEE ALSO * [zarf completion](zarf_completion.md) - Generate the autocompletion script for the specified shell - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md index ab9474b616..791788d317 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md @@ -55,4 +55,3 @@ zarf completion zsh [flags] ## SEE ALSO * [zarf completion](zarf_completion.md) - Generate the autocompletion script for the specified shell - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md index 0ecf4c3f77..c255e76e84 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md @@ -9,7 +9,7 @@ Uses a k8s port-forward to connect to resources within the cluster referenced by Three default options for this command are . These will connect to the Zarf created resources (assuming they were selected when performing the `zarf init` command). Packages can provide service manifests that define their own shortcut connection options. These options will be printed to the terminal when the package finishes deploying. - If you don't remember what connection shortcuts your deployed package offers, you can search your cluster for services that have the 'zarf.dev/connect-name' label. The value of that label is the name you will pass into the 'zarf connect' command. + If you don't remember what connection shortcuts your deployed package offers, you can search your cluster for services that have the 'zarf.dev/connect-name' label. The value of that label is the name you will pass into the 'zarf connect' command. Even if the packages you deploy don't define their own shortcut connection options, you can use the command flags to connect into specific resources. You can read the command flag descriptions below to get a better idea how to connect to whatever resource you are trying to connect to. @@ -45,4 +45,3 @@ zarf connect {REGISTRY|LOGGING|GIT|connect-name} [flags] * [zarf](zarf.md) - DevSecOps for Airgap * [zarf connect list](zarf_connect_list.md) - List all available connection shortcuts. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md index b04699d5a4..43c2ca7f12 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md @@ -28,4 +28,3 @@ zarf connect list [flags] ## SEE ALSO * [zarf connect](zarf_connect.md) - Access services or pods deployed in the cluster. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md index f736ae437e..d75f053d7b 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md @@ -40,4 +40,3 @@ zarf destroy [flags] ## SEE ALSO * [zarf](zarf.md) - DevSecOps for Airgap - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md index 63f0acb346..f15d647003 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md @@ -5,7 +5,7 @@ Prepares a k8s cluster for the deployment of Zarf packages ## Synopsis -Injects a docker registry as well as other optional useful things (such as a git server and a logging stack) into a k8s cluster under the 'zarf' namespace to support future application deployments. +Injects a docker registry as well as other optional useful things (such as a git server and a logging stack) into a k8s cluster under the 'zarf' namespace to support future application deployments. If you do not have a k8s cluster already configured, this command will give you the ability to install a cluster locally. This command looks for a zarf-init package in the local directory that the command was executed from. If no package is found in the local directory and the Zarf CLI exists somewhere outside of the current directory, Zarf will failover and attempt to find a zarf-init package in the directory that the Zarf binary is located in. @@ -81,4 +81,3 @@ zarf init --git-push-password={PASSWORD} --git-push-username={USERNAME} --git-ur ## SEE ALSO * [zarf](zarf.md) - DevSecOps for Airgap - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md index f9b6f0b7e1..36952c66b4 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md @@ -31,4 +31,3 @@ Zarf package commands for creating, deploying, and inspecting packages * [zarf package publish](zarf_package_publish.md) - Publish a Zarf package to a remote registry * [zarf package pull](zarf_package_pull.md) - Pull a Zarf package from a remote registry and save to the local file system * [zarf package remove](zarf_package_remove.md) - Use to remove a Zarf package that has been deployed already - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md index d5859cc560..45a099362a 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md @@ -43,4 +43,3 @@ zarf package create [DIRECTORY] [flags] ## SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md index ea7cb26a5a..c4e444f273 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md @@ -14,14 +14,15 @@ zarf package deploy [PACKAGE] [flags] ## Options ``` - --components string Comma-separated list of components to install. Adding this flag will skip the init prompts for which components to install - --confirm Confirms package deployment without prompting. ONLY use with packages you trust. Skips prompts to review SBOM, configure variables, select optional components and review potential breaking changes. - -h, --help help for deploy - -k, --key string Path to public key file for validating signed packages - --oci-concurrency int Number of concurrent layer operations to perform when interacting with a remote package. (default 3) - --set stringToString Specify deployment variables to set on the command line (KEY=value) (default []) - --sget string Path to public sget key file for remote packages signed via cosign - --shasum string Shasum of the package to deploy. Required if deploying a remote package and "--insecure" is not provided + --adopt-existing-resources Adopts any pre-existing K8s resources into the Helm charts managed by Zarf. ONLY use when you have existing deployments you want Zarf to takeover. + --components string Comma-separated list of components to install. Adding this flag will skip the init prompts for which components to install + --confirm Confirms package deployment without prompting. ONLY use with packages you trust. Skips prompts to review SBOM, configure variables, select optional components and review potential breaking changes. + -h, --help help for deploy + -k, --key string Path to public key file for validating signed packages + --oci-concurrency int Number of concurrent layer operations to perform when interacting with a remote package. (default 3) + --set stringToString Specify deployment variables to set on the command line (KEY=value) (default []) + --sget string Path to public sget key file for remote packages signed via cosign + --shasum string Shasum of the package to deploy. Required if deploying a remote package and "--insecure" is not provided ``` ## Options inherited from parent commands @@ -39,4 +40,3 @@ zarf package deploy [PACKAGE] [flags] ## SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md index b43c128cfc..79a3c80d36 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md @@ -36,4 +36,3 @@ zarf package inspect [PACKAGE] [flags] ## SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md index 464c2cef0a..72b5a761e1 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md @@ -28,4 +28,3 @@ zarf package list [flags] ## SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_publish.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_publish.md index a2492e96fc..6e90cd636f 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_publish.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_publish.md @@ -37,4 +37,3 @@ zarf package publish [PACKAGE] [REPOSITORY] [flags] ## SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_pull.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_pull.md index 462b900620..0b40e4a373 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_pull.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_pull.md @@ -36,4 +36,3 @@ zarf package pull [REFERENCE] [flags] ## SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md index 15f7f5df27..daa4a64949 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md @@ -30,4 +30,3 @@ zarf package remove {PACKAGE_NAME|PACKAGE_FILE} [flags] ## SEE ALSO * [zarf package](zarf_package.md) - Zarf package commands for creating, deploying, and inspecting packages - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md index 9daa91484f..28990a4745 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md @@ -26,7 +26,6 @@ Tools to help prepare assets for packaging * [zarf](zarf.md) - DevSecOps for Airgap * [zarf prepare find-images](zarf_prepare_find-images.md) - Evaluates components in a zarf file to identify images specified in their helm charts and manifests * [zarf prepare generate-config](zarf_prepare_generate-config.md) - Generates a config file for Zarf -* [zarf prepare patch-git](zarf_prepare_patch-git.md) - Converts all .git URLs to the specified Zarf HOST and with the Zarf URL pattern in a given FILE. NOTE: +* [zarf prepare patch-git](zarf_prepare_patch-git.md) - Converts all .git URLs to the specified Zarf HOST and with the Zarf URL pattern in a given FILE. NOTE: This should only be used for manifests that are not mutated by the Zarf Agent Mutating Webhook. * [zarf prepare sha256sum](zarf_prepare_sha256sum.md) - Generate a SHA256SUM for the given file - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md index 151d6793f2..427620b687 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md @@ -36,4 +36,3 @@ zarf prepare find-images [PACKAGE] [flags] ## SEE ALSO * [zarf prepare](zarf_prepare.md) - Tools to help prepare assets for packaging - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md index b0de11646f..100a6094ad 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md @@ -7,7 +7,7 @@ Generates a config file for Zarf Generates a Zarf config file for controlling how the Zarf CLI operates. Optionally accepts a filename to write the config to. -The extension will determine the format of the config file, e.g. env-1.yaml, env-2.json, env-3.toml etc. +The extension will determine the format of the config file, e.g. env-1.yaml, env-2.json, env-3.toml etc. Accepted extensions are json, toml, yaml. NOTE: This file must not already exist. If no filename is provided, the config will be written to the current working directory as zarf-config.toml. @@ -37,4 +37,3 @@ zarf prepare generate-config [FILENAME] [flags] ## SEE ALSO * [zarf prepare](zarf_prepare.md) - Tools to help prepare assets for packaging - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md index 170804a22f..4ff7daeb5f 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md @@ -1,7 +1,7 @@ # zarf prepare patch-git -Converts all .git URLs to the specified Zarf HOST and with the Zarf URL pattern in a given FILE. NOTE: +Converts all .git URLs to the specified Zarf HOST and with the Zarf URL pattern in a given FILE. NOTE: This should only be used for manifests that are not mutated by the Zarf Agent Mutating Webhook. ``` @@ -30,4 +30,3 @@ zarf prepare patch-git [HOST] [FILE] [flags] ## SEE ALSO * [zarf prepare](zarf_prepare.md) - Tools to help prepare assets for packaging - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md index 852764cf04..594ae43d28 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md @@ -28,4 +28,3 @@ zarf prepare sha256sum [FILE|URL] [flags] ## SEE ALSO * [zarf prepare](zarf_prepare.md) - Tools to help prepare assets for packaging - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md index 2f41249b73..6da64098da 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md @@ -26,7 +26,7 @@ Collection of additional tools to make airgap easier * [zarf](zarf.md) - DevSecOps for Airgap * [zarf tools archiver](zarf_tools_archiver.md) - Compress/Decompress generic archives, including Zarf packages. * [zarf tools clear-cache](zarf_tools_clear-cache.md) - Clears the configured git and image cache directory. -* [zarf tools gen-key](zarf_tools_gen-key.md) - +* [zarf tools gen-key](zarf_tools_gen-key.md) - Generates a cosign public/private keypair that can be used to sign packages * [zarf tools gen-pki](zarf_tools_gen-pki.md) - Generates a Certificate Authority and PKI chain of trust for the given host * [zarf tools get-creds](zarf_tools_get-creds.md) - Display a Table of credentials for deployed components. Pass a component name to get a single credential. * [zarf tools kubectl](zarf_tools_kubectl.md) - Kubectl command. See https://kubernetes.io/docs/reference/kubectl/overview/ for more information. @@ -34,4 +34,3 @@ Collection of additional tools to make airgap easier * [zarf tools registry](zarf_tools_registry.md) - Tools for working with container registries using go-containertools. * [zarf tools sbom](zarf_tools_sbom.md) - Generates a Software Bill of Materials (SBOM) for the given package * [zarf tools wait-for](zarf_tools_wait-for.md) - Waits for a given Kubernetes resource to be ready - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md index 6c19fb8fa9..b7f090a319 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md @@ -26,4 +26,3 @@ Compress/Decompress generic archives, including Zarf packages. * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier * [zarf tools archiver compress](zarf_tools_archiver_compress.md) - Compress a collection of sources based off of the destination file extension. * [zarf tools archiver decompress](zarf_tools_archiver_decompress.md) - Decompress an archive or Zarf package based off of the source file extension. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md index 04bcd7175f..e60bbe0b7b 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md @@ -28,4 +28,3 @@ zarf tools archiver compress {SOURCES} {ARCHIVE} [flags] ## SEE ALSO * [zarf tools archiver](zarf_tools_archiver.md) - Compress/Decompress generic archives, including Zarf packages. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md index 8908e198c3..d9f006cc08 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md @@ -29,4 +29,3 @@ zarf tools archiver decompress {ARCHIVE} {DESTINATION} [flags] ## SEE ALSO * [zarf tools archiver](zarf_tools_archiver.md) - Compress/Decompress generic archives, including Zarf packages. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md index e434035607..e02cd30297 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md @@ -28,4 +28,3 @@ zarf tools clear-cache [flags] ## SEE ALSO * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-key.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-key.md index 0b41106f3a..a2788f75ba 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-key.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-key.md @@ -1,7 +1,7 @@ # zarf tools gen-key - +Generates a cosign public/private keypair that can be used to sign packages ``` zarf tools gen-key [flags] @@ -28,4 +28,3 @@ zarf tools gen-key [flags] ## SEE ALSO * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md index 4a56fe0e1e..3117cba52c 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md @@ -29,4 +29,3 @@ zarf tools gen-pki {HOST} [flags] ## SEE ALSO * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md index 4d55838eb9..564415a3f3 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md @@ -5,7 +5,7 @@ Display a Table of credentials for deployed components. Pass a component name to ## Synopsis -Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry' +Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry' ``` zarf tools get-creds [flags] @@ -32,4 +32,3 @@ zarf tools get-creds [flags] ## SEE ALSO * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_kubectl.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_kubectl.md index fe3e38d1b2..ae33ea9c7b 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_kubectl.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_kubectl.md @@ -28,4 +28,3 @@ zarf tools kubectl [flags] ## SEE ALSO * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md index 583f61caea..be6566181d 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md @@ -28,4 +28,3 @@ zarf tools monitor [flags] ## SEE ALSO * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md index 3adb846b46..976441b52a 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md @@ -29,4 +29,3 @@ Tools for working with container registries using go-containertools. * [zarf tools registry login](zarf_tools_registry_login.md) - Log in to a registry * [zarf tools registry pull](zarf_tools_registry_pull.md) - Pull remote images by reference and store their contents locally * [zarf tools registry push](zarf_tools_registry_push.md) - Push local image contents to a remote registry - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md index 888fc0da3a..9a5fc69c44 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md @@ -38,4 +38,3 @@ zarf tools registry catalog [REGISTRY] [flags] ## SEE ALSO * [zarf tools registry](zarf_tools_registry.md) - Tools for working with container registries using go-containertools. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md index dd9a741359..16a7c0fe4c 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md @@ -28,4 +28,3 @@ zarf tools registry copy SRC DST [flags] ## SEE ALSO * [zarf tools registry](zarf_tools_registry.md) - Tools for working with container registries using go-containertools. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md index b78de88bef..d44ab45f00 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md @@ -31,4 +31,3 @@ zarf tools registry login [OPTIONS] [SERVER] [flags] ## SEE ALSO * [zarf tools registry](zarf_tools_registry.md) - Tools for working with container registries using go-containertools. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md index bfb44c6b24..c62106daee 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md @@ -31,4 +31,3 @@ zarf tools registry pull IMAGE TARBALL [flags] ## SEE ALSO * [zarf tools registry](zarf_tools_registry.md) - Tools for working with container registries using go-containertools. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md index 0d4defdaea..3ba129d2d4 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md @@ -34,4 +34,3 @@ zarf tools registry push PATH IMAGE [flags] ## SEE ALSO * [zarf tools registry](zarf_tools_registry.md) - Tools for working with container registries using go-containertools. - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md index 2958c38d17..b3bfe85004 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md @@ -48,4 +48,3 @@ zarf tools sbom [flags] * [zarf tools sbom login](zarf_tools_sbom_login.md) - Log in to a registry * [zarf tools sbom packages](zarf_tools_sbom_packages.md) - Generate a package SBOM * [zarf tools sbom version](zarf_tools_sbom_version.md) - show the version - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md index b416fda50a..49d0992d65 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md @@ -44,4 +44,3 @@ zarf tools sbom attest --output [FORMAT] [flags] ## SEE ALSO * [zarf tools sbom](zarf_tools_sbom.md) - Generates a Software Bill of Materials (SBOM) for the given package - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md index 1bead790ea..9476cfc2fd 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md @@ -43,4 +43,3 @@ zarf tools sbom convert [SOURCE-SBOM] -o [FORMAT] [flags] ## SEE ALSO * [zarf tools sbom](zarf_tools_sbom.md) - Generates a Software Bill of Materials (SBOM) for the given package - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md index fb0e5e1a5d..beed5f43ce 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md @@ -34,4 +34,3 @@ zarf tools sbom login [OPTIONS] [SERVER] [flags] ## SEE ALSO * [zarf tools sbom](zarf_tools_sbom.md) - Generates a Software Bill of Materials (SBOM) for the given package - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md index 5caaf30a12..c1d43a1e13 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md @@ -43,4 +43,3 @@ zarf tools sbom packages [SOURCE] [flags] ## SEE ALSO * [zarf tools sbom](zarf_tools_sbom.md) - Generates a Software Bill of Materials (SBOM) for the given package - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md index a07f8b7571..52cd8bfa55 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md @@ -32,4 +32,3 @@ zarf tools sbom version [flags] ## SEE ALSO * [zarf tools sbom](zarf_tools_sbom.md) - Generates a Software Bill of Materials (SBOM) for the given package - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_wait-for.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_wait-for.md index a7bd5419e2..56047af73e 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_wait-for.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_wait-for.md @@ -5,9 +5,9 @@ Waits for a given Kubernetes resource to be ready ## Synopsis -By default Zarf will wait for all Kubernetes resources to be ready before completion of a component during a deployment. -This command can be used to wait for a Kubernetes resources to exist and be ready that may be created by a Gitops tool or a Kubernetes operator. -You can also wait for aribtrary network endpoints using REST or TCP checks. +By default Zarf will wait for all Kubernetes resources to be ready before completion of a component during a deployment. +This command can be used to wait for a Kubernetes resources to exist and be ready that may be created by a Gitops tool or a Kubernetes operator. +You can also wait for arbitrary network endpoints using REST or TCP checks. @@ -25,7 +25,7 @@ zarf tools wait-for {KIND|PROTOCOL} {NAME|SELECTOR|URI} {CONDITION|HTTP_CODE} [f zarf tools wait-for pod app=podinfo ready -n podinfo wait for pod with label app=podinfo in namespace podinfo to be ready zarf tools wait-for svc zarf-docker-registry exists -n zarf wait for service zarf-docker-registry in namespace zarf to exist zarf tools wait-for svc zarf-docker-registry -n zarf same as above, except exists is the default condition - zarf tools wati-for crd addons.k3s.cattle.io wait for crd addons.k3s.cattle.io to exist + zarf tools wait-for crd addons.k3s.cattle.io wait for crd addons.k3s.cattle.io to exist Wait for network endpoints: zarf tools wait-for http localhost:8080 200 wait for a 200 response from http://localhost:8080 @@ -33,7 +33,6 @@ zarf tools wait-for {KIND|PROTOCOL} {NAME|SELECTOR|URI} {CONDITION|HTTP_CODE} [f zarf tools wait-for https 1.1.1.1 200 wait for a 200 response from https://1.1.1.1 zarf tools wait-for http google.com wait for any 2xx response from http://google.com zarf tools wait-for http google.com success wait for any 2xx response from http://google.com - ``` ## Options @@ -59,4 +58,3 @@ zarf tools wait-for {KIND|PROTOCOL} {NAME|SELECTOR|URI} {CONDITION|HTTP_CODE} [f ## SEE ALSO * [zarf tools](zarf_tools.md) - Collection of additional tools to make airgap easier - diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md index 8ececf178c..b5f4a5bc74 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md @@ -32,4 +32,3 @@ zarf version [flags] ## SEE ALSO * [zarf](zarf.md) - DevSecOps for Airgap - diff --git a/docs/4-user-guide/2-zarf-packages/3-the-zarf-init-package.md b/docs/4-user-guide/2-zarf-packages/3-the-zarf-init-package.md index 0b52c4cf50..13d12b0b41 100644 --- a/docs/4-user-guide/2-zarf-packages/3-the-zarf-init-package.md +++ b/docs/4-user-guide/2-zarf-packages/3-the-zarf-init-package.md @@ -9,7 +9,7 @@ It is defined by composed components which provide a foundation for future packa ## Required Component -Zarf's capabilities require that the [`zarf-agent`](https://docs.zarf.dev/docs/faq#what-is-the-zarf-agent) component of the init package is constantly active, meaning that it cannot be disabled and is always on. This component is automatically deployed whenever a `zarf init` command is executed. +Zarf's capabilities require that the [`zarf-agent`](../../9-faq.md#what-is-the-zarf-agent) component of the init package is constantly active, meaning that it cannot be disabled and is always on. This component is automatically deployed whenever a `zarf init` command is executed. | Component | Description | | ----------------------- | -------------------------------------------------------------------------------------------------------------------- | @@ -19,9 +19,9 @@ Zarf's capabilities require that the [`zarf-agent`](https://docs.zarf.dev/docs/f In addition to the required `zarf-agent` component, Zarf also offers components that provide additional functionality and can be enabled as needed based on your desired end-state. -In most scenarios, Zarf will also deploy an internal registry using the components described below. However, Zarf can be configured to use an already existing registry with the `--registry-*` flags when running `zarf init` (detailed information on all `zarf init` command flags can be found in the [zarf init CLI](https://docs.zarf.dev/docs/user-guide/the-zarf-cli/cli-commands/zarf_init) section). This option skips the injector and seed process, and will not deploy a registry to the cluster. Instead, it uploads any images to the externally configured registry. +In most scenarios, Zarf will also deploy an internal registry using the components described below. However, Zarf can be configured to use an already existing registry with the `--registry-*` flags when running `zarf init` (detailed information on all `zarf init` command flags can be found in the [zarf init CLI](../1-the-zarf-cli/100-cli-commands/zarf_init.md) section). This option skips the injector and seed process, and will not deploy a registry to the cluster. Instead, it uploads any images to the externally configured registry. -| Components | Description +| Components | Description | ----------------------- | -------------------------------------------------------------------------------------------------------------------- | | zarf-injector | Adds a Rust and Go binary to the working directory to use during the registry bootstrapping. | | zarf-seed-registry | Adds a temporary container registry so Zarf can bootstrap itself into the cluster. | @@ -40,7 +40,7 @@ There are two ways to deploy optional components. Firstly, you can provide a com :::note Deploying the 'k3s' component will require root access (not just sudo), as it modifies your host machine to install the cluster. - + ::: ## What Makes the Init Package Special diff --git a/docs/4-user-guide/index.md b/docs/4-user-guide/index.md index 75e05109f1..a87edfdc72 100644 --- a/docs/4-user-guide/index.md +++ b/docs/4-user-guide/index.md @@ -2,7 +2,7 @@ Using Zarf optimizes the delivery of applications and capabilities in air-gapped and complex environments. This tool eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps. This guide is intended for end users using Zarf to securely and efficiently deploy modern stacks onto remote/constrained/independent environments. -The below list contains information on how to use and configure Zarf’s major features: +The below list contains information on how to use and configure Zarf's major features: - Deploy Zarf [Packages](2-zarf-packages/1-zarf-packages.md) (Zpkg). - Maintain Zarf Packages in the cluster. @@ -65,7 +65,7 @@ Shipping a Zarf Package is _very_ contextual to the target environment. Consider There are numerous methods to transport your Zarf Package, for example: -- Burning your package onto a disk. +- Burning your package onto a disk. - Using a satellite uplink. - Creating a direct internet connection. @@ -84,5 +84,5 @@ Once your package has arrived, you will need to: If you are looking for more advanced information on how to operate and customize Zarf to your specific environment needs, check out these additional resources: - For information on how to create a custom configuration of the Zarf CLI see the [Operator Manual](../5-operator-manual/_category_.json). -- For information on how to create your own Zarf Packages see the [Zarf Packages](https://docs.zarf.dev/docs/user-guide/zarf-packages/) page. +- For information on how to create your own Zarf Packages see the [Zarf Packages](./2-zarf-packages/index.md) page. - To see some of the ways our community is using Zarf to deploy code onto air-gapped systems see the [Zarf Examples](../../examples/README.md). diff --git a/docs/6-contribute-to-zarf/4-style-guide.md b/docs/6-contribute-to-zarf/4-style-guide.md index 0a10a1e7c4..1c9dc6b388 100644 --- a/docs/6-contribute-to-zarf/4-style-guide.md +++ b/docs/6-contribute-to-zarf/4-style-guide.md @@ -6,7 +6,7 @@ Welcome to the Defense Unicorns Project Documentation Style Guide, your guide to ### Writing Goals With every piece of content or documentation we publish, we should aim to: - **Be clear:** Start with the key takeaway. Put the most important thing in the most noticeable spot. Make choices and next steps obvious. Give people just enough information to make decisions confidently. -- **Be concise:** Everyone likes clarity and getting to the point. Break it up. Step it out. Layer. Short sentences and fragments are easier to scan and read. +- **Be concise:** Everyone likes clarity and getting to the point. Break it up. Step it out. Layer. Short sentences and fragments are easier to scan and read. - **Be useful:** Before you start writing, ask yourself: What purpose does this serve? Who is going to read it? What do they need to know? ### Writing Tone @@ -15,7 +15,7 @@ Here at Defense Unicorns, we aim to publish project documentation that is inform Here are some key elements of writing in the Defense Unicorn tone: - Use [active voice](https://webapps.towson.edu/ows/activepass.htm), avoid using passive voice. - Write plainly, avoid using cliches, colloquiums, jargon, and unclear analogies. -- Be crisp and clear, make it simple. +- Be crisp and clear, make it simple. - Be warm and relaxed, we're humans! - Be technically correct. @@ -62,31 +62,31 @@ Follow these guidelines for creating Defense Unicorns code examples: * Show expected output, either in a separate section after the code example or by using code comments within the code example. ### Text Formatting -The thoughtful use of fonts, text formatting, capitalization, alignment, and spacing creates a first impression, reinforces the Defense Unicorn brand, and improves readability. The consistent formatting of text elements, such as command names and URLs, reduces ambiguity and helps users find and interpret information easily. +The thoughtful use of fonts, text formatting, capitalization, alignment, and spacing creates a first impression, reinforces the Defense Unicorn brand, and improves readability. The consistent formatting of text elements, such as command names and URLs, reduces ambiguity and helps users find and interpret information easily. Follow these guidelines for creating proper Defense Unicorns text formatting: -* Use headings to show hierarchy of information. -* Project documentation and project websites use Roboto for the body text, unless explicitly stated in otherwise in the project brand guide. -* When referring to bold formatting, use bold. +* Use headings to show hierarchy of information. +* Project documentation and project websites use Roboto for the body text, unless explicitly stated in otherwise in the project brand guide. +* When referring to bold formatting, use bold. * When referring to italic formatting, use italic. -* Default to using left alignment for all body text and titles in documentation. +* Default to using left alignment for all body text and titles in documentation. * Titles may be center aligned on websites and marketing materials. ### Procedures and Instructions -It is important to ensure that our communication is clear, concise, and useful. Many portions of our documentation consists of examples and walkthroughs for users to deploy our software. Creating consistent formatting helps users locate and interpret steps and procedures efficiently. +It is important to ensure that our communication is clear, concise, and useful. Many portions of our documentation consists of examples and walkthroughs for users to deploy our software. Creating consistent formatting helps users locate and interpret steps and procedures efficiently. Follow these guidelines for creating Defense Unicorn instructions and procedures: * Format procedures consistently so customers can find them easily by scanning. -* Consider using a heading to help users find instructions quickly. +* Consider using a heading to help users find instructions quickly. * Use complete sentences. * Capitalize the first word in each step. -* Use a period after each step. +* Use a period after each step. * Use a period after each bullet or list item. ### Grammar Rules -Adhering to certain rules of grammar and mechanics helps us keep our writing clear and consistent. It’s important to ensure that content grammar and mechanics align with our company’s values of sharing insights and mission impact. +Adhering to certain rules of grammar and mechanics helps us keep our writing clear and consistent. It's important to ensure that content grammar and mechanics align with our company's values of sharing insights and mission impact. Following these guidelines will help you write content and documentation that is informative and approachable: @@ -94,28 +94,28 @@ Following these guidelines will help you write content and documentation that is * Avoid run-on sentences. * Use commas appropriately. * Use active voice. -* Avoid using exclamation points in text except when they're part of a code example. +* Avoid using exclamation points in text except when they're part of a code example. * Rather than using exclamation points to call attention to an important point, consider using notices such as Note or Caution. - * See the ‘Admonitions’ section. + * See the 'Admonitions' section. ### Heading and Title Language -Considering the majority of our documentation revolves around Zarf, it’s components, and commands, the language we use to introduce titles and headings needs to reflect the correct tense. +Considering the majority of our documentation revolves around Zarf, it's components, and commands, the language we use to introduce titles and headings needs to reflect the correct tense. **Default to using the tense of the command when addressing it in titles and headings.** For example: -* “Create Package”/”Package Create” -* “Deploy Package”/”Package Deploy” -* “Package Publish” +* "Create Package"/"Package Create" +* "Deploy Package"/"Package Deploy" +* "Package Publish" -**Do not use:** +**Do not use:** -* “Package Creation” -* “Package Deployment” -* “Package Publication” +* "Package Creation" +* "Package Deployment" +* "Package Publication" A good rule of thumb for creating titles and headings is to ensure that they do not wrap on the right hand side of the documentation. This is to maintain consistency and ease of use for the reader. -### Abbreviations +### Abbreviations Abbreviations are commonly used in the industries we work in (Technology, Defense, Government/Civilian). Abbreviations may be a more effective way of communicating information, especially when the abbreviation is used as a proper noun (ex. DoD, DevSecOps). Remember that some readers may not know what an abbreviation means, especially if it is industry specific. #### When to use Abbreviations @@ -125,10 +125,10 @@ To avoid confusion and ensure understanding for all users, follow these guidelin * Spell out abbreviations the first time you use them on a page or in a document with the abbreviation in parenthesis following the definition. * Ex. Continuous Integration & Continuous Delivery (CI/CD) -* Capitalization of abbreviation follow the capitalization of each letter used when spelled out. +* Capitalization of abbreviation follow the capitalization of each letter used when spelled out. * Ex. Department of Defense is abbreviated to DoD * Use standard acronyms and initialisms that will save the reader time. -* Spell out abbreviations on first reference, be sure to include the abbreviation in parenthesis following the definition. +* Spell out abbreviations on first reference, be sure to include the abbreviation in parenthesis following the definition. * Avoid using abbreviations for terms that aren't related to the main topic of the document. * Do not use period (.) between letters. @@ -157,25 +157,25 @@ Use *Info* when: you need to include additional information that would disrupt t Use *Caution* when: you need to highlight something critical or important. ### Linking Text -Linking to other forms of documentation or references is a great way to provide additional insight to the reader. In general, cross-references or in text links can provide information that adds to the reader's understanding. +Linking to other forms of documentation or references is a great way to provide additional insight to the reader. In general, cross-references or in text links can provide information that adds to the reader's understanding. Follow these guidelines to efficiently link the reader to other resources: * To write link text, use descriptive phrases that provide context for the material that you're linking to. - * “For more information on what Zarf consists of, see [Zarf Packages](https://docs.zarf.dev/docs/user-guide/zarf-packages/). + * "For more information on what Zarf consists of, see [Zarf Packages](../4-user-guide/2-zarf-packages/index.md). * When you write a complete sentence that refers the reader to another topic, introduce the link with the phrase For more information, see or For more information about..., see. - * "For more information, see [Getting Started](https://docs.zarf.dev/docs/getting-started)." + * "For more information, see [Getting Started](../3-getting-started.md)." -When linking text, **avoid** using non-descriptive terms as the text. Using text such as “here” or “see more” can depreciate the usability for readers. For example, do **not** say: -* “For more information, see [here.]” -* “You can also try out the component actions example [here.]” +When linking text, **avoid** using non-descriptive terms as the text. Using text such as "here" or "see more" can depreciate the usability for readers. For example, do **not** say: +* "For more information, see [here.]" +* "You can also try out the component actions example [here.]" ### Jargon Jargon is the specialized and often figurative terminology of a specific group to represent a larger concept—for example, camel case, swim lane, break-glass procedure, or out-of-the-box. Typically, the meaning of jargon isn't understood except by the specific group. For this reason, jargon can hamper our efforts to publish content that's clear. However, some jargon is widely understood and accepted by our industry or by the intended audience of a document. It can be valuable to include jargon in a document when you know that readers search for those terms. -Don’t use jargon if: +Don't use jargon if: * You can use a more familiar term, such as symbol instead of glyph. * The term is familiar to only a small segment of your readers. @@ -189,11 +189,11 @@ If you're going to use jargon, consider the following questions: ### Word List Follow these guidelines for standardizing Defense Unicorn's spelling and grammar: -* Zarf -* Zarf Package -* Open-source +* Zarf +* Zarf Package +* Open-source * Air gap/Air-gapped * K8/K8s * K9/K9s * K3d/K3ds -* High side/Low side \ No newline at end of file +* High side/Low side diff --git a/docs/9-faq.md b/docs/9-faq.md index 16ee5e8ce8..b994d5216c 100644 --- a/docs/9-faq.md +++ b/docs/9-faq.md @@ -30,6 +30,16 @@ Resources can be excluded at the namespace or resources level by adding the `zar During the `zarf init` operation, the Zarf Agent will patch any existing namespaces with the `zarf.dev/agent: ignore` label to prevent the Agent from modifying any resources in that namespace. This is done because there is no way to guarantee the images used by pods in existing namespaces are available in the Zarf Registry. +If you would like to adopt pre-existing resources into a Zarf deployment you can use the `--adopt-existing-resources` flag on [`zarf package deploy`](./4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md) to adopt those resources into the Helm Releases that Zarf manages (including namespaces). This will add the requisite annotations and labels to those resources and drop the `zarf.dev/agent: ignore` label from any namespaces specified by those resources. + +:::note + +Zarf will refuse to adopt the Kubernetes [initial namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#initial-namespaces). It is recommended that you do not deploy resources into the `default` or `kube-*` namespaces with Zarf. + +Additionally, when adopting resources, you should ensure that the namespaces you are adopting are dedicated to Zarf, or that you go back and manually add the `zarf.dev/agent: ignore` label to any non-Zarf managed resources in those namespaces (and ensure that updates to those resources do not strip that label) otherwise you may see [ImagePullBackOff](https://kubernetes.io/docs/concepts/containers/images/#imagepullbackoff) errors. + +::: + ## How can I improve the speed of loading large images from Docker on `zarf package create`? Due to some limitations with how Docker provides access to local image layers, `zarf package create` has to rely on `docker save` under the hood which is [very slow overall](https://github.com/defenseunicorns/zarf/issues/1214) and also takes a long time to report progress. We experimented with many ways to improve this, but for now recommend leveraging a local docker registry to speed up the process. This can be done by running a local registry and pushing the images to it before running `zarf package create`. This will allow `zarf package create` to pull the images from the local registry instead of Docker. This can also be combined with [component actions](4-user-guide/5-component-actions.md) to make the process automatic. Given an example image of `my-giant-image:###ZARF_PKG_TMPL_IMG###` you could do something like this: @@ -111,5 +121,7 @@ spec: YOLO Mode is a special package metadata designation that be added to a package prior to `zarf package create` to allow the package to be installed without the need for a `zarf init` operation. In most cases this will not be used, but it can be useful for testing or for environments that manage their own registries and Git servers completely outside of Zarf. This can also be used as a way to transition slowly to using Zarf without having to do a full migration. :::note + Typically you should not deploy a Zarf package in YOLO mode if the cluster has already been initialized with Zarf. This could lead to an [ImagePullBackOff](https://kubernetes.io/docs/concepts/containers/images/#imagepullbackoff) if the resources in the package do not include the `zarf.dev/agent: ignore` label and are not already available in the Zarf Registry. + ::: diff --git a/docs/gen-cli-docs.sh b/docs/gen-cli-docs.sh index bb33823e89..83fc5d6ef8 100755 --- a/docs/gen-cli-docs.sh +++ b/docs/gen-cli-docs.sh @@ -13,7 +13,8 @@ printf "${MENU_LABEL}" > docs/4-user-guide/1-the-zarf-cli/100-cli-commands/_cate printf "Updating section header levels\n" for FILE in `find docs/4-user-guide/1-the-zarf-cli/100-cli-commands -name "*.md"` do - sed -i.bak "s/^##/#/g" ${FILE} + sed -i.bak 's/^##/#/g' ${FILE} sed -i.bak '2s/^/\n/' ${FILE} + sed -i.bak ':a;N;$!ba;s/\n$//' ${FILE} rm ${FILE}.bak done diff --git a/examples/dos-games/zarf.yaml b/examples/dos-games/zarf.yaml index c7f7a47f9c..92e396183b 100644 --- a/examples/dos-games/zarf.yaml +++ b/examples/dos-games/zarf.yaml @@ -8,7 +8,7 @@ components: required: true manifests: - name: multi-games - namespace: zarf + namespace: dos-games files: - manifests/deployment.yaml - manifests/service.yaml diff --git a/src/cmd/connect.go b/src/cmd/connect.go index 05a94eac8f..40feb2b244 100644 --- a/src/cmd/connect.go +++ b/src/cmd/connect.go @@ -61,7 +61,7 @@ func init() { connectCmd.AddCommand(connectListCmd) connectCmd.Flags().StringVar(&connectResourceName, "name", "", lang.CmdConnectFlagName) - connectCmd.Flags().StringVar(&connectNamespace, "namespace", cluster.ZarfNamespace, lang.CmdConnectFlagNamespace) + connectCmd.Flags().StringVar(&connectNamespace, "namespace", cluster.ZarfNamespaceName, lang.CmdConnectFlagNamespace) connectCmd.Flags().StringVar(&connectResourceType, "type", cluster.SvcResource, lang.CmdConnectFlagType) connectCmd.Flags().IntVar(&connectLocalPort, "local-port", 0, lang.CmdConnectFlagLocalPort) connectCmd.Flags().IntVar(&connectRemotePort, "remote-port", 0, lang.CmdConnectFlagRemotePort) diff --git a/src/cmd/package.go b/src/cmd/package.go index 7bc619dde2..162174fd8e 100644 --- a/src/cmd/package.go +++ b/src/cmd/package.go @@ -322,6 +322,9 @@ func bindDeployFlags() { // Always require confirm flag (no viper) deployFlags.BoolVar(&config.CommonOptions.Confirm, "confirm", false, lang.CmdPackageDeployFlagConfirm) + // Always require adopt-existing-resources flag (no viper) + deployFlags.BoolVar(&pkgConfig.DeployOpts.AdoptExistingResources, "adopt-existing-resources", false, lang.CmdPackageDeployFlagAdoptExistingResources) + v.SetDefault(V_PKG_DEPLOY_SET, map[string]string{}) v.SetDefault(V_PKG_DEPLOY_COMPONENTS, "") v.SetDefault(V_PKG_DEPLOY_SHASUM, "") diff --git a/src/cmd/root.go b/src/cmd/root.go index fade5597b9..b102b76c66 100644 --- a/src/cmd/root.go +++ b/src/cmd/root.go @@ -93,7 +93,7 @@ func init() { rootCmd.PersistentFlags().BoolVar(&message.NoProgress, "no-progress", v.GetBool(V_NO_PROGRESS), lang.RootCmdFlagNoProgress) rootCmd.PersistentFlags().StringVar(&config.CommonOptions.CachePath, "zarf-cache", v.GetString(V_ZARF_CACHE), lang.RootCmdFlagCachePath) rootCmd.PersistentFlags().StringVar(&config.CommonOptions.TempDirectory, "tmpdir", v.GetString(V_TMP_DIR), lang.RootCmdFlagTempDir) - rootCmd.PersistentFlags().BoolVar(&config.CommonOptions.Insecure, "insecure", v.GetBool(V_INSECURE), lang.RootCmdFlagInseure) + rootCmd.PersistentFlags().BoolVar(&config.CommonOptions.Insecure, "insecure", v.GetBool(V_INSECURE), lang.RootCmdFlagInsecure) } func cliSetup() { diff --git a/src/cmd/tools/wait.go b/src/cmd/tools/wait.go index dd095ecaf2..956ae26b8f 100644 --- a/src/cmd/tools/wait.go +++ b/src/cmd/tools/wait.go @@ -39,15 +39,14 @@ var waitForCmd = &cobra.Command{ zarf tools wait-for pod app=podinfo ready -n podinfo wait for pod with label app=podinfo in namespace podinfo to be ready zarf tools wait-for svc zarf-docker-registry exists -n zarf wait for service zarf-docker-registry in namespace zarf to exist zarf tools wait-for svc zarf-docker-registry -n zarf same as above, except exists is the default condition - zarf tools wati-for crd addons.k3s.cattle.io wait for crd addons.k3s.cattle.io to exist + zarf tools wait-for crd addons.k3s.cattle.io wait for crd addons.k3s.cattle.io to exist Wait for network endpoints: zarf tools wait-for http localhost:8080 200 wait for a 200 response from http://localhost:8080 zarf tools wait-for tcp localhost:8080 wait for a connection to be established on localhost:8080 zarf tools wait-for https 1.1.1.1 200 wait for a 200 response from https://1.1.1.1 zarf tools wait-for http google.com wait for any 2xx response from http://google.com - zarf tools wait-for http google.com success wait for any 2xx response from http://google.com - `, + zarf tools wait-for http google.com success wait for any 2xx response from http://google.com`, Args: cobra.MinimumNArgs(2), Run: func(cmd *cobra.Command, args []string) { // Parse the timeout string diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index e3c2ecbf5d..403f97c105 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -97,72 +97,73 @@ func init() { generateKeyCmd := &cobra.Command{ Use: "gen-key", - Aliases: []string{"pki"}, - Short: "", + Aliases: []string{"key"}, + Short: lang.CmdToolsGenKeyShort, Run: func(cmd *cobra.Command, args []string) { - // Utility function to prompt the user for the password to the private key passwordFunc := func(bool) ([]byte, error) { // perform the first prompt var password string prompt := &survey.Password{ - Message: "Private key password (empty for no password): ", + Message: lang.CmdToolsGenKeyPrompt, } if err := survey.AskOne(prompt, &password); err != nil { - return nil, fmt.Errorf("unable to get password for private key: %w", err) + return nil, fmt.Errorf(lang.CmdToolsGenKeyErrUnableGetPassword, err.Error()) } // perform the second prompt var doubleCheck string rePrompt := &survey.Password{ - Message: "Private key password again (empty for no password): ", + Message: lang.CmdToolsGenKeyPromptAgain, } if err := survey.AskOne(rePrompt, &doubleCheck); err != nil { - return nil, fmt.Errorf("unable to get password for private key: %w", err) + return nil, fmt.Errorf(lang.CmdToolsGenKeyErrUnableGetPassword, err.Error()) } // check if the passwords match if password != doubleCheck { - return nil, fmt.Errorf("passwords do not match") + return nil, fmt.Errorf(lang.CmdToolsGenKeyErrPasswordsNotMatch) } return []byte(password), nil - } // Use cosign to generate the keypair keyBytes, err := cosign.GenerateKeyPair(passwordFunc) if err != nil { - message.Fatalf(err, "unable to generate key pair: %s", err.Error()) + message.Fatalf(err, lang.CmdToolsGenKeyErrUnableToGenKeypair, err.Error()) } + prvKeyFileName := "cosign.key" + pubKeyFileName := "cosign.pub" + // Check if we are about to overwrite existing key files - _, prvKeyExistsErr := os.Stat("cosign.key") - _, pubKeyExistsErr := os.Stat("cosign.pub") + _, prvKeyExistsErr := os.Stat(prvKeyFileName) + _, pubKeyExistsErr := os.Stat(pubKeyFileName) if prvKeyExistsErr == nil || pubKeyExistsErr == nil { var confirm bool confirmOverwritePrompt := &survey.Confirm{ - Message: fmt.Sprintf("File %s already exists. Overwrite? ", "cosign.key"), + Message: fmt.Sprintf(lang.CmdToolsGenKeyPromptExists, prvKeyFileName), } err := survey.AskOne(confirmOverwritePrompt, &confirm) if err != nil { - message.Fatalf(err, "unable to get confirmation for overwriting key file(s)") + message.Fatalf(err, lang.CmdToolsGenKeyErrNoConfirmOverwrite) } if !confirm { - message.Fatal(nil, "not overwriting exisiting key file(s)") + message.Fatal(nil, lang.CmdToolsGenKeyErrNoConfirmOverwrite) } } // Write the key file contents to disk - if err := os.WriteFile("cosign.key", keyBytes.PrivateBytes, 0600); err != nil { - message.Fatalf(err, "unable to write private key to file: %s", err.Error()) + if err := os.WriteFile(prvKeyFileName, keyBytes.PrivateBytes, 0600); err != nil { + message.Fatalf(err, lang.ErrWritingFile, prvKeyFileName, err.Error()) } - if err := os.WriteFile("cosign.pub", keyBytes.PublicBytes, 0644); err != nil { - message.Fatalf(err, "unable to write public key to file: %s", err.Error()) + if err := os.WriteFile(pubKeyFileName, keyBytes.PublicBytes, 0644); err != nil { + message.Fatalf(err, lang.ErrWritingFile, pubKeyFileName, err.Error()) } - message.Successf("Generated key pair and wrote to %s and %s", "cosign.key", "cosign.pub") + message.Successf(lang.CmdToolsGenKeySuccess, prvKeyFileName, pubKeyFileName) }, } diff --git a/src/config/lang/english.go b/src/config/lang/english.go index 3ad4051a4e..0e0fc16388 100644 --- a/src/config/lang/english.go +++ b/src/config/lang/english.go @@ -37,7 +37,7 @@ const ( RootCmdFlagNoProgress = "Disable fancy UI progress bars, spinners, logos, etc" RootCmdFlagCachePath = "Specify the location of the Zarf cache directory" RootCmdFlagTempDir = "Specify the temporary directory to use for intermediate files" - RootCmdFlagInseure = "Allow access to insecure registries and disable other recommended security enforcements such as package checksum and signature validation. This flag should only be used if you have a specific reason and accept the reduced security posture." + RootCmdFlagInsecure = "Allow access to insecure registries and disable other recommended security enforcements such as package checksum and signature validation. This flag should only be used if you have a specific reason and accept the reduced security posture." RootCmdDeprecatedDeploy = "Please use \"zarf package deploy %s\" to deploy this package." RootCmdDeprecatedCreate = "Please use \"zarf package create\" to create this package." @@ -52,7 +52,7 @@ const ( "Packages can provide service manifests that define their own shortcut connection options. These options will be " + "printed to the terminal when the package finishes deploying.\n If you don't remember what connection shortcuts your deployed " + "package offers, you can search your cluster for services that have the 'zarf.dev/connect-name' label. The value of that label is " + - "the name you will pass into the 'zarf connect' command. \n\n" + + "the name you will pass into the 'zarf connect' command.\n\n" + "Even if the packages you deploy don't define their own shortcut connection options, you can use the command flags " + "to connect into specific resources. You can read the command flag descriptions below to get a better idea how to connect " + "to whatever resource you are trying to connect to." @@ -90,7 +90,7 @@ const ( CmdInitShort = "Prepares a k8s cluster for the deployment of Zarf packages" CmdInitLong = "Injects a docker registry as well as other optional useful things (such as a git server " + "and a logging stack) into a k8s cluster under the 'zarf' namespace " + - "to support future application deployments. \n" + + "to support future application deployments.\n" + "If you do not have a k8s cluster already configured, this command will give you " + "the ability to install a cluster locally.\n\n" + "This command looks for a zarf-init package in the local directory that the command was executed " + @@ -215,12 +215,13 @@ zarf init --git-push-password={PASSWORD} --git-push-username={USERNAME} --git-ur CmdPackageCreateFlagSigningKey = "Path to private key file for signing packages" CmdPackageCreateFlagSigningKeyPassword = "Password to the private key file used for signing packages" - CmdPackageDeployFlagConfirm = "Confirms package deployment without prompting. ONLY use with packages you trust. Skips prompts to review SBOM, configure variables, select optional components and review potential breaking changes." - CmdPackageDeployFlagSet = "Specify deployment variables to set on the command line (KEY=value)" - CmdPackageDeployFlagComponents = "Comma-separated list of components to install. Adding this flag will skip the init prompts for which components to install" - CmdPackageDeployFlagShasum = "Shasum of the package to deploy. Required if deploying a remote package and \"--insecure\" is not provided" - CmdPackageDeployFlagSget = "Path to public sget key file for remote packages signed via cosign" - CmdPackageDeployFlagPublicKey = "Path to public key file for validating signed packages" + CmdPackageDeployFlagConfirm = "Confirms package deployment without prompting. ONLY use with packages you trust. Skips prompts to review SBOM, configure variables, select optional components and review potential breaking changes." + CmdPackageDeployFlagAdoptExistingResources = "Adopts any pre-existing K8s resources into the Helm charts managed by Zarf. ONLY use when you have existing deployments you want Zarf to takeover." + CmdPackageDeployFlagSet = "Specify deployment variables to set on the command line (KEY=value)" + CmdPackageDeployFlagComponents = "Comma-separated list of components to install. Adding this flag will skip the init prompts for which components to install" + CmdPackageDeployFlagShasum = "Shasum of the package to deploy. Required if deploying a remote package and \"--insecure\" is not provided" + CmdPackageDeployFlagSget = "Path to public sget key file for remote packages signed via cosign" + CmdPackageDeployFlagPublicKey = "Path to public key file for validating signed packages" CmdPackageInspectFlagSbom = "View SBOM contents while inspecting the package" CmdPackageInspectFlagSbomOut = "Specify an output directory for the SBOMs from the inspected Zarf package" @@ -239,7 +240,7 @@ zarf init --git-push-password={PASSWORD} --git-push-username={USERNAME} --git-ur // zarf prepare CmdPrepareShort = "Tools to help prepare assets for packaging" - CmdPreparePatchGitShort = "Converts all .git URLs to the specified Zarf HOST and with the Zarf URL pattern in a given FILE. NOTE: \n" + + CmdPreparePatchGitShort = "Converts all .git URLs to the specified Zarf HOST and with the Zarf URL pattern in a given FILE. NOTE:\n" + "This should only be used for manifests that are not mutated by the Zarf Agent Mutating Webhook." CmdPreparePatchGitFileWriteErr = "Unable to write the changes back to the file" @@ -252,7 +253,7 @@ zarf init --git-push-password={PASSWORD} --git-push-username={USERNAME} --git-ur CmdPrepareGenerateConfigShort = "Generates a config file for Zarf" CmdPrepareGenerateConfigLong = "Generates a Zarf config file for controlling how the Zarf CLI operates. Optionally accepts a filename to write the config to.\n\n" + - "The extension will determine the format of the config file, e.g. env-1.yaml, env-2.json, env-3.toml etc. \n" + + "The extension will determine the format of the config file, e.g. env-1.yaml, env-2.json, env-3.toml etc.\n" + "Accepted extensions are json, toml, yaml.\n\n" + "NOTE: This file must not already exist. If no filename is provided, the config will be written to the current working directory as zarf-config.toml." @@ -287,13 +288,23 @@ zarf init --git-push-password={PASSWORD} --git-push-username={USERNAME} --git-ur CmdToolsGenPkiSuccess = "Successfully created a chain of trust for %s" CmdToolsGenPkiFlagAltName = "Specify Subject Alternative Names for the certificate" + CmdToolsGenKeyShort = "Generates a cosign public/private keypair that can be used to sign packages" + CmdToolsGenKeyPrompt = "Private key password (empty for no password): " + CmdToolsGenKeyPromptAgain = "Private key password again (empty for no password): " + CmdToolsGenKeyPromptExists = "File %s already exists. Overwrite? " + CmdToolsGenKeyErrUnableGetPassword = "unable to get password for private key: %s" + CmdToolsGenKeyErrPasswordsNotMatch = "passwords do not match" + CmdToolsGenKeyErrUnableToGenKeypair = "unable to generate key pair: %s" + CmdToolsGenKeyErrNoConfirmOverwrite = "did not receive confirmation for overwriting key file(s)" + CmdToolsGenKeySuccess = "Generated key pair and written to %s and %s" + CmdToolsSbomShort = "Generates a Software Bill of Materials (SBOM) for the given package" CmdToolsSbomErr = "Unable to create sbom (syft) CLI" CmdToolsWaitForShort = "Waits for a given Kubernetes resource to be ready" - CmdToolsWaitForLong = "By default Zarf will wait for all Kubernetes resources to be ready before completion of a component during a deployment. \n" + - "This command can be used to wait for a Kubernetes resources to exist and be ready that may be created by a Gitops tool or a Kubernetes operator. \n" + - "You can also wait for aribtrary network endpoints using REST or TCP checks. \n\n" + CmdToolsWaitForLong = "By default Zarf will wait for all Kubernetes resources to be ready before completion of a component during a deployment.\n" + + "This command can be used to wait for a Kubernetes resources to exist and be ready that may be created by a Gitops tool or a Kubernetes operator.\n" + + "You can also wait for arbitrary network endpoints using REST or TCP checks.\n\n" CmdToolsWaitForFlagTimeout = "Specify the timeout duration for the wait command." CmdToolsWaitForErrTimeoutString = "Invalid timeout duration. Please use a valid duration string (e.g. 1s, 2m, 3h)." CmdToolsWaitForErrTimeout = "Wait timed out." @@ -304,7 +315,7 @@ zarf init --git-push-password={PASSWORD} --git-push-username={USERNAME} --git-ur CmdToolsKubectlDocs = "Kubectl command. See https://kubernetes.io/docs/reference/kubectl/overview/ for more information." CmdToolsGetCredsShort = "Display a Table of credentials for deployed components. Pass a component name to get a single credential." - CmdToolsGetCredsLong = "Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry' " + CmdToolsGetCredsLong = "Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry'" // zarf version CmdVersionShort = "Version of the Zarf binary" diff --git a/src/internal/cluster/injector.go b/src/internal/cluster/injector.go index 3b8b11135c..d193b42477 100644 --- a/src/internal/cluster/injector.go +++ b/src/internal/cluster/injector.go @@ -82,7 +82,7 @@ func (c *Cluster) StartInjectionMadness(tempPath types.TempPaths, injectorSeedTa spinner.Updatef("Attempting to bootstrap with the %s/%s", node, image) // Make sure the pod is not there first - _ = c.Kube.DeletePod(ZarfNamespace, "injector") + _ = c.Kube.DeletePod(ZarfNamespaceName, "injector") // Update the podspec image path and use the first node found pod, err := c.buildInjectionPod(node[0], image, payloadConfigmaps, sha256sum) @@ -115,18 +115,18 @@ func (c *Cluster) StartInjectionMadness(tempPath types.TempPaths, injectorSeedTa // StopInjectionMadness handles cleanup once the seed registry is up. func (c *Cluster) StopInjectionMadness() error { // Try to kill the injector pod now - if err := c.Kube.DeletePod(ZarfNamespace, "injector"); err != nil { + if err := c.Kube.DeletePod(ZarfNamespaceName, "injector"); err != nil { return err } // Remove the configmaps labelMatch := map[string]string{"zarf-injector": "payload"} - if err := c.Kube.DeleteConfigMapsByLabel(ZarfNamespace, labelMatch); err != nil { + if err := c.Kube.DeleteConfigMapsByLabel(ZarfNamespaceName, labelMatch); err != nil { return err } // Remove the injector service - return c.Kube.DeleteService(ZarfNamespace, "zarf-injector") + return c.Kube.DeleteService(ZarfNamespaceName, "zarf-injector") } func (c *Cluster) loadSeedImages(tempPath types.TempPaths, injectorSeedTags []string, spinner *message.Spinner) ([]transform.Image, error) { @@ -192,7 +192,7 @@ func (c *Cluster) createPayloadConfigmaps(tempPath types.TempPaths, spinner *mes spinner.Updatef("Adding archive binary configmap %d of %d to the cluster", idx+1, chunkCount) // Attempt to create the configmap in the cluster - if _, err = c.Kube.ReplaceConfigmap(ZarfNamespace, fileName, configData); err != nil { + if _, err = c.Kube.ReplaceConfigmap(ZarfNamespaceName, fileName, configData); err != nil { return configMaps, "", err } @@ -245,10 +245,10 @@ func (c *Cluster) createInjectorConfigmap(tempPath types.TempPaths) error { } // Try to delete configmap silently - _ = c.Kube.DeleteConfigmap(ZarfNamespace, "rust-binary") + _ = c.Kube.DeleteConfigmap(ZarfNamespaceName, "rust-binary") // Attempt to create the configmap in the cluster - if _, err = c.Kube.CreateConfigmap(ZarfNamespace, "rust-binary", configData); err != nil { + if _, err = c.Kube.CreateConfigmap(ZarfNamespaceName, "rust-binary", configData); err != nil { return err } @@ -256,7 +256,7 @@ func (c *Cluster) createInjectorConfigmap(tempPath types.TempPaths) error { } func (c *Cluster) createService() (*corev1.Service, error) { - service := c.Kube.GenerateService(ZarfNamespace, "zarf-injector") + service := c.Kube.GenerateService(ZarfNamespaceName, "zarf-injector") service.Spec.Type = corev1.ServiceTypeNodePort service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{ @@ -267,14 +267,14 @@ func (c *Cluster) createService() (*corev1.Service, error) { } // Attempt to purse the service silently - _ = c.Kube.DeleteService(ZarfNamespace, "zarf-injector") + _ = c.Kube.DeleteService(ZarfNamespaceName, "zarf-injector") return c.Kube.CreateService(service) } // buildInjectionPod return a pod for injection with the appropriate containers to perform the injection. func (c *Cluster) buildInjectionPod(node, image string, payloadConfigmaps []string, payloadShasum string) (*corev1.Pod, error) { - pod := c.Kube.GeneratePod("injector", ZarfNamespace) + pod := c.Kube.GeneratePod("injector", ZarfNamespaceName) executeMode := int32(0777) pod.Labels["app"] = "zarf-injector" diff --git a/src/internal/cluster/namespace.go b/src/internal/cluster/namespace.go index beb4db461c..724d3b9d3f 100644 --- a/src/internal/cluster/namespace.go +++ b/src/internal/cluster/namespace.go @@ -15,5 +15,5 @@ func (c *Cluster) DeleteZarfNamespace() { spinner := message.NewProgressSpinner("Deleting the zarf namespace from this cluster") defer spinner.Stop() - c.Kube.DeleteNamespace(context.TODO(), ZarfNamespace) + c.Kube.DeleteNamespace(context.TODO(), ZarfNamespaceName) } diff --git a/src/internal/cluster/state.go b/src/internal/cluster/state.go index 6ea43f6c88..237d92dbc4 100644 --- a/src/internal/cluster/state.go +++ b/src/internal/cluster/state.go @@ -22,7 +22,7 @@ import ( // Zarf Cluster Constants. const ( - ZarfNamespace = "zarf" + ZarfNamespaceName = "zarf" ZarfStateSecretName = "zarf-state" ZarfStateDataKey = "state" ZarfPackageInfoLabel = "package-deploy-info" @@ -100,14 +100,15 @@ func (c *Cluster) InitZarfState(initOptions types.ZarfInitOptions) error { // Try to create the zarf namespace. spinner.Updatef("Creating the Zarf namespace") - if _, err := c.Kube.CreateNamespace(ZarfNamespace, nil); err != nil { + zarfNamespace := c.Kube.NewZarfManagedNamespace(ZarfNamespaceName) + if _, err := c.Kube.CreateNamespace(zarfNamespace); err != nil { return fmt.Errorf("unable to create the zarf namespace: %w", err) } // Wait up to 2 minutes for the default service account to be created. // Some clusters seem to take a while to create this, see https://github.com/kubernetes/kubernetes/issues/66689. // The default SA is required for pods to start properly. - if _, err := c.Kube.WaitForServiceAccount(ZarfNamespace, "default", 2*time.Minute); err != nil { + if _, err := c.Kube.WaitForServiceAccount(ZarfNamespaceName, "default", 2*time.Minute); err != nil { return fmt.Errorf("unable get default Zarf service account: %w", err) } } @@ -153,7 +154,7 @@ func (c *Cluster) LoadZarfState() (types.ZarfState, error) { state := types.ZarfState{} // Set up the API connection - secret, err := c.Kube.GetSecret(ZarfNamespace, ZarfStateSecretName) + secret, err := c.Kube.GetSecret(ZarfNamespaceName, ZarfStateSecretName) if err != nil { return state, err } @@ -211,7 +212,7 @@ func (c *Cluster) SaveZarfState(state types.ZarfState) error { }, ObjectMeta: metav1.ObjectMeta{ Name: ZarfStateSecretName, - Namespace: ZarfNamespace, + Namespace: ZarfNamespaceName, Labels: map[string]string{ config.ZarfManagedByLabel: "zarf", }, diff --git a/src/internal/cluster/tunnel.go b/src/internal/cluster/tunnel.go index 47c618226c..15d133f3c9 100644 --- a/src/internal/cluster/tunnel.go +++ b/src/internal/cluster/tunnel.go @@ -207,7 +207,7 @@ func NewTunnel(namespace, resourceType, resourceName string, local, remote int) // NewZarfTunnel will create a new Tunnel struct for the Zarf namespace. func NewZarfTunnel() (*Tunnel, error) { - return NewTunnel(ZarfNamespace, SvcResource, "", 0, 0) + return NewTunnel(ZarfNamespaceName, SvcResource, "", 0, 0) } // EnableAutoOpen will automatically open the established tunnel in the default browser when it is ready. diff --git a/src/internal/cluster/zarf.go b/src/internal/cluster/zarf.go index 0816a17e34..a1360e6f19 100644 --- a/src/internal/cluster/zarf.go +++ b/src/internal/cluster/zarf.go @@ -22,7 +22,7 @@ func (c *Cluster) GetDeployedZarfPackages() ([]types.DeployedPackage, error) { var deployedPackages = []types.DeployedPackage{} // Get the secrets that describe the deployed packages - secrets, err := c.Kube.GetSecretsWithLabel(ZarfNamespace, ZarfPackageInfoLabel) + secrets, err := c.Kube.GetSecretsWithLabel(ZarfNamespaceName, ZarfPackageInfoLabel) if err != nil { return deployedPackages, err } @@ -49,7 +49,7 @@ func (c *Cluster) GetDeployedPackage(packageName string) (types.DeployedPackage, var deployedPackage = types.DeployedPackage{} // Get the secret that describes the deployed init package - secret, err := c.Kube.GetSecret(ZarfNamespace, config.ZarfPackagePrefix+packageName) + secret, err := c.Kube.GetSecret(ZarfNamespaceName, config.ZarfPackagePrefix+packageName) if err != nil { return deployedPackage, err } @@ -100,7 +100,7 @@ func (c *Cluster) StripZarfLabelsAndSecretsFromNamespaces() { func (c *Cluster) RecordPackageDeployment(pkg types.ZarfPackage, components []types.DeployedComponent) { // Generate a secret that describes the package that is being deployed packageName := pkg.Metadata.Name - deployedPackageSecret := c.Kube.GenerateSecret(ZarfNamespace, config.ZarfPackagePrefix+packageName, corev1.SecretTypeOpaque) + deployedPackageSecret := c.Kube.GenerateSecret(ZarfNamespaceName, config.ZarfPackagePrefix+packageName, corev1.SecretTypeOpaque) deployedPackageSecret.Labels[ZarfPackageInfoLabel] = packageName stateData, _ := json.Marshal(types.DeployedPackage{ @@ -117,7 +117,7 @@ func (c *Cluster) RecordPackageDeployment(pkg types.ZarfPackage, components []ty // EnableRegHPAScaleDown enables the HPA scale down for the Zarf Registry. func (c *Cluster) EnableRegHPAScaleDown() error { - hpa, err := c.Kube.GetHPA(ZarfNamespace, "zarf-docker-registry") + hpa, err := c.Kube.GetHPA(ZarfNamespaceName, "zarf-docker-registry") if err != nil { return err } @@ -136,7 +136,7 @@ func (c *Cluster) EnableRegHPAScaleDown() error { // DisableRegHPAScaleDown disables the HPA scale down for the Zarf Registry. func (c *Cluster) DisableRegHPAScaleDown() error { - hpa, err := c.Kube.GetHPA(ZarfNamespace, "zarf-docker-registry") + hpa, err := c.Kube.GetHPA(ZarfNamespaceName, "zarf-docker-registry") if err != nil { return err } diff --git a/src/internal/packager/helm/destroy.go b/src/internal/packager/helm/destroy.go index 25809a850b..987203c5e2 100644 --- a/src/internal/packager/helm/destroy.go +++ b/src/internal/packager/helm/destroy.go @@ -44,7 +44,7 @@ func (h *Helm) Destroy(purgeAllZarfInstallations bool) { // Iterate over all releases for _, release := range releases { - if !purgeAllZarfInstallations && release.Namespace != cluster.ZarfNamespace { + if !purgeAllZarfInstallations && release.Namespace != cluster.ZarfNamespaceName { // Don't process releases outside the zarf namespace unless purge all is true continue } diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index b3b4d1a00f..c91a50928b 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -46,7 +46,7 @@ func (h *Helm) newRenderer() (*renderer, error) { options: h, namespaces: map[string]*corev1.Namespace{ // Add the passed-in namespace to the list - h.Chart.Namespace: nil, + h.Chart.Namespace: h.Cluster.Kube.NewZarfManagedNamespace(h.Chart.Namespace), }, values: valueTemplate, actionConfig: h.actionConfig, @@ -119,7 +119,7 @@ func (r *renderer) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) { // Add it to the stack r.namespaces[namespace.Name] = &namespace } - // skip so we can strip namespaces from helms brain + // skip so we can strip namespaces from helm's brain continue case "Service": @@ -142,7 +142,26 @@ func (r *renderer) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) { namespace := rawData.GetNamespace() if _, exists := r.namespaces[namespace]; !exists && namespace != "" { // if this is the first time seeing this ns, we need to track that to create it as well - r.namespaces[namespace] = nil + r.namespaces[namespace] = r.options.Cluster.Kube.NewZarfManagedNamespace(namespace) + } + + // If we have been asked to adopt existing resources, process those now as well + if r.options.Cfg.DeployOpts.AdoptExistingResources { + deployedNamespace := namespace + if deployedNamespace == "" { + deployedNamespace = r.options.Chart.Namespace + } + + helmLabels := map[string]string{"app.kubernetes.io/managed-by": "Helm"} + helmAnnotations := map[string]string{ + "meta.helm.sh/release-name": r.options.ReleaseName, + "meta.helm.sh/release-namespace": r.options.Chart.Namespace, + } + + if err := r.options.Cluster.Kube.AddLabelsAndAnnotations(deployedNamespace, rawData.GetName(), rawData.GroupVersionKind().GroupKind(), helmLabels, helmAnnotations); err != nil { + // Print a debug message since this could just be because the resource doesn't exist + message.Debugf("Unable to adopt resource %s: %s", rawData.GetName(), err.Error()) + } } // Finally place this back onto the output buffer @@ -164,9 +183,19 @@ func (r *renderer) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) { if !existingNamespace { // This is a new namespace, add it - if _, err := c.Kube.CreateNamespace(name, namespace); err != nil { + if _, err := c.Kube.CreateNamespace(namespace); err != nil { return nil, fmt.Errorf("unable to create the missing namespace %s", name) } + } else if r.options.Cfg.DeployOpts.AdoptExistingResources { + if r.options.Cluster.Kube.IsInitialNamespace(name) { + // If this is a K8s initial namespace, refuse to adopt it + message.Warnf("Refusing to adopt the initial namespace: %s", name) + } else { + // This is an existing namespace to adopt + if _, err := c.Kube.UpdateNamespace(namespace); err != nil { + return nil, fmt.Errorf("unable to adopt the existing namespace %s", name) + } + } } // If the package is marked as YOLO and the state is empty, skip the secret creation diff --git a/src/pkg/k8s/dynamic.go b/src/pkg/k8s/dynamic.go new file mode 100644 index 0000000000..51a1a29e90 --- /dev/null +++ b/src/pkg/k8s/dynamic.go @@ -0,0 +1,65 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package k8s provides a client for interacting with a Kubernetes cluster. +package k8s + +import ( + "context" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/discovery" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/restmapper" +) + +// AddLabelsAndAnnotations adds the provided labels and annotations to the specified K8s resource +func (k *K8s) AddLabelsAndAnnotations(resourceNamespace string, resourceName string, groupKind schema.GroupKind, labels map[string]string, annotations map[string]string) error { + dynamicClient := dynamic.NewForConfigOrDie(k.RestConfig) + + discoveryClient := discovery.NewDiscoveryClientForConfigOrDie(k.RestConfig) + + groupResources, err := restmapper.GetAPIGroupResources(discoveryClient) + if err != nil { + return err + } + mapper := restmapper.NewDiscoveryRESTMapper(groupResources) + + mapping, err := mapper.RESTMapping(groupKind) + if err != nil { + return err + } + + deployedResource, err := dynamicClient.Resource(mapping.Resource).Namespace(resourceNamespace).Get(context.TODO(), resourceName, metav1.GetOptions{}) + if err != nil { + return err + } + + // Pull the existing labels from the rendered resource + deployedLabels := deployedResource.GetLabels() + if deployedLabels == nil { + // Ensure label map exists to avoid nil panic + deployedLabels = make(map[string]string) + } + for key, value := range labels { + deployedLabels[key] = value + } + + deployedResource.SetLabels(deployedLabels) + + // Pull the existing annotations from the rendered resource + deployedAnnotations := deployedResource.GetAnnotations() + if deployedAnnotations == nil { + // Ensure label map exists to avoid nil panic + deployedAnnotations = make(map[string]string) + } + for key, value := range annotations { + deployedAnnotations[key] = value + } + + deployedResource.SetAnnotations(deployedAnnotations) + + _, err = dynamicClient.Resource(mapping.Resource).Namespace(resourceNamespace).Update(context.TODO(), deployedResource, metav1.UpdateOptions{}) + return err +} diff --git a/src/pkg/k8s/namespace.go b/src/pkg/k8s/namespace.go index 8636ca7d5d..ad59ef4b89 100644 --- a/src/pkg/k8s/namespace.go +++ b/src/pkg/k8s/namespace.go @@ -8,6 +8,7 @@ import ( "context" "time" + "cuelang.org/go/pkg/strings" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -26,29 +27,15 @@ func (k *K8s) UpdateNamespace(namespace *corev1.Namespace) (*corev1.Namespace, e } // CreateNamespace creates the given namespace or returns it if it already exists in the cluster. -func (k *K8s) CreateNamespace(name string, namespace *corev1.Namespace) (*corev1.Namespace, error) { - if namespace == nil { - // if only a name was provided create the namespace object - namespace = &corev1.Namespace{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Namespace", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Labels: k.Labels, - }, - } - } - +func (k *K8s) CreateNamespace(namespace *corev1.Namespace) (*corev1.Namespace, error) { metaOptions := metav1.GetOptions{} createOptions := metav1.CreateOptions{} - match, err := k.Clientset.CoreV1().Namespaces().Get(context.TODO(), name, metaOptions) + match, err := k.Clientset.CoreV1().Namespaces().Get(context.TODO(), namespace.Name, metaOptions) k.Log("%#v", match) - if err != nil || match.Name != name { + if err != nil || match.Name != namespace.Name { return k.Clientset.CoreV1().Namespaces().Create(context.TODO(), namespace, createOptions) } @@ -75,3 +62,28 @@ func (k *K8s) DeleteNamespace(ctx context.Context, name string) error { time.Sleep(1 * time.Second) } } + +// NewZarfManagedNamespace returns a corev1.Namespace with Zarf-managed labels +func (k *K8s) NewZarfManagedNamespace(name string) *corev1.Namespace { + return &corev1.Namespace{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1.SchemeGroupVersion.String(), + Kind: "Namespace", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Labels: k.Labels, + }, + } +} + +// IsInitialNamespace returns true if the given namespace name is an initial k8s namespace: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#initial-namespaces +func (k *K8s) IsInitialNamespace(name string) bool { + if name == "default" { + return true + } else if strings.HasPrefix(name, "kube-") { + return true + } + + return false +} diff --git a/src/pkg/packager/create.go b/src/pkg/packager/create.go index 779f0e3d8a..2bf8fecf2f 100755 --- a/src/pkg/packager/create.go +++ b/src/pkg/packager/create.go @@ -298,7 +298,10 @@ func (p *Packager) addComponent(component types.ZarfComponent) (*types.Component } if isGitURL { - _, _ = helmCfg.PackageChartFromGit(componentPath.Charts) + _, err = helmCfg.PackageChartFromGit(componentPath.Charts) + if err != nil { + return nil, fmt.Errorf("error creating chart archive, unable to pull the chart from git: %s", err.Error()) + } } else if len(chart.URL) > 0 { helmCfg.DownloadPublishedChart(componentPath.Charts) } else { diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 62f0175a77..9aa8849ba6 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -363,7 +363,8 @@ func (p *Packager) setupStateValuesTemplate(component types.ZarfComponent) (valu // Try to create the zarf namespace spinner.Updatef("Creating the Zarf namespace") - if _, err := p.cluster.Kube.CreateNamespace(cluster.ZarfNamespace, nil); err != nil { + zarfNamespace := p.cluster.Kube.NewZarfManagedNamespace(cluster.ZarfNamespaceName) + if _, err := p.cluster.Kube.CreateNamespace(zarfNamespace); err != nil { spinner.Fatalf(err, "Unable to create the zarf namespace") } } diff --git a/src/pkg/packager/remove.go b/src/pkg/packager/remove.go index ba815fd0e8..24170dea98 100644 --- a/src/pkg/packager/remove.go +++ b/src/pkg/packager/remove.go @@ -109,7 +109,7 @@ func (p *Packager) updatePackageSecret(deployedPackage types.DeployedPackage, pa secretName := config.ZarfPackagePrefix + packageName // Save the new secret with the removed components removed from the secret - newPackageSecret := p.cluster.Kube.GenerateSecret(cluster.ZarfNamespace, secretName, corev1.SecretTypeOpaque) + newPackageSecret := p.cluster.Kube.GenerateSecret(cluster.ZarfNamespaceName, secretName, corev1.SecretTypeOpaque) newPackageSecret.Labels[cluster.ZarfPackageInfoLabel] = p.cfg.Pkg.Metadata.Name newPackageSecretData, _ := json.Marshal(deployedPackage) @@ -178,7 +178,7 @@ func (p *Packager) removeComponent(deployedPackage types.DeployedPackage, deploy if len(deployedPackage.DeployedComponents) == 0 && p.cluster != nil { // All the installed components were deleted, therefore this package is no longer actually deployed - packageSecret, err := p.cluster.Kube.GetSecret(cluster.ZarfNamespace, config.ZarfPackagePrefix+deployedPackage.Name) + packageSecret, err := p.cluster.Kube.GetSecret(cluster.ZarfNamespaceName, config.ZarfPackagePrefix+deployedPackage.Name) if err != nil { return deployedPackage, fmt.Errorf("unable to get the secret for the package we are attempting to remove: %w", err) } diff --git a/src/test/e2e/25_helm_test.go b/src/test/e2e/25_helm_test.go index d42a0180df..e5a49c14df 100644 --- a/src/test/e2e/25_helm_test.go +++ b/src/test/e2e/25_helm_test.go @@ -27,6 +27,8 @@ func TestHelm(t *testing.T) { testHelmOCIChart(t) testHelmUninstallRollback(t) + + testHelmAdoption(t) } func testHelmReleaseName(t *testing.T) { @@ -125,7 +127,7 @@ func testHelmUninstallRollback(t *testing.T) { require.Error(t, err, stdOut, stdErr) // Ensure that this does not leave behind a dos-games chart - helmOut, err := exec.Command("helm", "list", "-n", "zarf").Output() + helmOut, err := exec.Command("helm", "list", "-n", "dos-games").Output() require.NoError(t, err) assert.NotContains(t, string(helmOut), "zarf-f53a99d4a4dd9a3575bedf59cd42d48d751ae866") @@ -134,7 +136,7 @@ func testHelmUninstallRollback(t *testing.T) { require.NoError(t, err, stdOut, stdErr) // Ensure that this does create a dos-games chart - helmOut, err = exec.Command("helm", "list", "-n", "zarf").Output() + helmOut, err = exec.Command("helm", "list", "-n", "dos-games").Output() require.NoError(t, err) assert.Contains(t, string(helmOut), "zarf-f53a99d4a4dd9a3575bedf59cd42d48d751ae866") @@ -143,7 +145,31 @@ func testHelmUninstallRollback(t *testing.T) { require.Error(t, err, stdOut, stdErr) // Ensure that the dos-games chart was not uninstalled - helmOut, err = exec.Command("helm", "list", "-n", "zarf").Output() + helmOut, err = exec.Command("helm", "list", "-n", "dos-games").Output() + require.NoError(t, err) + assert.Contains(t, string(helmOut), "zarf-f53a99d4a4dd9a3575bedf59cd42d48d751ae866") + + // Remove the package. + stdOut, stdErr, err = e2e.ExecZarfCommand("package", "remove", "dos-games", "--confirm") + require.NoError(t, err, stdOut, stdErr) +} + +func testHelmAdoption(t *testing.T) { + t.Log("E2E: Helm Adopt a Deployment") + + packagePath := fmt.Sprintf("build/zarf-package-dos-games-%s.tar.zst", e2e.Arch) + deploymentManifest := "src/test/test-packages/25-manifest-adoption/deployment.yaml" + + // Deploy dos-games manually into the cluster without Zarf + kubectlOut, _, _ := e2e.ExecZarfCommand("tools", "kubectl", "apply", "-f", deploymentManifest) + assert.Contains(t, string(kubectlOut), "deployment.apps/game created") + + // Deploy dos-games into the cluster with Zarf + stdOut, stdErr, err := e2e.ExecZarfCommand("package", "deploy", packagePath, "--confirm", "--adopt-existing-resources") + require.NoError(t, err, stdOut, stdErr) + + // Ensure that this does create a dos-games chart + helmOut, err := exec.Command("helm", "list", "-n", "dos-games").Output() require.NoError(t, err) assert.Contains(t, string(helmOut), "zarf-f53a99d4a4dd9a3575bedf59cd42d48d751ae866") diff --git a/src/test/test-packages/25-manifest-adoption/deployment.yaml b/src/test/test-packages/25-manifest-adoption/deployment.yaml new file mode 100644 index 0000000000..c5779b20f0 --- /dev/null +++ b/src/test/test-packages/25-manifest-adoption/deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: dos-games +--- +# This is a normal deployment manifest for dos-games that should be "adopted" by Helm/Zarf +apiVersion: apps/v1 +kind: Deployment +metadata: + name: game + namespace: dos-games +spec: + selector: + matchLabels: + app: game + template: + metadata: + labels: + app: game + spec: + containers: + - name: multi-game + image: "defenseunicorns/zarf-game:multi-tile-dark" + ports: + - name: http + containerPort: 8000 + protocol: TCP + resources: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "250m" diff --git a/src/types/runtime.go b/src/types/runtime.go index 750165b25f..cea187fdc0 100644 --- a/src/types/runtime.go +++ b/src/types/runtime.go @@ -19,12 +19,13 @@ type ZarfCommonOptions struct { // ZarfDeployOptions tracks the user-defined preferences during a package deployment. type ZarfDeployOptions struct { - Shasum string `json:"shasum" jsonschema:"description=The SHA256 checksum of the package to deploy"` - PackagePath string `json:"packagePath" jsonschema:"description=Location where a Zarf package to deploy can be found"` - Components string `json:"components" jsonschema:"description=Comma separated list of optional components to deploy"` - SGetKeyPath string `json:"sGetKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` - SetVariables map[string]string `json:"setVariables" jsonschema:"description=Key-Value map of variable names and their corresponding values that will be used to template manifests and files in the Zarf package"` - PublicKeyPath string `json:"publicKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` + Shasum string `json:"shasum" jsonschema:"description=The SHA256 checksum of the package to deploy"` + PackagePath string `json:"packagePath" jsonschema:"description=Location where a Zarf package to deploy can be found"` + Components string `json:"components" jsonschema:"description=Comma separated list of optional components to deploy"` + SGetKeyPath string `json:"sGetKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` + SetVariables map[string]string `json:"setVariables" jsonschema:"description=Key-Value map of variable names and their corresponding values that will be used to template manifests and files in the Zarf package"` + PublicKeyPath string `json:"publicKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` + AdoptExistingResources bool `json:"adoptExistingResources" jsonschema:"description=Whether to adopt any pre-existing K8s resources into the Helm charts managed by Zarf"` } // ZarfPublishOptions tracks the user-defined preferences during a package publish. diff --git a/src/ui/lib/api-types.ts b/src/ui/lib/api-types.ts index ac0c433c79..0a53c7206e 100644 --- a/src/ui/lib/api-types.ts +++ b/src/ui/lib/api-types.ts @@ -27,6 +27,10 @@ export interface APIZarfDeployPayload { } export interface ZarfDeployOptions { + /** + * Whether to adopt any pre-existing K8s resources into the Helm charts managed by Zarf + */ + adoptExistingResources: boolean; /** * Comma separated list of optional components to deploy */ @@ -1311,6 +1315,7 @@ const typeMap: any = { { json: "initOpts", js: "initOpts", typ: u(undefined, r("ZarfInitOptions")) }, ], false), "ZarfDeployOptions": o([ + { json: "adoptExistingResources", js: "adoptExistingResources", typ: true }, { json: "components", js: "components", typ: "" }, { json: "packagePath", js: "packagePath", typ: "" }, { json: "publicKeyPath", js: "publicKeyPath", typ: "" }, From c316e3bc8de9d3076e3fe01d5e90692d3244ecf5 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Mon, 24 Apr 2023 10:08:22 -0400 Subject: [PATCH 9/9] add permisssions to nightly workflow to request the OIDC JWT token (#1627) Adding permissions as per these docs: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-permissions-settings --------- Co-authored-by: Wayne Starr --- .github/workflows/nightly-ecr.yml | 10 ++++--- .github/workflows/nightly-eks.yml | 40 +++++++++++++++++++++++----- packages/distros/eks/zarf.yaml | 25 ++++++++++------- src/pkg/utils/oras.go | 1 + src/test/nightly/ecr_publish_test.go | 3 +-- 5 files changed, 58 insertions(+), 21 deletions(-) diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml index 5ca1e7ed62..5610516cb9 100644 --- a/.github/workflows/nightly-ecr.yml +++ b/.github/workflows/nightly-ecr.yml @@ -1,7 +1,7 @@ name: Test ECR Publishing on: - # schedule: - # - cron: '0 7 * * * ' ## Every day at 0700 UTC + schedule: + - cron: '0 7 * * * ' ## Every day at 0700 UTC workflow_dispatch: ## Give us the ability to run this manually @@ -11,6 +11,10 @@ concurrency: group: ecr-publish-${{ github.ref }} cancel-in-progress: true +permissions: + id-token: write + contents: read + jobs: validate: runs-on: ubuntu-latest @@ -35,7 +39,7 @@ jobs: # NOTE: The aws cli will need to be explicitly installed on self-hosted runners - name: Login to the ECR Registry - run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/t8y5r5z5 ─╯ + run: aws ecr-public get-login-password --region us-east-1 | ./build/zarf tools registry login --username AWS --password-stdin public.ecr.aws - name: Test publishing and pulling to ECR run: go test ./src/test/nightly/ecr_publish_test.go diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index 7069f0b7ab..0efe2c38ca 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -1,10 +1,22 @@ name: Test EKS Cluster on: - # schedule: - # - cron: '0 7 * * * ' ## Every day at 0700 UTC + schedule: + - cron: '0 7 * * * ' ## Every day at 0700 UTC workflow_dispatch: ## Give us the ability to run this manually + inputs: + cluster_name: + type: string + default: zarf-nightly-eks-e2e-test + description: Name of the eks cluster that the test will create + instance_type: + type: string + default: t3.medium + description: EC2 instance type to use for the EKS cluster nodes +permissions: + id-token: write + contents: read # Abort prior jobs in the same workflow / PR concurrency: @@ -30,21 +42,35 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: - role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}} + role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} aws-region: us-east-1 + role-duration-seconds: 14400 + - name: Build the eks package - run: ./build/zarf package create packages/distros/eks -o build -a $(ARCH) --confirm + run: ./build/zarf package create packages/distros/eks -o build --confirm - name: Deploy the eks package - run: ./build/zarf package deploy build/zarf-package-distro-eks-multi-0.0.2.tar.zst --components=deploy-eks-cluster --SET=CLUSTER_NAME=zarf-eks-test,INSTANCE_TYPE=t3.medium + run: ./build/zarf package deploy build/zarf-package-distro-eks-multi-0.0.2.tar.zst --components=deploy-eks-cluster --set=CLUSTER_NAME=${{ inputs.cluster_name || 'zarf-nightly-eks-e2e-test' }},INSTANCE_TYPE=${{ inputs.instance_type || 't3.medium' }} --confirm + + # NOTE: We are copying the secret because part of the e2e process destroys the `zarf` namespace. We still want to test the remove-ability of the eks cluster via the package. + - name: Copy the eks secret into a local file + run: | + rm -f eks.yaml + ./build/zarf tools kubectl get secret -n zarf zarf-eks-yaml -o jsonpath='{.data.*}' | base64 -d > eks.yaml - name: Run tests - run: ZARF_INIT_ARGS="--make test-e2e ARCH=amd64 + run: make test-e2e ARCH=amd64 + + # NOTE: We are copying the secret because part of the e2e process destroys the `zarf` namespace. We still want to test the remove-ability of the eks cluster via the package. + - name: Re-create zarf namespace with eks.yaml secret + run: | + ./build/zarf tools kubectl create secret generic zarf-eks-yaml -n zarf --from-file=eks.yaml - name: Teardown the cluster if: always() - run: ./build/zarf package remove build/zarf-package-distro-eks-multi-0.0.2.tar.zst --confirm + run: ./build/zarf package deploy build/zarf-package-distro-eks-multi-0.0.2.tar.zst --components=teardown-eks-cluster --confirm + - name: Save logs if: always() uses: ./.github/actions/save-logs diff --git a/packages/distros/eks/zarf.yaml b/packages/distros/eks/zarf.yaml index 7adb7d37a6..9194382ee3 100644 --- a/packages/distros/eks/zarf.yaml +++ b/packages/distros/eks/zarf.yaml @@ -45,7 +45,7 @@ components: shasum: d40997485a13cfdfa08083bcba96a7e08b545ffb199633bde9a281830d9edfbe - name: deploy-eks-cluster - default: true + description: "Create an EKS cluster!" actions: onDeploy: before: @@ -54,13 +54,20 @@ components: - cmd: ./eksctl create cluster -f eks.yaml after: - cmd: ./eksctl utils write-kubeconfig -c ${ZARF_VAR_CLUSTER_NAME} - onRemove: + - cmd: ./zarf tools kubectl create namespace zarf + - cmd: ./zarf tools kubectl create secret generic zarf-eks-yaml -n zarf --from-file=eks.yaml + + - name: teardown-eks-cluster + description: "Delete the EKS cluster that this package was used to create." + actions: + onDeploy: before: - # Remove existing eksctl + # Get the secret that stores the eks.yaml we used to create this cluster + - cmd: ./zarf tools kubectl get secret -n zarf zarf-eks-yaml -o jsonpath='{.data.*}' | base64 -d > eks.yaml + # TODO: Error handling in case the eks.yaml isn't what we expect ??? + # Use eksctl to delete the cluster + - cmd: ./eksctl delete cluster -f eks.yaml --disable-nodegroup-eviction --wait + after: + # clean up after ourselves + - cmd: rm -f eks.yaml - cmd: rm -f eksctl - # Extract the correct linux or mac binary from the tarball - - cmd: ./zarf tools archiver decompress archives/eksctl_$(uname -s)_$(uname -m).tar.gz . - # Cleanup temp files - - cmd: rm -fr archives - # Cleanup the cluster - - cmd: ./eksctl delete cluster -f eks.yaml --wait diff --git a/src/pkg/utils/oras.go b/src/pkg/utils/oras.go index 3aaaedcdfb..635638a2bc 100644 --- a/src/pkg/utils/oras.go +++ b/src/pkg/utils/oras.go @@ -42,6 +42,7 @@ func withScopes(ref registry.Reference) context.Context { // // The credentials are pulled using Docker's default credential store. func (o *OrasRemote) withAuthClient(ref registry.Reference) (*auth.Client, error) { + message.Debugf("Loading docker config file from default config location: %s", config.Dir()) cfg, err := config.Load(config.Dir()) if err != nil { return &auth.Client{}, err diff --git a/src/test/nightly/ecr_publish_test.go b/src/test/nightly/ecr_publish_test.go index d0b068d7f4..ec4324c100 100644 --- a/src/test/nightly/ecr_publish_test.go +++ b/src/test/nightly/ecr_publish_test.go @@ -33,8 +33,7 @@ func TestECRPublishing(t *testing.T) { os.Chdir("../../../") // Create a tmpDir for us to use during this test - tmpDir := os.TempDir() - defer e2e.CleanFiles(tmpDir) + tmpDir := t.TempDir() // Set up the e2e configs e2e.Arch = config.GetArch()