zarf-dev · AustinAbro321 · Jun 28, 2024 · Jun 28, 2024
@@ -2,7 +2,7 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
-  name: podinfo
+  name: podinfo-git
   namespace: flux-system
 spec:
   interval: 5m0s
@@ -11,4 +11,4 @@ spec:
   sourceRef:
     kind: GitRepository
     name: podinfo
-  targetNamespace: podinfo
+  targetNamespace: podinfo-git
@@ -7,6 +7,6 @@ metadata:
 spec:
   interval: 30s
   ref:
-    tag: 6.3.3
+    tag: 6.4.0
   # Currently the Zarf Agent can only mutate urls that are proper URIs (i.e. scheme://host/repo)
   url: https://github.com/stefanprodan/podinfo.git
@@ -0,0 +1,17 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: podinfo
+  namespace: flux-system
+spec:
+  interval: 5m0s
+  releaseName: podinfo
+  chart:
+    spec:
+      chart: podinfo
+      version: '6.4.0'
+      sourceRef:
+        kind: HelmRepository
+        name: podinfo
+      interval: 5m0s
+  targetNamespace: podinfo-helm
@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: podinfo
+  namespace: flux-system
+spec:
+  type: oci
+  interval: 30s
+  url: oci://ghcr.io/stefanprodan/charts
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: podinfo-oci
+  namespace: flux-system
+spec:
+  interval: 5m0s
+  path: ./
+  prune: true
+  sourceRef:
+    kind: OCIRepository
+    name: podinfo
+  targetNamespace: podinfo-oci
@@ -0,0 +1,11 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: OCIRepository
+metadata:
+  name: podinfo
+  namespace: flux-system
+spec:
+  interval: 30s
+  url: oci://ghcr.io/stefanprodan/manifests/podinfo
+  ref:
+    tag: 6.4.0
@@ -8,27 +8,79 @@ components:
     description: Installs the flux CRDs / controllers to use flux-based deployments in the cluster
     required: true
     manifests:
-      - name: flux-crds
+      - name: flux-install
         namespace: flux
         files:
-          - flux-install.yaml
+          - https://github.com/fluxcd/flux2/releases/download/v2.3.0/install.yaml
     images:
-      - ghcr.io/fluxcd/kustomize-controller:v0.27.1
-      - ghcr.io/fluxcd/source-controller:v0.28.0
+      - ghcr.io/fluxcd/helm-controller:v1.0.1
+      - ghcr.io/fluxcd/image-automation-controller:v0.38.0
+      - ghcr.io/fluxcd/image-reflector-controller:v0.32.0
+      - ghcr.io/fluxcd/kustomize-controller:v1.3.0
+      - ghcr.io/fluxcd/notification-controller:v1.3.0
+      - ghcr.io/fluxcd/source-controller:v1.3.0
 
-  - name: podinfo-via-flux
-    description: Example deployment via flux using the famous podinfo example
+  - name: podinfo-via-flux-git
+    description: Example deployment via flux (git) using the famous podinfo example
     required: true
     manifests:
-      - name: podinfo-via-flux
-        namespace: podinfo
+      - name: podinfo
+        namespace: podinfo-git
         files:
-          - podinfo-source.yaml
-          - podinfo-kustomization.yaml
+          - git/podinfo-source.yaml
+          - git/podinfo-kustomization.yaml
     repos:
       - https://github.com/stefanprodan/podinfo.git
     images:
-      - ghcr.io/stefanprodan/podinfo:6.3.3
+      - ghcr.io/stefanprodan/podinfo:6.4.0
+    actions:
+      onDeploy:
+        after:
+          - description: Podinfo pods to be ready via wait action
+            wait:
+              cluster:
+                kind: pod
+                name: app=podinfo
+                namespace: podinfo-git
+                condition: ready
+
+  - name: podinfo-via-flux-helm
+    description: Example deployment via flux (helm oci) using the famous podinfo example
+    required: true
+    manifests:
+      - name: podinfo
+        namespace: podinfo-helm
+        files:
+          - helm/podinfo-source.yaml
+          - helm/podinfo-helmrelease.yaml
+    images:
+      - ghcr.io/stefanprodan/podinfo:6.4.0
+      # Note: this is a helm OCI artifact rather than a container image
+      - ghcr.io/stefanprodan/charts/podinfo:6.4.0
+    actions:
+      onDeploy:
+        after:
+          - description: Podinfo pods to be ready via wait action
+            wait:
+              cluster:
+                kind: pod
+                name: app.kubernetes.io/name=podinfo
+                namespace: podinfo-helm
+                condition: ready
+
+  - name: podinfo-via-flux-oci
+    description: Example deployment via flux (native oci) using the famous podinfo example
+    required: true
+    manifests:
+      - name: podinfo
+        namespace: podinfo-oci
+        files:
+          - oci/podinfo-source.yaml
+          - oci/podinfo-kustomization.yaml
+    images:
+      - ghcr.io/stefanprodan/podinfo:6.4.0
+      # Note: this is a flux kustomize OCI artifact rather than a container image
+      - ghcr.io/stefanprodan/manifests/podinfo:6.4.0
     actions:
       onDeploy:
         after:
@@ -38,14 +90,24 @@ components:
               cluster:
                 kind: pod
                 name: app=podinfo
-                namespace: podinfo
+                namespace: podinfo-oci
                 condition: ready
 
 # YAML keys starting with `x-` are custom keys that are ignored by the Zarf CLI
 # The `x-mdx` key is used to render the markdown content for https://docs.zarf.dev/ref/examples
 x-mdx: |
-  This example demonstrates how to use flux with Zarf to deploy the `stefanprodan/podinfo` app using GitOps.
+  This example demonstrates how to use Flux with Zarf to deploy the `stefanprodan/podinfo` app using GitRepositories, HelmRepositories, and OCIRepositories.
 
-  It uses a vanilla configuration of flux with upstream containers.
+  It uses a vanilla configuration of Flux with upstream containers.
 
   To learn more about how Zarf handles `git` repositories, see the [Git Repositories section](/ref/components/#git-repositories) of the package components documentation.
+
+  :::caution
+
+  Only `type: oci` HelmRepositories are supported by the Zarf Agent. The `type` key requires a HelmRepository CRD version greater than v1beta1.
+
+  The Zarf agent will only automatically add the `insecure` key if the internal registry is used. If you are using a http registry outside of the cluster you will need to manually add this key.
+
+  Due to an upstream bug, HelmRepositories with an insecure registry must use IP address instead of a hostname. This is not an issue with the internal Zarf registry, which is always an IP address, but will cause Flux HelmRepositories to break if Zarf is using an external http registry with a hostname.
+
+  :::
@@ -12,6 +12,7 @@ require (
 	github.com/anchore/clio v0.0.0-20240408173007-3c4abf89e72f
 	github.com/anchore/stereoscope v0.0.1
 	github.com/anchore/syft v0.100.0
+	github.com/defenseunicorns/pkg/helpers v1.1.3
 	github.com/defenseunicorns/pkg/helpers/v2 v2.0.1
 	github.com/defenseunicorns/pkg/kubernetes v0.0.1
 	github.com/defenseunicorns/pkg/oci v1.0.1
@@ -20,8 +21,8 @@ require (
 	github.com/fairwindsops/pluto/v5 v5.18.4
 	github.com/fatih/color v1.16.0
 	github.com/fluxcd/helm-controller/api v0.37.4
-	github.com/fluxcd/pkg/apis/meta v1.3.0
-	github.com/fluxcd/source-controller/api v1.2.4
+	github.com/fluxcd/pkg/apis/meta v1.5.0
+	github.com/fluxcd/source-controller/api v1.3.0
 	github.com/go-git/go-git/v5 v5.11.0
 	github.com/goccy/go-yaml v1.11.3
 	github.com/gofrs/flock v0.8.1
@@ -49,10 +50,10 @@ require (
 	golang.org/x/sync v0.7.0
 	golang.org/x/term v0.21.0
 	helm.sh/helm/v3 v3.14.2
-	k8s.io/api v0.29.1
-	k8s.io/apimachinery v0.29.1
-	k8s.io/client-go v0.29.1
-	k8s.io/component-base v0.29.1
+	k8s.io/api v0.30.0
+	k8s.io/apimachinery v0.30.0
+	k8s.io/client-go v0.30.0
+	k8s.io/component-base v0.30.0
 	k8s.io/klog/v2 v2.120.1
 	k8s.io/kubectl v0.29.1
 	oras.land/oras-go/v2 v2.5.0
@@ -222,13 +223,13 @@ require (
 	github.com/emicklei/proto v1.12.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/facebookincubator/nvdtools v0.1.5 // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/felixge/fgprof v0.9.3 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect
+	github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect
 	github.com/fluxcd/pkg/apis/kustomize v1.3.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fvbommel/sortorder v1.1.0 // indirect
@@ -500,19 +501,19 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gorm.io/gorm v1.25.5 // indirect
-	k8s.io/apiextensions-apiserver v0.29.0 // indirect
-	k8s.io/apiserver v0.29.0 // indirect
+	k8s.io/apiextensions-apiserver v0.30.0 // indirect
+	k8s.io/apiserver v0.30.0 // indirect
 	k8s.io/cli-runtime v0.29.1 // indirect
 	k8s.io/component-helpers v0.29.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/metrics v0.29.1 // indirect
 	k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
 	modernc.org/libc v1.29.0 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
 	modernc.org/memory v1.7.2 // indirect
 	modernc.org/sqlite v1.28.0 // indirect
 	oras.land/oras-go v1.2.4 // indirect
-	sigs.k8s.io/controller-runtime v0.16.3 // indirect
+	sigs.k8s.io/controller-runtime v0.18.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/kustomize/v5 v5.0.4-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/release-utils v0.7.7 // indirect