Meet Zarf, K8s Airgap Buddy
Zarf is a static go binary that runs on various linux distros to deploy an airgap gitops service including a docker registry and gitea server, batteries included. Zarf also includes an Appliance Mode that can be used for single-purpose k3s deployments.
This repo is in transition from Repo1 by DoD Platform One to Github. See the announcments post for the latest URLs for this project during this transition.
Usage
General usage steps below. For various ways to use Zarf, see the examples folder. Please note that examples READMEs may replace the steps below.
1. Initial setup and config
-
Download the files from the Zarf Releases.
-
(optional) Verify the downloads with
shasum -c zarf.sha256. -
In a new folder or git repo, place a ZarfPackageConfig
zarf.yamlwith any changes you need to make, (see the examples folder for more info).
2. Create the zarf cluster
- Move the
zarf,zarf-init.tar.zstfiles to the system you will install the cluster to. - Login or sudo/su to root.
- Run
./zarf initand follow the wizard.
3. Add resources to the zarf cluster
-
Following step 1b, make any necessary edits to the
zarf.yamlfile. -
Then run
./zarf package createto produce anzarf-package-*.tar.zstpackage. -
Move the
zarf-packageinto the same folder on the running zarf cluster as in step 2a. -
Login or sudo/su to root.
-
Run
./zarf package deployand follow the wizard.
Development
Prereqs
User Accounts
This tool utilizes software pulled from multiple sources and some of them require authenticated access. You will need to make an account at the following sites if you don't already have access:
- Iron Bank : Platform One's authorized, hardened, and approved container repository. (product | pages | register)
Local Environment
-
MacOS or Linux Operating System
-
make: We use Makefiles for build automation -
vagrant: Easy creation and management of clean dev/test environments -
go: The programming language. Right now we are using v1.16.x
Building
Step 1 - Login to the Container Registry
This tool executes containerized builds within secure containers so you'll need to be able to pull hardened images from Iron Bank. Be sure you've logged into the Iron Bank before attempting a build:
zarf tools registry login registry1.dso.mil -u <YOUR_USERNAME>
Password: <YOUR_CLI_SECRET>
Harbor Login Credentials Iron Bank images are currently backed by an instance of the Harbor registry. To authenticate with Harbor via zarf you'll need to navigate to the Iron Bank Harbor UI, login, and copy down your You should pass this |
 |
Step 2 - Run a Build
Building the zarf binary and zarf-init.tar.zst is one command:
make build-test
Step 3 - Test Drive
You can try out your new build with a local Vagrant deployment, like so:
# To test RHEL 7 or 8
make test OS=rhel7
make test OS=rhel8
# To test ubuntu
make test OS=ubuntu
# escalate user once inside VM: vagrant --> root
sudo su
cd /opt/zarf
All OS options:
- rhel7
- rhel8
- centos7
- centos8
- ubuntu
- debian
- rocky
In less than a minute, you'll have a kubernetes cluster running all the pre-requisites needed to host and deploy multiple other downstream clusters.
The status of the cluster creation can be monitored with /usr/local/bin/k9s
Step 4 - Cleanup
You can tear down the local Vagrant deployment, like so:
# to deescalate user: root --> vagrant
exit
# to exit VM shell
exit
# tear down the VM
make test-close
50 Dec 10, 2021
0 Jul 18, 2022
0 Jan 2, 2022
3 Jul 17, 2022
335 Dec 27, 2022
182 Aug 29, 2022
93 Dec 24, 2022
97 Dec 7, 2022
1.6k Jan 1, 2023
111 Oct 15, 2022
5 Jan 7, 2022
17 Jun 16, 2022
35 Dec 15, 2022
15 Aug 19, 2022
7 Apr 26, 2022
43 Jan 8, 2023
9 Nov 24, 2022
195 Dec 19, 2022
16 Oct 18, 2022