defenseunicorns · jeff-mccoy · Jan 16, 2024 · Dec 15, 2023 · Dec 17, 2023 · Dec 18, 2023
@@ -3,6 +3,7 @@
     "enableTurboSourcemaps": true,
     "resolveSourceMapLocations": [
       "${workspaceFolder}/**",
+      "node_modules/kubernetes-fluent-client/**",
       "node_modules/pepr/**"
     ]
   },

@@ -12,10 +12,10 @@ The core applications are:
 - [Istio](https://istio.io/) - Service Mesh
 - [KeyCloak](https://www.keycloak.org/) - Identity & Access Management
 - [Kiali](https://kiali.io/) - Service Mesh Observability
-- [Kyverno](https://kyverno.io/) - Policy Engine
 - [Loki](https://grafana.com/oss/loki/) - Log Aggregation
 - [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) - Metrics
 - [Neuvector](https://open-docs.neuvector.com/) - Container Security
+- [Pepr](https://pepr.dev) - UDS policy engine & operator
 - [Prometheus Stack](https://github.com/prometheus-operator/kube-prometheus) - Monitoring
 - [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) - Log Aggregation
 - [Tempo](https://grafana.com/docs/tempo/latest/getting-started/) - Tracing
@@ -47,17 +47,18 @@ uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/k3d-core:arm64
 uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/k3d-core:amd64
 ```
 
-The bundle includes the uds.dev certs by default. You can use the UDS environment variables to override the default values. E.g. 
+The bundle includes the uds.dev certs by default. You can use the UDS environment variables to override the default values. E.g.
 
 ```bash
-# Set environment variables with the contents of your certificate and key files
+# Set environment variables with the contents of your certificate and key files (must be base64 encoded)
 UDS_ADMIN_TLS_CERT=$(cat admin.crt)
 UDS_ADMIN_TLS_KEY=$(cat admin.key)
 UDS_TENANT_TLS_CERT=$(cat tenant.crt)
 UDS_TENANT_TLS_KEY=$(cat tenant.key)
 
-# AMD version
-uds deploy ocs://ghcr.io/defenseunicorns/package/uds/bundles/k3d-core:amd64
+UDS_DOMAIN=example.com
+
+uds deploy oci://ghcr.io/defenseunicorns/package/uds/bundles/k3d-core:amd64
 ```
 
 ### UDS Core Packages

@@ -27,7 +27,7 @@ packages:
             - name: policies
               description: "Minio policies"
               path: policies
-              
+
   - name: init
     repository: ghcr.io/defenseunicorns/packages/init
     # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver

@@ -12,10 +12,10 @@ The core applications are:
 - [Istio](https://istio.io/) - Service Mesh
 - [KeyCloak](https://www.keycloak.org/) - Identity & Access Management
 - [Kiali](https://kiali.io/) - Service Mesh Observability
-- [Kyverno](https://kyverno.io/) - Policy Engine
 - [Loki](https://grafana.com/oss/loki/) - Log Aggregation
 - [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) - Metrics
 - [Neuvector](https://open-docs.neuvector.com/) - Container Security
+- [Pepr](https://pepr.dev) - UDS policy engine & operator
 - [Prometheus Stack](https://github.com/prometheus-operator/kube-prometheus) - Monitoring
 - [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) - Log Aggregation
 - [Tempo](https://grafana.com/docs/tempo/latest/getting-started/) - Tracing

@@ -22,6 +22,10 @@
         "zarf"
       ],
       "labels": []
+    },
+    "env": {
+      "UDS_DOMAIN": "###ZARF_VAR_DOMAIN###",
+      "UDS_WITH_ISTIO": "###ZARF_CONST_WITH_ISTIO###"
     }
   },
   "scripts": {

@@ -1,48 +1,18 @@
-import { Capability, PeprModule } from "pepr";
+import { PeprModule } from "pepr";
 
 import cfg from "./package.json";
 
-import { policies } from "./src/policies";
-import { istio } from "./src/istio/pepr";
+import { istio } from "./src/pepr/istio";
+import { operator } from "./src/pepr/operator";
+import { policies } from "./src/pepr/policies";
+
+new PeprModule(cfg, [
+  // UDS Core Operator
+  operator,
 
-/**
- * This the root of the UDS Core Pepr Module. To operate on a specific source package, you can
- * set the `UDS_PKG` environment variable to the name of the package.
- *
- * Example:
- * UDS_PKG=istio npx pepr build
- */
-const sortedCapabilities: Record<string, Capability>[] = [
   // UDS Core Policies
-  { policies },
+  policies,
 
   // Istio service mesh
-  { istio },
-];
-
-// Otherwise, use all capabilities
-const allCapabilities = sortedCapabilities.flatMap(data => {
-  return Object.values(data).flat();
-});
-
-const pkg = process.env.UDS_PKG;
-
-if (!pkg || pkg === "all") {
-  // Start the Pepr module
-  new PeprModule(cfg, allCapabilities);
-} else {
-  console.log(
-    `\n\n************** Pepr capabilities limited to only ${pkg} source package **************n\n`,
-  );
-
-  // If the UDS_PKG environment variable is set, then only use that source package
-  const activeCapability = sortedCapabilities.find(data => data[pkg])?.[pkg];
-
-  if (!activeCapability) {
-    console.error(`Source package ${pkg} not found. Exiting...`);
-    process.exit(1);
-  }
-
-  // Start the Pepr module
-  new PeprModule(cfg, [activeCapability]);
-}
+  istio,
+]);
@@ -0,0 +1,37 @@
+apiVersion: uds.dev/v1alpha1
+kind: Package
+metadata:
+  name: grafana
+  namespace: {{ .Release.Namespace }}
+spec:
+  network:
+    expose:
+      - service: grafana
+        podLabels:
+          app.kubernetes.io/name: grafana
+        host: grafana
+        gateway: admin
+        port: 80
+        targetPort: 3000
+
+    allow:
+      - direction: Ingress
+        podLabels:
+          app.kubernetes.io/name: grafana
+        remoteNamespace: tempo
+        remotePodLabels:
+          app.kubernetes.io/name: tempo
+        port: 9090
+        description: "Tempo Datasource"
+
+      - direction: Egress
+        podLabels:
+          app.kubernetes.io/name: grafana
+        remoteGenerated: Anywhere
+
+      - direction: Egress
+        remoteNamespace: tempo
+        remotePodLabels:
+          app.kubernetes.io/name: tempo
+        port: 9411
+        description: "Tempo"
@@ -1,9 +1,3 @@
-service:
-  labels:
-    uds/istio-gateway: admin
-    uds/istio-host: grafana
-    uds/istio-port: "80"
-
 sidecar:
   image:
     # -- The Docker registry