state

package
v0.75.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2026 License: Apache-2.0 Imports: 9 Imported by: 4

Documentation

Overview

Package state manages references to a logical zarf deployment in k8s.

Index

Constants

View Source 
const (
	ZarfManagedByLabel   = "app.kubernetes.io/managed-by"
	ZarfNamespaceName    = "zarf"
	ZarfStateSecretName  = "zarf-state"
	ZarfStateDataKey     = "state"
	ZarfPackageInfoLabel = "package-deploy-info"
)

Declares secrets and metadata keys and values. TODO(mkcp): Remove Zarf prefix, that's the project name. TODO(mkcp): Provide semantic doccomments for how these are used.

View Source 
const (
	RegistryKey     = "registry"
	RegistryReadKey = "registry-readonly"
	GitKey          = "git"
	GitReadKey      = "git-readonly"
	ArtifactKey     = "artifact"
	AgentKey        = "agent"
)

Credential keys TODO(mkcp): Provide semantic doccomments for how these are used.

View Source 
const (
	ZarfGeneratedPasswordLen               = 24
	ZarfGeneratedSecretLen                 = 48
	ZarfInClusterContainerRegistryNodePort = 31999
	ZarfInjectorDefaultHostPort            = 5001
	ZarfRegistryHostPort                   = 5000
	ZarfRegistryPushUser                   = "zarf-push"
	ZarfRegistryPullUser                   = "zarf-pull"

	ZarfGitPushUser = "zarf-git-user"
	ZarfGitReadUser = "zarf-git-read-user"
	ZarfAgentHost   = "agent-hook.zarf.svc"

	ZarfInClusterGitServiceURL      = "http://zarf-gitea-http.zarf.svc.cluster.local:3000"
	ZarfInClusterArtifactServiceURL = ZarfInClusterGitServiceURL + "/api/packages/" + ZarfGitPushUser

	// ZarfRegistryMTLSServerCommonName is the common name for the registry server certificate
	ZarfRegistryMTLSServerCommonName = "zarf-docker-registry"
	// ZarfRegistryMTLSClientCommonName is the common name for the registry client certificate
	ZarfRegistryMTLSClientCommonName = "zarf-registry-client"
	ZarfRegistryMTLSCASubject        = "Zarf Registry CA"
)

Values during setup of the initial zarf state

View Source 
const IPV6Localhost = "::1"

IPV6Localhost is the IP of localhost in IPv6 (TODO: move to helpers next to IPV4Localhost)

Variables

View Source 
var DeployedPackageNameRegex = regexp.MustCompile(`^[a-z0-9][a-z0-9\-]*$`).MatchString

DeployedPackageNameRegex is a regex for lowercase, numbers and hyphens that cannot start with a hyphen. https://regex101.com/r/FLdG9G/2

View Source 
var ZarfRegistryMTLSServerHosts = []string{
	"zarf-docker-registry",
	"zarf-docker-registry.zarf.svc.cluster.local",
	"localhost",
	"127.0.0.1",
	"[::1]",
}

ZarfRegistryMTLSServerHosts is the list of DNS names and IPs for the registry server certificate

Functions

func CheckIfRegistryAddressOrCredsChanged added in v0.74.0 

func CheckIfRegistryAddressOrCredsChanged(existing, given RegistryInfo) bool

CheckIfRegistryAddressOrCredsChanged compares two RegistryInfo structs and returns true if the creds or address changed

func DebugPrint 

func DebugPrint(ctx context.Context, state *State)

DebugPrint takes a State struct, sanitizes sensitive fields, and prints them.

func LocalhostRegistryAddress added in v0.65.0 

func LocalhostRegistryAddress(ipFamily IPFamily, port int) string

LocalhostRegistryAddress builds the IPv4 or IPv6 local address of the Zarf deployed registry.

Types

type ArtifactServerInfo added in v0.56.0 

type ArtifactServerInfo struct {
	// Username of a user with push access to the artifact registry
	PushUsername string `json:"pushUsername"`
	// Password of a user with push access to the artifact registry
	PushToken string `json:"pushPassword"`
	// URL address of the artifact registry
	Address string `json:"address"`
}

ArtifactServerInfo contains information Zarf uses to communicate with a artifact registry to push/pull repositories to.

func (*ArtifactServerInfo) FillInEmptyValues added in v0.56.0 

func (as *ArtifactServerInfo) FillInEmptyValues()

FillInEmptyValues sets every necessary value that's currently empty to a reasonable default

func (ArtifactServerInfo) IsInternal added in v0.56.0 

func (as ArtifactServerInfo) IsInternal() bool

IsInternal returns true if the artifact server URL is equivalent to the artifact server deployed through the default init package

type ChartStatus added in v0.63.0 

type ChartStatus string

ChartStatus is the status of a Helm Chart release 

const (
	ChartStatusSucceeded ChartStatus = "Succeeded"
	ChartStatusFailed    ChartStatus = "Failed"
)

All status options for a Zarf component chart

type ComponentStatus added in v0.57.0 

type ComponentStatus string

ComponentStatus defines the deployment status of a Zarf component within a package. 

const (
	ComponentStatusSucceeded ComponentStatus = "Succeeded"
	ComponentStatusFailed    ComponentStatus = "Failed"
	ComponentStatusDeploying ComponentStatus = "Deploying"
	ComponentStatusRemoving  ComponentStatus = "Removing"
)

All the different status options for a Zarf Component

type ConnectString added in v0.57.0 

type ConnectString struct {
	// Descriptive text that explains what the resource you would be connecting to is used for
	Description string `json:"description"`
	// URL path that gets appended to the k8s port-forward result
	URL string `json:"url"`
}

ConnectString contains information about a connection made with Zarf connect.

type ConnectStrings added in v0.57.0 

type ConnectStrings map[string]ConnectString

ConnectStrings is a map of connect names to connection information.

type DeployedComponent added in v0.57.0 

type DeployedComponent struct {
	Name               string           `json:"name"`
	InstalledCharts    []InstalledChart `json:"installedCharts"`
	Status             ComponentStatus  `json:"status"`
	ObservedGeneration int              `json:"observedGeneration"`
}

DeployedComponent contains information about a Zarf Package Component that has been deployed to a cluster.

type DeployedPackage added in v0.57.0 

type DeployedPackage struct {
	Name                string               `json:"name"`
	Data                v1alpha1.ZarfPackage `json:"data"`
	CLIVersion          string               `json:"cliVersion"`
	Generation          int                  `json:"generation"`
	DeployedComponents  []DeployedComponent  `json:"deployedComponents"`
	ConnectStrings      ConnectStrings       `json:"connectStrings,omitempty"`
	PackageConnectivity PackageConnectivity  `json:"packageConnectivity"`
	// [ALPHA] Optional namespace override - exported/json-tag for storage in deployed package state secret
	NamespaceOverride string `json:"namespaceOverride,omitempty"`
}

DeployedPackage contains information about a Zarf Package that has been deployed to a cluster This object is saved as the data of a k8s secret within the 'Zarf' namespace (not as part of the ZarfState secret).

func (*DeployedPackage) GetPackageConnectivity added in v0.75.0 

func (d *DeployedPackage) GetPackageConnectivity() PackageConnectivity

GetPackageConnectivity returns the connectivity mode the package is using Defaults to airgap for packages that were deployed before connectivity was introduced

func (*DeployedPackage) GetSecretName added in v0.57.0 

func (d *DeployedPackage) GetSecretName() string

GetSecretName returns the k8s secret name for the deployed package

type DeployedPackageOptions added in v0.57.0 

type DeployedPackageOptions func(*DeployedPackage)

DeployedPackageOptions are options for the DeployedPackage function

func WithPackageConnectivity added in v0.75.0 

func WithPackageConnectivity(connected bool) DeployedPackageOptions

WithPackageConnectivity sets the connectivity mode for the deployed package

func WithPackageNamespaceOverride added in v0.57.0 

func WithPackageNamespaceOverride(namespaceOverride string) DeployedPackageOptions

WithPackageNamespaceOverride sets the [ALPHA] optional namespace override for a package during deployment

type GitServerInfo added in v0.56.0 

type GitServerInfo struct {
	// Username of a user with push access to the git repository
	PushUsername string `json:"pushUsername"`
	// Password of a user with push access to the git repository
	PushPassword string `json:"pushPassword"`
	// Username of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used
	PullUsername string `json:"pullUsername"`
	// Password of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used
	PullPassword string `json:"pullPassword"`
	// URL address of the git server
	Address string `json:"address"`
}

GitServerInfo contains information Zarf uses to communicate with a git repository to push/pull repositories to.

func (*GitServerInfo) FillInEmptyValues added in v0.56.0 

func (gs *GitServerInfo) FillInEmptyValues() error

FillInEmptyValues sets every necessary value that's currently empty to a reasonable default

func (GitServerInfo) IsConfigured added in v0.75.0 

func (gs GitServerInfo) IsConfigured() bool

IsConfigured returns true if the git server address has been set Note that even when the Git server component is not used Zarf will set the address to a default value TODO make this more accurate https://github.com/zarf-dev/zarf/issues/2947

func (GitServerInfo) IsInternal added in v0.56.0 

func (gs GitServerInfo) IsInternal() bool

IsInternal returns true if the git server URL is equivalent to a git server deployed through the default init package

type IPFamily added in v0.65.0 

type IPFamily string

IPFamily defines the different possible IPfamilies that can be used in Kubernetes clusters 

const (
	IPFamilyIPv4      IPFamily = "ipv4"
	IPFamilyIPv6      IPFamily = "ipv6"
	IPFamilyDualStack IPFamily = "dual"
)

The possible IP stacks in a Kubernetes Cluster

type InjectorInfo added in v0.65.0 

type InjectorInfo struct {
	// The image to be used for the long lived injector
	Image string `json:"injectorImage"`
	// The number of payload configmaps required
	PayLoadConfigMapAmount int `json:"payLoadConfigMapAmount"`
	// The PayLoadShaSum for the payload ConfigMaps
	PayLoadShaSum string `json:"payLoadShaSum"`
	// The port that the injector is exposed through, either hostPort or nodePort
	Port int `json:"port"`
}

InjectorInfo contains information on how to run the long lived Daemonset Injector

type InstalledChart added in v0.57.0 

type InstalledChart struct {
	Namespace      string         `json:"namespace"`
	ChartName      string         `json:"chartName"`
	ConnectStrings ConnectStrings `json:"connectStrings,omitempty"`
	Status         ChartStatus    `json:"status"`
}

InstalledChart contains information about a Helm Chart that has been deployed to a cluster.

func MergeInstalledChartsForComponent added in v0.63.0 

func MergeInstalledChartsForComponent(existingCharts, installedCharts []InstalledChart, partial bool) []InstalledChart

MergeInstalledChartsForComponent merges the provided existing charts with the provided installed charts.

type MTLSStrategy added in v0.71.0 

type MTLSStrategy string

MTLSStrategy defines the strategy to manage the mTLS certificates for the registry 

const (
	// MTLSStrategyNone indicates no mTLS certificate management
	MTLSStrategyNone MTLSStrategy = "none"
	// MTLSStrategyZarfManaged indicates Zarf is managing the mTLS certificates
	MTLSStrategyZarfManaged MTLSStrategy = "zarf-managed"
)

type MergeOptions 

type MergeOptions struct {
	GitServer      GitServerInfo
	RegistryInfo   RegistryInfo
	ArtifactServer ArtifactServerInfo
	Services       []string
	// AgentTLS allows providing user-managed TLS certificates for the agent. When nil, certs are auto-generated.
	AgentTLS *pki.GeneratedPKI
}

MergeOptions tracks the user-defined options during cluster initialization. TODO(mkcp): Provide semantic doccomments for how exported fields are used.

type PackageConnectivity added in v0.75.0 

type PackageConnectivity string

PackageConnectivity defines the connectivity mode of package deployments 

const (
	// PackageConnectivityAirGap is the default deploy mode
	PackageConnectivityAirGap PackageConnectivity = "airgap"
	// PackageConnectivityConnected is used when a package is deployed with YOLO or in connected mode.
	PackageConnectivityConnected PackageConnectivity = "connected"
)

type RegistryInfo added in v0.56.0 

type RegistryInfo struct {
	// Username of a user with push access to the registry
	PushUsername string `json:"pushUsername"`
	// Password of a user with push access to the registry
	PushPassword string `json:"pushPassword"`
	// Username of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used
	PullUsername string `json:"pullUsername"`
	// Password of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used
	PullPassword string `json:"pullPassword"`
	// URL address of the registry
	Address string `json:"address"`
	// Deprecated: Use Port instead. Kept for backwards compatibility with state JSON written by older Zarf versions.
	NodePort int `json:"nodePort"`
	// Port of the internal registry. In nodeport mode this is a Kubernetes NodePort, in proxy mode it is a host port.
	Port int `json:"port"`
	// Secret value that the registry was seeded with
	Secret string `json:"secret"`
	// RegistryMode defines how the registry is accessed (nodeport, proxy, or external)
	RegistryMode RegistryMode `json:"registryMode"`
	// MTLSStrategy defines who manages the mTLS certificates for the registry (defaults to none)
	MTLSStrategy MTLSStrategy `json:"mtlsStrategy,omitempty"`
}

RegistryInfo contains information Zarf uses to communicate with a container registry to push/pull images.

func (*RegistryInfo) FillInEmptyValues added in v0.56.0 

func (ri *RegistryInfo) FillInEmptyValues(ipFamily IPFamily) error

FillInEmptyValues sets every necessary value not already set to a reasonable default

func (RegistryInfo) IsConfigured added in v0.75.0 

func (ri RegistryInfo) IsConfigured() bool

IsConfigured returns true if the registry info address has been set

func (RegistryInfo) IsInternal added in v0.56.0 

func (ri RegistryInfo) IsInternal() bool

IsInternal returns true if the registry URL is equivalent to the registry deployed through the default init package

func (*RegistryInfo) ReconcilePort added in v0.74.1 

func (ri *RegistryInfo) ReconcilePort()

ReconcilePort syncs the deprecated NodePort field with Port at serialization boundaries. On read (LoadState): copies NodePort into Port when Port is unset, for state written by older Zarf. On write (SaveState): copies Port into NodePort so older Zarf versions can read the state.

func (RegistryInfo) ShouldUseMTLS added in v0.71.0 

func (ri RegistryInfo) ShouldUseMTLS() bool

ShouldUseMTLS returns true if mTLS should be used for the registry connection.

type RegistryMode added in v0.65.0 

type RegistryMode string

RegistryMode defines how the registry is accessed 

const (
	// RegistryModeNodePort accesses the registry via NodePort service
	RegistryModeNodePort RegistryMode = "nodeport"
	// RegistryModeProxy accesses the registry via DaemonSet proxy
	RegistryModeProxy RegistryMode = "proxy"
	// RegistryModeExternal is used when the user has an external registry
	RegistryModeExternal RegistryMode = "external"
)

type State 

type State struct {
	// Indicates if Zarf was initialized while deploying its own k8s cluster
	ZarfAppliance bool `json:"zarfAppliance"`
	// K8s distribution of the cluster Zarf was deployed to
	Distro string `json:"distro"`
	// Default StorageClass value Zarf uses for variable templating
	StorageClass string `json:"storageClass"`
	// The IP family of the cluster, can be ipv4, ipv6, or dual
	IPFamily IPFamily `json:"ipFamily,omitempty"`
	// PKI certificate information for the agent pods Zarf manages
	AgentTLS pki.GeneratedPKI `json:"agentTLS"`
	// AgentTLSUserProvided indicates whether the agent TLS certs were provided by the user rather than auto-generated
	AgentTLSUserProvided bool         `json:"agentTLSUserProvided,omitempty"`
	InjectorInfo         InjectorInfo `json:"injectorInfo"`

	// Information about the repository Zarf is configured to use
	GitServer GitServerInfo `json:"gitServer"`
	// Information about the container registry Zarf is configured to use
	RegistryInfo RegistryInfo `json:"registryInfo"`
	// Information about the artifact registry Zarf is configured to use
	ArtifactServer ArtifactServerInfo `json:"artifactServer"`
}

State is maintained as a secret in the Zarf namespace to track Zarf init data.

func Default 

func Default() (*State, error)

Default returns a default State with default values filled in for the registry, git server, and artifact server

func Merge 

func Merge(oldState *State, opts MergeOptions) (*State, error)

Merge merges init options for provided services into the provided state to create a new state struct

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.