v0.15.0

• zarf-linux-amd64
• zarf-macos-m1
• zarf-macos-intel
• zarf-int.tar.zst
• zarf.sha256

⚠️ Contains breaking changes. Please see release notes for details

What's Changed

• Multi-distro support (Zarf Native Apply Work) #237
  • add arm64/generic arch support
  • adds in-memory embedded registry to serve registry image from "seed" config spec
  • add local-distro image injection support
  • handles helm charts install/upgrade/rollback/uninstall via helm directly
  • manages raw manifests as zarf-generated helm charts for helm-native management
  • add tunnel capability to access zarf endpoints without ingress config
  • auto-inject imagePullSecret into any service account zarf touches and any namespace default service account
  • auto-inject registry pull credentials into all namespaces for use by service accounts
  • allow multiple helm charts to be installed in the same namespace without conflict
  • flattens image collection to single tarball
  • remove root / linux requirements for zarf deployments
  • remove k3s install requirement
  • remove traefik component requirement
  • add K8s distro-detection and distro-specific seed image behaviors
  • document local registry per https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
  • reorganize logging, remove logrus, replace with pterm, add progress cli feedback
  • add support for stacking helm values files
  • normalize log levels: info, warn, debug, trace
  • update go mod deps
  • move zarf state to a k8s secret in the zarf namespace
  • support zarf destroy for 3rd-party clusters
  • move crane image cache to sub folder under home
  • add support for multiple users with htpasswd
  • add path key for git-based helm charts
  • remove need for PKI prompts on default init
  • add storage class tracking in zarf state for multi-distro compatibility
  • reduce code for init/deploy to the same function call
  • add command line aliases for the cli
  • vendor k9s into zarf to support multi-arch/multi-os
  • make more games for the game example to demonstrate multiple zarf connect in the same component
  • add zarf prepare find-images to lookup images for a zarf config to help with package creation
  • add zarf destroy --remove-components for removing zarf-installed charts outside of the zarf ns
  • add zarf connect 🦄 combined with a new svc label, zarf.dev/connect-name=🦄 to make dynamic app tunnels
• Use /usr/sbin instead of /usr/local/bin to accommodate RHEL #300
• Always respect the --confirm flag #297
• The example "Big Bang Umbrella" (a.k.a. "Software Factory") was moved to its own repo. It is no longer being treated as an example, but the first of many pre-built Zarf packages for easy turn-key deployment of popular kubernetes-based tools.

v0.14.0

Until we finish migrating from Repo1 to GitHub the release artifacts can be found HERE.

⚠️ Contains breaking changes. Please see release notes for details

Known issues

• Sometimes, usually after a zarf destroy, the .zarf-state.yaml and $HOME/.git-credentials files will get into a bad state, where the IP address / hostname is not present in the configuration, and zarf package deploy fails because it doesn't know where to push the docker images. This issue is resolved in v0.15.0 and can be mitigated on v0.14.0 by deleting .zarf-state.yaml and $HOME/.git-credentials (assuming there isn't other non-zarf stuff in it) after running zarf destroy. See #347 for more details.

What's Changed

• Add .tool-versions file (#191)
• Fix the Big Bang Core example to do GitOps correctly (#185)
• Loosen Terraform version restriction in E2E tests (#199)
• Doc updates (#198)
• PR #196 did a bunch of stuff:
  • ⚠️ BREAKING: localhost is no longer a valid option for cluster ingress when initializing a zarf cluster. Instead you have to use a 127.0.0.1 or some other local ip found via ifconfig.
  • Add the ability to choose from what should be valid hostnames or IP addresses when running zarf init due to the above breaking change
  • Stop depending on 127.0.0.1 local bindings for the registry & gitops service. Fixes #193
  • Resolve outstanding issues with image hostname swapping. Fixes #18, #44, and #194
  • Adds before and after script options when defining a zarf.yaml with an optional retry flag
  • Add symlink to ZarfFile for creating links to places files
  • Add template boolean to ZarfFile to allow injection of zarf variables into text files
  • Adds a new zarf tool command to print out config schema and commit the output to the repo (will need to make a git hook or something later on)
  • Changes zarf destroy command to run any script that starts with zarf-clean instead of only running the k3s-remove script
  • Add new ZarfState and .zarf-state.yaml for persisting host information from zarf init to zarf package deploy
  • Remove all hard-coded logic for k3s install, now uses only standard zarf component features like everything else
  • Upgrades k3s from v1.21.2 to v1.21.6
  • Adds optional regex filter for when performing RecursiveFileList()
  • Adds more description to the components in zarf.yaml
  • Renames type ZarfConfig to ZarfPackage in the config pkg
  • Handful of general code organizing changes (moving yaml related functions to the ...../utils/yaml.go, etc.)
  • Expose execCommand() with stdout control
  • Move traefik to standalone component and drop the internal k3s install of traefik
  • Use the airgap tarball of K3s instead of manually listing images

v0.13.4

Until we finish migrating from Repo1 to GitHub the release artifacts can be found HERE.

What's Changed

• You can now omit the @tag part when specifying git repos to load into the gitops service. When you omit the tag it brings over the entire repo. (#155)
• Updated the Terraform version used in the E2E tests to v1.0.11 (#180)
• The version of Zarf used to build a package is displayed when you inspect the package (#179)
• Update zarf version to use all tags, not just annotated ones (#168)
• Docs updates (#163, #172)

v0.13.3

⚠️ Contains breaking changes

Until we finish migrating from Repo1 to GitHub the release artifacts can be found HERE.

What's Changed

⚠️ BREAKING: The private container registry that zarf init deploys now requires auth

Packages will need to include imagePullSecrets: in their pod manifests and a corresponding regcred. See the Kubernetes documentation for more information. Using the special string ###ZARF_DOCKERAUTH### in your manifests will be automatically picked up by Zarf during package deploy and replaced with a properly formatted auth string, which is the base64 encoded username:password

Here's an example of a valid Secret manifest for images that originated from Registry1 or DockerHub (K3s automatically redirects them to the private registry):

apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
  name: private-registry
  namespace: my-cool-app
stringData:
  .dockerconfigjson: |
    {
      "auths": {
        "registry1.dso.mil": {
          "auth":"###ZARF_DOCKERAUTH###"
        },
        "docker.io": {
          "auth":"###ZARF_DOCKERAUTH###"
        }
      }
    }

Deploy remote packages

Now you can run zarf package deploy on remote packages.

Example:

# Naughty way
zarf package deploy https://example.com/some-package.tar.zst --insecure

# Good way
zarf package deploy https://example.com/some-package.tar.zst --shasum 15h1oi2h5ni1o2y5iunb1t25bui1t25gnu12n5

Full Changelog

Note: The v0.13.0, v0.13.1, and v0.13.2 releases were aborted due to a broken pipeline. This release replaces v0.13.0 with the only change being fixing the release pipeline. We do it this way because we believe artifacts should be immutable.

• #93 - Add E2E test framework with Terratest
• #91 - Simplify the Vagrant workflow when running the examples
• #94 - Add framework for GitHub Actions with pull request chatops dispatching
• #95 - Integrate the E2E tests with the GitHub Actions pipeline
• #103 - Add Contributor Guide
• #104 - Roll back changes to the Big Bang example NetworkPolicy CIDRs for better demo compatibility
• #106 & #110 - Add more E2E tests
• #112 - Add pre-commit hooks
• #98 - Beginnings of an overhaul on the repo's documentation
• #116 - Add zarf version command
• #117 - Fix the Makefiles for compatibility with M1 Macs
• #111 - Update the version of kubescape in the Big Bang Core example
• #124 - Add "Get Started" documentation for running the Doom game example
• #126 - Update Helm library to v3.7.0
• #107 - Add check to make sure all components passed in --components flag exist
• #135 - Add Zarf Components documentation
• #128 - Add check for illegal characters in entered hostnames
• #139 - Add flag for setting the log level
• #147 - Unify to one go.mod to make VS Code happy
• #151 - Run pre-commit run -a an the codebase
• #143 - Add ability to deploy remote packages
• #157 - Add Logging documentation
• #156 - Remove unnecessary logging package and set log level in root
• #158 - Update GitHub Actions pipeline to use the new robot account for Registry1
• #144 - Add authentication to utility registry
• #160 - Fix the GitLab release pipeline
• #162 - Fix legacy E2E tests and remove them from critical path to cutting a release
• #165 - Fix GitLab release pipeline dependency

v0.13.2

The v0.13.2 release was aborted due to a broken release pipeline. The v0.13.3 release replaces this release with the only change being fixing the pipeline. We do it this way because we believe artifacts should be immutable.

The artifacts for v0.13.3 can be found HERE

v0.13.1

The v0.13.1 release was aborted due to a broken release pipeline. The v0.13.3 release replaces this release with the only change being fixing the pipeline. We do it this way because we believe artifacts should be immutable.

The artifacts for v0.13.3 can be found HERE

v0.13.0

The v0.13.0 release was aborted due to a broken release pipeline. The v0.13.3 release replaces this release with the only change fixing the pipeline. We do it this way because we believe artifacts should be immutable.

The artifacts for v0.13.3 can be found HERE

v0.12.0

What's Changed

zarf init Now always installs the private Docker registry.

⚠️ Contains breaking changes

Until we finish migrating from Repo1 to GitHub the release artifacts can be found HERE.

⚠️ BREAKING: New schema for zarf.yaml config

The schema for the zarf.yaml config file has changed. It has been simplified now that the docker registry is always present, there's no need for making a distinction between local and remote images. They are now all what used to be called "remote".

New:

kind: ZarfPackageConfig
metadata:
  name: foo
  description: "Foo example"

components:
  - name: baseline
    required: true
    manifests: manifests
    repos:
      - https://repo1.dso.mil/platform-one/big-bang/foo.git@1.2.3
    images:
      - registry1.dso.mil/ironbank/big-bang/base:8.4

  - name: optional-feature
    required: false
    default: true
    files:
      - source: https://example.com/foo
        shasum: 52299bd5a2df28b6a6ff9926e09abd0fa5e6c1094f5bb75b036a0452cfc00dfa
        target: "/usr/local/bin/foo"
        executable: true

Previous:

kind: ZarfPackageConfig
metadata:
  name: foo
  description: "Foo example"

components:
  - name: baseline
    required: true
    manifests: manifests
    images:
      - registry1.dso.mil/ironbank/big-bang/base:8.4

  - name: optional-feature
    required: false
    default: true
    files:
      - source: https://example.com/foo
        target: "/usr/local/bin/foo"
        shasum: 52299bd5a2df28b6a6ff9926e09abd0fa5e6c1094f5bb75b036a0452cfc00dfa
        executable: true

utilityCluster:
  repos:
    - https://repo1.dso.mil/platform-one/big-bang/foo.git@1.2.3

  images:
    - registry1.dso.mil/ironbank/big-bang/base:8.4

Full Changelog

• Change zarf init to always install the docker registry by @jeff-mccoy in #82
  • Fix #83 by switching from zarf.localhost to 127.0.0.1 as the internal endpoint for the docker registry and Gitea
  • Update golang imports from the old Repo1 location to the new GitHub one
  • Update go deps versions
  • Rename the 3rd init option from utility-cluster to gitops-service

Compare: v0.11.0...v0.12.0

v0.11.0

🦄

What's Changed

New examples and an update to the zarf.yaml schema

⚠️ Contains breaking changes

Until we finish migrating from Repo1 to GitHub the release artifacts can be found HERE.

⚠️ BREAKING: New schema for zarf.yaml config

The schema for the zarf.yaml config file has changed to allow optional components in Zarf deploy packages just like you can do in a Zarf init package

New:

kind: ZarfPackageConfig
metadata:
  name: foo
  description: "Foo example"

components:
  - name: baseline
    required: true
    manifests: manifests
    images:
      - registry1.dso.mil/ironbank/big-bang/base:8.4

  - name: optional-feature
    required: false
    default: true
    files:
      - source: https://example.com/foo
        target: "/usr/local/bin/foo"
        shasum: 52299bd5a2df28b6a6ff9926e09abd0fa5e6c1094f5bb75b036a0452cfc00dfa
        executable: true

utilityCluster:
  repos:
    - https://repo1.dso.mil/platform-one/big-bang/foo.git@1.2.3

  images:
    - registry1.dso.mil/ironbank/big-bang/base:8.4

Previous:

kind: ZarfPackageConfig
metadata:
  name: foo
  description: "Foo example"

local:
  manifests: manifests

  files:
    - source: https://example.com/foo
      target: "/usr/local/bin/foo"
      shasum: 52299bd5a2df28b6a6ff9926e09abd0fa5e6c1094f5bb75b036a0452cfc00dfa
      executable: true

  images:
    - registry1.dso.mil/ironbank/big-bang/base:8.4

remote:
  repos:
    - https://repo1.dso.mil/platform-one/big-bang/foo.git@1.2.3

  images:
    - registry1.dso.mil/ironbank/big-bang/base:8.4

New Example: Postgres Operator

A new example is available that creates a Zarf package that will deploy an example of a mostly production-ready Postgres database using Zarf's Applicance Mode. It comes with high availability, point-in-time backups, and periodic full backups. Comes with PGAdmin as a good demo of the proof of concept. Uses Zalando's postgres-operator.

New Example: Big Bang Core

A new example is available that creates a Zarf package that will deploy USAF Platform One's Big Bang Core to a Utility Cluster. This isn't normally the way you'd utilize a Utility Cluster, but it makes for a great easy to run demo. In a production scenario you would typically deploy a utility cluster separately from your main production workload cluster.

New Example: Utility Cluster

A new example is available that creates a Zarf package that will load a git repository and a container image into the Zarf Utility Cluster. It's a great way to test out the utility cluster while keeping the package super small, unlike the behemoth package that Big Bang Core ends up being.

Full changelog

• Add Postgres Operator Example (#50)
• Add backups to postgres-operator example (#52)
• Add Big Bang Core Example (#29)
• Fix makefile for postgres-operator example (#54)
• Update kafka tools URL (#57)
• Add resource requests and limits to Utility Cluster deployments (#59)
• Misc refactoring and cleanup (#61)
• Update Big Bang Core example with kubescape remediations (#62)
• Add kubescape to Big Bang Core example package (#60)
• Implement SHA256SUM validation (#65)
• Add zarf prepare sha256sum URL arg for remote SHASUM (#69)
• Upgrade Big Bang Core example to BB v1.17.0 (#67)
• BREAKING: Restructure zarf config yaml (#71)
• Docs and refactors for better kubescape scanning of BB example (#80)

Compare: v0.10.4...v0.11.0