zarf-dev · jeff-mccoy · Dec 11, 2021 · Dec 9, 2021 · Dec 9, 2021 · Dec 9, 2021
diff --git a/Makefile b/Makefile
@@ -51,7 +51,7 @@ build-cli: clean build-cli-linux build-cli-mac ## Build the CLI
 init-package: ## Create the zarf init package
 	$(ZARF_BIN) package create --confirm
 	mv zarf-init.tar.zst build
-	cd build && sha256sum -b zarf* > zarf.sha256
+	cd build && shasum -a 256 -b zarf* > zarf.sha256
 	ls -lh build
 
 build-test: build-cli init-package ## Build the CLI and create the init package

diff --git a/assets/manifests/common/traefik-tls.yaml → assets/manifests/traefik/traefik-tls.yaml b/assets/manifests/common/traefik-tls.yaml → assets/manifests/traefik/traefik-tls.yaml
diff --git a/assets/manifests/traefik/traefik.yaml b/assets/manifests/traefik/traefik.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  chart: https://%{KUBERNETES_API}%/static/charts/traefik-9.18.2.tgz
+  targetNamespace: kube-system
+  valuesContent: |-
+    rbac:
+      enabled: true
+    ports:
+      websecure:
+        tls:
+          enabled: true
+    podAnnotations:
+      prometheus.io/port: "8082"
+      prometheus.io/scrape: "true"
+    providers:
+      kubernetesIngress:
+        publishedService:
+          enabled: true
+    priorityClassName: "system-cluster-critical"
+    image:
+      name: "rancher/library-traefik"
+    tolerations:
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      - key: "node-role.kubernetes.io/control-plane"
+        operator: "Exists"
+        effect: "NoSchedule"
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
+
diff --git a/assets/misc/empty-file b/assets/misc/empty-file
diff --git a/assets/misc/registries.yaml b/assets/misc/registries.yaml
@@ -1,19 +1,19 @@
 mirrors:
   registry.dso.mil:
     endpoint:
-      - "https://127.0.0.1"
+      - "https://###ZARF_TARGET_ENDPOINT###"
   registry1.dso.mil:
     endpoint:
-      - "https://127.0.0.1"
+      - "https://###ZARF_TARGET_ENDPOINT###"
   docker.io:
     endpoint:
-      - "https://127.0.0.1"
+      - "https://###ZARF_TARGET_ENDPOINT###"
   registry-1.docker.io:
     endpoint:
-      - "https://127.0.0.1"
+      - "https://###ZARF_TARGET_ENDPOINT###"
   ghcr.io:
     endpoint:
-      - "https://127.0.0.1"
+      - "https://###ZARF_TARGET_ENDPOINT###"
   registry.opensource.zalan.do:
     endpoint:
-      - "https://127.0.0.1"
+      - "https://###ZARF_TARGET_ENDPOINT###"
diff --git a/assets/scripts/k3s-remove.sh → assets/scripts/zarf-clean-k3s.sh b/assets/scripts/k3s-remove.sh → assets/scripts/zarf-clean-k3s.sh
diff --git a/cli/cmd/destroy.go b/cli/cmd/destroy.go
@@ -2,7 +2,10 @@ package cmd
 
 import (
 	"fmt"
+	"os"
+	"regexp"
 
+	"github.com/defenseunicorns/zarf/cli/config"
 	"github.com/defenseunicorns/zarf/cli/internal/utils"
 
 	"github.com/spf13/cobra"
@@ -15,7 +18,16 @@ var destroyCmd = &cobra.Command{
 	Short: "Tear it all down, we'll miss you Zarf...",
 	Run: func(cmd *cobra.Command, args []string) {
 		burn()
-		_, _ = utils.ExecCommand(nil, "/usr/local/bin/k3s-remove.sh")
+		_ = os.Remove(config.ZarfStatePath)
+		pattern := regexp.MustCompile(`(?mi)zarf-clean-.+\.sh$`)
+		scripts := utils.RecursiveFileList("/usr/local/bin", pattern)
+		// Iterate over al matching zarf-clean scripts and exec them
+		for _, script := range scripts {
+			// Run the matched script
+			_, _ = utils.ExecCommand(true, nil, script)
+			// Try to remove the script, but ignore any errors
+			_ = os.Remove(script)
+		}
 		burn()
 	},
 }

diff --git a/cli/cmd/initialize.go b/cli/cmd/initialize.go
@@ -3,15 +3,21 @@ package cmd
 import (
 	"path/filepath"
 
-	"github.com/defenseunicorns/zarf/cli/internal/k3s"
+	"github.com/defenseunicorns/zarf/cli/config"
+	"github.com/defenseunicorns/zarf/cli/internal/packager"
+
+	"github.com/defenseunicorns/zarf/cli/internal/pki"
 	"github.com/defenseunicorns/zarf/cli/internal/utils"
 
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
-var initOptions = k3s.InstallOptions{}
+var initOptions = packager.InstallOptions{}
+var state = config.ZarfState{
+	Kind: "ZarfState",
+}
 
 // initCmd represents the init command
 var initCmd = &cobra.Command{
@@ -20,18 +26,19 @@ var initCmd = &cobra.Command{
 	Long:  "Flags are only required if running via automation, otherwise the init command will prompt you for your configuration choices",
 	Run: func(cmd *cobra.Command, args []string) {
 		handleTLSOptions()
-		k3s.Install(initOptions)
+		pki.HandlePKI()
+		packager.Install(&initOptions)
 	},
 }
 
 func handleTLSOptions() {
-	// Check to see if the certpaths or host entries are set as flags first
-	if initOptions.PKI.CertPublicPath == "" && initOptions.PKI.Host == "" {
-
-		const Generate = 0
 
-		var tlsMode int
+	const Generate = 0
+	const Import = 1
+	var tlsMode int
 
+	// Check to see if the certpaths or host entries are set as flags first
+	if state.TLS.CertPublicPath == "" && state.TLS.Host == "" {
 		// Determine flow for generate or import
 		modePrompt := &survey.Select{
 			Message: "Will Zarf be generating a TLS chain or importing an existing ingress cert?",
@@ -41,39 +48,51 @@ func handleTLSOptions() {
 			},
 		}
 		_ = survey.AskOne(modePrompt, &tlsMode)
+	} else {
+		tlsMode = Import
+	}
 
-		if tlsMode == Generate {
-			// Generate mode requires a host entry
-			prompt := &survey.Input{
-				Message: "Enter a host DNS entry or IP Address for the cluster ingress",
-			}
-			_ = survey.AskOne(prompt, &initOptions.PKI.Host, survey.WithValidator(survey.Required))
-		} else {
-			// Import mode requires the public and private key paths
-			prompt := &survey.Input{
-				Message: "Enter a file path to the ingress public key",
-				Suggest: func(toComplete string) []string {
-					// Give some suggestions to users
-					files, _ := filepath.Glob(toComplete + "*")
-					return files
-				},
-			}
-			_ = survey.AskOne(prompt, &initOptions.PKI.CertPublicPath, survey.WithValidator(survey.Required))
+	// Always ask for a host entry to avoid having to guess which entry in a cert if provided
+	prompt := &survey.Input{
+		Message: "Enter a host DNS entry or IP Address for the cluster ingress",
+	}
+	_ = survey.AskOne(prompt, &state.TLS.Host, survey.WithValidator(survey.Required))
 
-			prompt.Message = "Enter a file path to the ingress private key"
-			_ = survey.AskOne(prompt, &initOptions.PKI.CertPrivatePath, survey.WithValidator(survey.Required))
+	if tlsMode != Generate {
+		// Import mode requires the public and private key paths
+		prompt := &survey.Input{
+			Message: "Enter a file path to the ingress public key",
+			Suggest: func(toComplete string) []string {
+				// Give some suggestions to users
+				files, _ := filepath.Glob(toComplete + "*")
+				return files
+			},
 		}
+		_ = survey.AskOne(prompt, &state.TLS.CertPublicPath, survey.WithValidator(survey.Required))
+
+		prompt.Message = "Enter a file path to the ingress private key"
+		_ = survey.AskOne(prompt, &state.TLS.CertPrivatePath, survey.WithValidator(survey.Required))
 	}
-	if !utils.CheckHostName(initOptions.PKI.Host) {
-		logrus.Fatalf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters.\n", initOptions.PKI.Host)
+
+	if !utils.CheckHostName(state.TLS.Host) {
+		// On error warn user and cycle the function
+		logrus.Warnf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters as defined by RFC-1035.\n", state.TLS.Host)
+		handleTLSOptions()
+	} else {
+		if err := config.WriteState(state); err != nil {
+			logrus.Debug(err)
+			logrus.Fatal("Unable to save the zarf state file.")
+		}
 	}
 }
 
 func init() {
+	state := config.GetState()
+
 	rootCmd.AddCommand(initCmd)
 	initCmd.Flags().BoolVar(&initOptions.Confirmed, "confirm", false, "Confirm the install without prompting")
-	initCmd.Flags().StringVar(&initOptions.PKI.Host, "host", "", "Specify the host or IP for the gitops service ingress.  E.g. host=10.10.10.5 or host=gitops.domain.com")
-	initCmd.Flags().StringVar(&initOptions.PKI.CertPublicPath, "server-crt", "", "Path to the server public key if not generating unique PKI")
-	initCmd.Flags().StringVar(&initOptions.PKI.CertPrivatePath, "server-key", "", "Path to the server private key if not generating unique PKI")
+	initCmd.Flags().StringVar(&state.TLS.Host, "host", "", "Specify the host or IP for the gitops service ingress.  E.g. host=10.10.10.5 or host=gitops.domain.com")
+	initCmd.Flags().StringVar(&state.TLS.CertPublicPath, "server-crt", "", "Path to the server public key if not generating unique PKI")
+	initCmd.Flags().StringVar(&state.TLS.CertPrivatePath, "server-key", "", "Path to the server private key if not generating unique PKI")
 	initCmd.Flags().StringVar(&initOptions.Components, "components", "", "Comma-separated list of components to install.  Adding this flag will skip the init prompts for which components to install")
 }
diff --git a/cli/cmd/pki.go b/cli/cmd/pki.go
@@ -2,12 +2,14 @@ package cmd
 
 import (
 	"github.com/AlecAivazis/survey/v2"
+	"github.com/defenseunicorns/zarf/cli/config"
+	"github.com/defenseunicorns/zarf/cli/internal/pki"
 	"github.com/defenseunicorns/zarf/cli/internal/utils"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
-var pkiOptions = utils.PKIConfig{}
+var tempState config.ZarfState
 
 var pkiCmd = &cobra.Command{
 	Use:   "pki",
@@ -19,27 +21,35 @@ var pkiRegenerate = &cobra.Command{
 	Short: "Regenerate the pki certs for the cluster ingress",
 	Run: func(cmd *cobra.Command, args []string) {
 		// Prompt for a hostname if it wasn't provided as a command flag
-		if pkiOptions.Host == "" {
+		if tempState.TLS.Host == "" {
 			prompt := &survey.Input{
 				Message: "Enter a host DNS entry or IP Address for the gitops service ingress",
 			}
-			_ = survey.AskOne(prompt, &pkiOptions.Host, survey.WithValidator(survey.Required))
+			_ = survey.AskOne(prompt, &tempState.TLS.Host, survey.WithValidator(survey.Required))
 		}
 
 		// Verify the hostname provided is valid
-		if !utils.CheckHostName(pkiOptions.Host) {
-			logrus.Fatalf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters.\n", pkiOptions.Host)
+		if !utils.CheckHostName(tempState.TLS.Host) {
+			logrus.Fatalf("The hostname provided (%v) was not a valid hostname. The hostname can only contain: 'a-z', 'A-Z', '0-9', '-', and '.' characters as defined by RFC-1035.\n", tempState.TLS.Host)
 		}
 
-		utils.GeneratePKI(pkiOptions)
+		pki.GeneratePKI()
+		if err := config.WriteState(state); err != nil {
+			logrus.Debug(err)
+			logrus.Fatal("Unable to save the zarf state file.")
+		}
 	},
 }
 
 var pkiImport = &cobra.Command{
 	Use:   "import",
 	Short: "Import an existing key pair for the cluster ingress",
 	Run: func(cmd *cobra.Command, args []string) {
-		utils.HandlePKI(pkiOptions)
+		pki.HandlePKI()
+		if err := config.WriteState(state); err != nil {
+			logrus.Debug(err)
+			logrus.Fatal("Unable to save the zarf state file.")
+		}
 	},
 }
 
@@ -48,8 +58,8 @@ func init() {
 	pkiCmd.AddCommand(pkiRegenerate)
 	pkiCmd.AddCommand(pkiImport)
 
-	pkiRegenerate.Flags().StringVar(&pkiOptions.Host, "host", "", "Specify the host or IP for the gitops service ingress")
+	pkiRegenerate.Flags().StringVar(&tempState.TLS.Host, "host", "", "Specify the host or IP for the gitops service ingress")
 
-	pkiImport.Flags().StringVar(&pkiOptions.CertPublicPath, "server-crt", "", "Path to the server public key if not generating unique PKI")
-	pkiImport.Flags().StringVar(&pkiOptions.CertPrivatePath, "server-key", "", "Path to the server private key if not generating unique PKI")
+	pkiImport.Flags().StringVar(&tempState.TLS.CertPublicPath, "server-crt", "", "Path to the server public key if not generating unique PKI")
+	pkiImport.Flags().StringVar(&tempState.TLS.CertPrivatePath, "server-key", "", "Path to the server private key if not generating unique PKI")
 }
diff --git a/cli/cmd/tools.go b/cli/cmd/tools.go
@@ -1,7 +1,10 @@
 package cmd
 
 import (
+	"encoding/json"
+
 	"fmt"
+	"github.com/alecthomas/jsonschema"
 
 	"github.com/defenseunicorns/zarf/cli/config"
 	"github.com/defenseunicorns/zarf/cli/internal/git"
@@ -59,16 +62,31 @@ var readCredsCmd = &cobra.Command{
 	Use:   "get-admin-password",
 	Short: "Returns the Zarf admin password read from ~/.git-credentials",
 	Run: func(cmd *cobra.Command, args []string) {
-		authInfo := git.FindAuthForHost(config.ZarfLocalIP)
+		authInfo := git.FindAuthForHost(config.GetTargetEndpoint())
 		fmt.Println(authInfo.Auth.Password)
 	},
 }
 
+var configSchemaCmd = &cobra.Command{
+	Use:   "config-schema",
+	Short: "Generates a JSON schema for the zarf.yaml configuration",
+	Run: func(cmd *cobra.Command, args []string) {
+		schema := jsonschema.Reflect(&config.ZarfPackage{})
+		output, err := json.MarshalIndent(schema, "", "  ")
+		if err != nil {
+			logrus.Debug(err)
+			logrus.Fatal("Unable to generate the zarf config schema")
+		}
+		fmt.Print(string(output))
+	},
+}
+
 func init() {
 	rootCmd.AddCommand(toolsCmd)
 
 	toolsCmd.AddCommand(archiverCmd)
 	toolsCmd.AddCommand(readCredsCmd)
+	toolsCmd.AddCommand(configSchemaCmd)
 	archiverCmd.AddCommand(archiverCompressCmd)
 	archiverCmd.AddCommand(archiverDecompressCmd)