$ zarf package create .
kind: ZarfInitConfig
metadata:
name: init
description: Used to establish a new Zarf cluster
components:
- name: k3s
description: "*** REQUIRES ROOT *** Install K3s, certified Kubernetes distribution built for IoT & Edge computing. K3s provides the cluster need for Zarf running in Appliance Mode as well as can host a low-resource Gitops Service if not using an existing Kubernetes platform."
only:
localOS: linux
cluster:
architecture: arm64
actions:
onDeploy:
defaults:
maxRetries: 5
before:
- maxRetries: 0
cmd: ./zarf internal is-valid-hostname
- cmd: "[ -e /etc/redhat-release ] && systemctl disable firewalld --now || echo ''"
after:
- cmd: systemctl daemon-reload
- cmd: systemctl enable k3s
- cmd: systemctl start k3s
files:
- source: packages/distros/k3s/common/zarf-clean-k3s.sh
target: /opt/zarf/zarf-clean-k3s.sh
executable: true
- source: packages/distros/k3s/common/k3s.service
target: /etc/systemd/system/k3s.service
symlinks:
- /etc/systemd/system/multi-user.target.wants/k3s.service
- source: https://github.com/k3s-io/k3s/releases/download/v1.24.1+k3s1/k3s-arm64
shasum: bd8b87d215f7a073d0139a0ab70e3fbeaa76e1b9ce6c00cd8d471cb44ba80687
target: /usr/sbin/k3s
executable: true
symlinks:
- /usr/sbin/kubectl
- /usr/sbin/ctr
- /usr/sbin/crictl
- source: https://github.com/k3s-io/k3s/releases/download/v1.24.1+k3s1/k3s-airgap-images-arm64.tar.zst
shasum: 12029e4bbfecfa16942345aeac798f4790e568a7202c2b85ee068d7b4756ba04
target: /var/lib/rancher/k3s/agent/images/k3s.tar.zst
- name: zarf-injector
description: |
Bootstraps a Kubernetes cluster by cloning a running pod in the cluster and hosting the registry image.
Removed and destroyed after the Zarf Registry is self-hosting the registry image.
required: true
cosignKeyPath: cosign.pub
files:
- source: sget://defenseunicorns/zarf-injector:arm64-2023-02-09
target: "###ZARF_TEMP###/zarf-injector"
executable: true
- name: zarf-seed-registry
description: |
Deploys the Zarf Registry using the registry image provided by the Zarf Injector.
required: true
charts:
- name: docker-registry
releaseName: zarf-docker-registry
version: 1.0.0
namespace: zarf
valuesFiles:
- packages/zarf-registry/registry-values.yaml
- packages/zarf-registry/registry-values-seed.yaml
localPath: packages/zarf-registry/chart
- name: zarf-registry
description: |
Updates the Zarf Registry to use the self-hosted registry image.
Serves as the primary docker registry for the cluster.
required: true
charts:
- name: docker-registry
releaseName: zarf-docker-registry
version: 1.0.0
namespace: zarf
valuesFiles:
- packages/zarf-registry/registry-values.yaml
localPath: packages/zarf-registry/chart
manifests:
- name: registry-connect
namespace: zarf
files:
- packages/zarf-registry/connect.yaml
- name: kep-1755-registry-annotation
namespace: zarf
files:
- packages/zarf-registry/configmap.yaml
images:
- registry:2.8.1
- name: zarf-agent
description: |
A Kubernetes mutating webhook to enable automated URL rewriting for container
images and git repository references in Kubernetes manifests. This prevents
the need to manually update URLs from their original sources to the Zarf-managed
docker registry and git server.
required: true
actions:
onCreate:
before:
- cmd: make init-package-local-agent AGENT_IMAGE="agent:local"
manifests:
- name: zarf-agent
namespace: zarf
files:
- packages/zarf-agent/manifests/service.yaml
- packages/zarf-agent/manifests/secret.yaml
- packages/zarf-agent/manifests/deployment.yaml
- packages/zarf-agent/manifests/webhook.yaml
images:
- ghcr.io/zarf-dev/zarf/agent:local
- name: git-server
description: |
Deploys Gitea to provide git repositories for Kubernetes configurations.
Required for GitOps deployments if no other git server is available.
actions:
onDeploy:
after:
- maxTotalSeconds: 60
maxRetries: 3
cmd: ./zarf internal create-read-only-gitea-user
charts:
- name: gitea
releaseName: zarf-gitea
url: https://dl.gitea.io/charts
version: 7.0.4
namespace: zarf
valuesFiles:
- packages/gitea/gitea-values.yaml
manifests:
- name: git-connect
namespace: zarf
files:
- packages/gitea/connect.yaml
images:
- gitea/gitea:1.19.3-rootless
variables:
- name: K3S_ARGS
description: Arguments to pass to K3s
default: --disable traefik
- name: REGISTRY_EXISTING_PVC
description: "Optional: Use an existing PVC for the registry instead of creating a new one. If this is set, the REGISTRY_PVC_SIZE variable will be ignored."
- name: REGISTRY_PVC_SIZE
description: The size of the persistent volume claim for the registry
default: 20Gi
- name: REGISTRY_CPU_REQ
description: The CPU request for the registry
default: 100m
- name: REGISTRY_MEM_REQ
description: The memory request for the registry
default: 256Mi
- name: REGISTRY_CPU_LIMIT
description: The CPU limit for the registry
default: "3"
- name: REGISTRY_MEM_LIMIT
description: The memory limit for the registry
default: 2Gi
- name: REGISTRY_HPA_MIN
description: The minimum number of registry replicas
default: "1"
- name: REGISTRY_HPA_MAX
description: The maximum number of registry replicas
default: "5"
- name: REGISTRY_HPA_ENABLE
description: Enable the Horizontal Pod Autoscaler for the registry
default: "true"
- name: GIT_SERVER_EXISTING_PVC
description: "Optional: Use an existing PVC for the git server instead of creating a new one. If this is set, the GIT_SERVER_PVC_SIZE variable will be ignored."
- name: GIT_SERVER_PVC_SIZE
description: The size of the persistent volume claim for git server
default: 10Gi
- name: GIT_SERVER_CPU_REQ
description: The CPU request for git server
default: 200m
- name: GIT_SERVER_MEM_REQ
description: The memory request for git server
default: 512Mi
- name: GIT_SERVER_CPU_LIMIT
description: The CPU limit for git server
default: "3"
- name: GIT_SERVER_MEM_LIMIT
description: The memory limit for git server
default: 2Gi
constants:
- name: AGENT_IMAGE
value: agent:local
? Create this Zarf package? (y/N) Yes