WIP: port init packages to value templating

packages/distros/eks/eks.yaml

@@ -2,40 +2,40 @@
 apiVersion: eksctl.io/v1alpha5
 kind: ClusterConfig
 metadata:
-  name: ###ZARF_VAR_EKS_CLUSTER_NAME###
-  region: ###ZARF_VAR_EKS_CLUSTER_REGION###
+  name: {{ .Values.cluster.name }}
+  region: {{ .Values.cluster.region }}
   tags:
-    PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###"
+    PermissionsBoundary: {{ .Values.iam.permissionsBoundaryTag | quote }}
 
 iam:
   withOIDC: true
-  serviceRolePermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###"
+  serviceRolePermissionsBoundary: {{ .Values.iam.permissionsBoundaryArn | quote }}
 
 addons:
   - name: aws-ebs-csi-driver
     attachPolicyARNs:
       - arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
-    permissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###"
+    permissionsBoundary: {{ .Values.iam.permissionsBoundaryArn | quote }}
     tags:
-      PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###"
+      PermissionsBoundary: {{ .Values.iam.permissionsBoundaryTag | quote }}
     configurationValues: |-
       defaultStorageClass:
         enabled: true
 
   - name: vpc-cni
     attachPolicyARNs:
       - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
-    permissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###"
+    permissionsBoundary: {{ .Values.iam.permissionsBoundaryArn | quote }}
     tags:
-      PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###"
+      PermissionsBoundary: {{ .Values.iam.permissionsBoundaryTag | quote }}
 
 managedNodeGroups:
-- instanceType: ###ZARF_VAR_EKS_INSTANCE_TYPE###
-  name: ###ZARF_VAR_EKS_CLUSTER_NAME###-ng
+- instanceType: {{ .Values.nodeGroups.instanceType }}
+  name: {{ .Values.cluster.name }}-ng
   minSize: 3
   maxSize: 6
   spot: true
   tags:
-    PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###"
+    PermissionsBoundary: {{ .Values.iam.permissionsBoundaryTag | quote }}
   iam:
-    instanceRolePermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###"
+    instanceRolePermissionsBoundary: {{ .Values.iam.permissionsBoundaryArn | quote }}

packages/distros/eks/values.yaml

@@ -0,0 +1,15 @@
+cluster:
+  # The name for the EKS cluster (required)
+  name: ""
+  # The AWS region to setup the cluster and associated networking
+  region: "us-east-1"
+
+nodeGroups:
+  # The EC2 instance type for the worker nodes
+  instanceType: "t3.small"
+
+iam:
+  # The ARN of the IAM permissions boundary to apply to the cluster resources
+  permissionsBoundaryArn: ""
+  # The tag to apply to the cluster resources to indicate the permissions boundary
+  permissionsBoundaryTag: ""

packages/distros/eks/zarf.yaml

@@ -4,31 +4,17 @@ metadata:
   description: Deploy a EKS K8s cluster
   version: 0.0.3
 
-variables:
-  - name: EKS_CLUSTER_NAME
-    description: The name for the EKS cluster
-    prompt: true
-
-  - name: EKS_INSTANCE_TYPE
-    description: The EC2 instance type for the worker nodes
-    default: t3.small
-
-  - name: EKS_CLUSTER_REGION
-    description: The AWS region to setup the cluster and associated networking
-    default: us-east-1
-
-  - name: PERMISSIONS_BOUNDARY_ARN
-    description: The ARN of the IAM permissions boundary to apply to the cluster resources
-
-  - name: PERMISSIONS_BOUNDARY_TAG
-    description: The tag to apply to the cluster resources to indicate the permissions boundary
+values:
+  files:
+    - values.yaml
 
 components:
   - name: load-eksctl
     required: true
     files:
       - source: eks.yaml
         target: eks.yaml
+        template: true
       - source: https://github.com/eksctl-io/eksctl/releases/download/v0.214.0/eksctl_Darwin_amd64.tar.gz
         target: binaries/eksctl_Darwin_x86_64
         executable: true
@@ -53,7 +39,8 @@ components:
           - cmd: ./binaries/eksctl_$(uname -s)_$(uname -m) create cluster --dry-run -f eks.yaml
           - cmd: sleep 15
           - cmd: ./binaries/eksctl_$(uname -s)_$(uname -m) create cluster -f eks.yaml
-          - cmd: ./binaries/eksctl_$(uname -s)_$(uname -m) utils write-kubeconfig -c ${ZARF_VAR_EKS_CLUSTER_NAME}
+          - cmd: ./binaries/eksctl_$(uname -s)_$(uname -m) utils write-kubeconfig -c {{ .Values.cluster.name }}
+            template: true
 
   - name: teardown-eks-cluster
     description: Delete the EKS cluster that this package was used to create.

packages/gitea/values.yaml

@@ -0,0 +1,72 @@
+persistence:
+  # FIXME(mkcp): How do we set a template object to a helm value without the template system
+  storageClass: "###ZARF_STORAGE_CLASS###"
+  # "Optional: Use an existing PVC for the git server instead of creating a new one. If this is set, the GIT_SERVER_PVC_SIZE variable will be ignored."
+  claimName: "data-zarf-gitea-0"
+  # The size of the persistent volume claim for the git server
+  size: "10Gi"
+  # The access mode of the persistent volume claim for the git server
+  accessModes:
+    - "ReadWriteOnce"
+  create: ""
+
+# The number of git server replicas to deploy
+replicaCount: 1
+
+gitea:
+  admin:
+    # FIXME(mkcp): How do we set a template object to a helm value without the template system
+    username: "###ZARF_GIT_PUSH###"
+    password: "###ZARF_GIT_AUTH_PUSH###"
+    email: "zarf@localhost"
+  config:
+    APP_NAME: "Zarf Gitops Service"
+    server:
+      DISABLE_SSH: true
+      OFFLINE_MODE: true
+      ROOT_URL: http://zarf-gitea-http.zarf.svc.cluster.local:3000
+    database:
+      DB_TYPE: sqlite3
+      # Note that the init script checks to see if the IP & port of the database service is accessible, so make sure you set those to something that resolves as successful (since sqlite uses files on disk setting the port & ip won't affect the running of gitea).
+      HOST: zarf-docker-registry.zarf.svc.cluster.local:5000
+    security:
+      INSTALL_LOCK: true
+    service:
+      # Disables the ability to register new users
+      DISABLE_REGISTRATION: "true"
+    repository:
+      ENABLE_PUSH_CREATE_USER: true
+      FORCE_PRIVATE: true
+    session:
+      PROVIDER: memory
+    cache:
+      ADAPTER: memory
+    queue:
+      TYPE: level
+resources:
+  requests:
+    # The CPU request for git server
+    cpu: "200m"
+    # The memory request for git server
+    memory: "512m"
+  limits:
+    # The CPU limit for git server
+    cpu: 3
+    # The memory limit for git server
+    memory: "2Gi"
+
+image:
+  fullOverride: "###ZARF_CONST_GITEA_IMAGE###"
+  rootless: true
+
+postgresql-ha:
+  enabled: false
+
+redis-cluster:
+  enabled: false
+
+valkey-cluster:
+  enabled: false
+
+strategy:
+  type: "Recreate"

packages/gitea/zarf.yaml

@@ -2,42 +2,10 @@ kind: ZarfPackageConfig
 metadata:
   name: init-package-git-server
 
-variables:
-  - name: GIT_SERVER_EXISTING_PVC
-    description: "Optional: Use an existing PVC for the git server instead of creating a new one. If this is set, the GIT_SERVER_PVC_SIZE variable will be ignored."
-    default: "data-zarf-gitea-0"
-
-  - name: GIT_SERVER_PVC_SIZE
-    description: The size of the persistent volume claim for the git server
-    default: 10Gi
-
-  - name: GIT_SERVER_PVC_ACCESS_MODE
-    description: The access mode of the persistent volume claim for the git server
-    default: ReadWriteOnce
-
-  - name: GIT_SERVER_CPU_REQ
-    description: The CPU request for git server
-    default: 200m
-
-  - name: GIT_SERVER_MEM_REQ
-    description: The memory request for git server
-    default: 512Mi
-
-  - name: GIT_SERVER_CPU_LIMIT
-    description: The CPU limit for git server
-    default: "3"
-
-  - name: GIT_SERVER_MEM_LIMIT
-    description: The memory limit for git server
-    default: 2Gi
-
-  - name: GIT_SERVER_REPLICA_COUNT
-    description: The number of git server replicas to deploy
-    default: "1"
-
-  - name: GIT_SERVER_DISABLE_REGISTRATION
-    description: Disables the ability to register new users
-    default: "true"
+values:
+  files:
+    - values.yaml
+  # TODO Schema
 
 constants:
   - name: GITEA_IMAGE
@@ -61,14 +29,16 @@ components:
         url: oci://registry-1.docker.io/giteacharts/gitea
         version: 12.3.0
         namespace: zarf
-        valuesFiles:
-          - gitea-values.yaml
+        # TODO(mkcp): limit these to the specific values
+        values:
+          - sourcePath: "."
+            targetPath: "."
     actions:
       onDeploy:
         before:
           - cmd: ./zarf internal update-gitea-pvc
-            setVariables:
-              - name: GIT_SERVER_CREATE_PVC
+            setValues:
+              - key: .persistence.create
             mute: true
         after:
           - cmd: ./zarf internal create-read-only-gitea-user

packages/zarf-registry/configmap.yaml

@@ -6,5 +6,5 @@ metadata:
   namespace: kube-public
 data:
   localRegistryHosting.v1: |
-    host: "###ZARF_REGISTRY###"
+    host: {{ .Variables.ZARF_REGISTRY | quote }}
     help: "https://github.com/zarf-dev/zarf"

packages/zarf-registry/values.yaml

@@ -0,0 +1,92 @@
+persistence:
+  enabled: true
+  # TODO(mkcp): Internal builtin - needs to come from cluster state
+  storageClass: "###ZARF_STORAGE_CLASS###"
+  size: "20Gi"
+  existingClaim: ""
+  accessMode: "ReadWriteOnce"
+
+image:
+  # TODO(mkcp): Internal builtins - need to come from cluster state
+  repository: "###ZARF_REGISTRY###/###ZARF_CONST_REGISTRY_IMAGE###"
+  tag: "###ZARF_CONST_REGISTRY_IMAGE_TAG###"
+
+imagePullSecrets:
+  - name: private-registry
+
+proxy:
+  # TODO(mkcp): Internal builtin - needs to come from cluster state
+  enabled: "###ZARF_REGISTRY_PROXY###"
+  hostNetwork: false
+  tolerations: []
+  image:
+    # TODO(mkcp): Internal builtins - need to come from cluster state
+    repository: "###ZARF_SEED_REGISTRY###/###ZARF_CONST_PROXY_IMAGE###"
+    tag: "###ZARF_CONST_PROXY_IMAGE_TAG###"
+  registry:
+    image:
+      # TODO(mkcp): Internal builtins - need to come from cluster state
+      repository: "###ZARF_SEED_REGISTRY###/###ZARF_CONST_REGISTRY_IMAGE###"
+  injector:
+    # TODO(mkcp): Internal builtins - need to come from cluster state
+    hostPort: "###ZARF_INJECTOR_HOSTPORT###"
+    image: "###ZARF_INJECTOR_IMAGE###"
+    payLoadConfigMapAmount: "###ZARF_INJECTOR_PAYLOAD_CONFIGMAPS###"
+    shasum: "###ZARF_INJECTOR_SHASUM###"
+
+secrets:
+  # TODO(mkcp): Internal builtins - need to come from cluster state
+  htpasswd: "###ZARF_HTPASSWD###"
+  configData:
+    http:
+      secret: "###ZARF_REGISTRY_SECRET###"
+
+# TODO(mkcp): Internal builtin - needs to come from cluster state
+ipv6Only: "###ZARF_IPV6_ONLY###"
+
+service:
+  # TODO(mkcp): Internal builtin - needs to come from cluster state
+  nodePort: "###ZARF_NODEPORT###"
+
+resources:
+  requests:
+    cpu: "100m"
+    memory: "256Mi"
+  limits:
+    cpu: "3"
+    memory: "2Gi"
+
+fullnameOverride: "zarf-docker-registry"
+
+podLabels:
+  zarf.dev/agent: "ignore"
+
+affinity:
+  enabled: true
+  custom: {}
+
+tolerations: []
+
+autoscaling:
+  enabled: true
+  mapReplicasToNodes: false
+  minReplicas: "1"
+  maxReplicas: "5"
+  targetCPUUtilizationPercentage: 80
+
+caBundle: ""
+
+extraEnvVars: []
+
+serviceAccount:
+  create: false
+  name: ""
+  annotations: {}
+
+opentelemetry:
+  exporter: none
+
+securityContext:
+  runAsUser: 1000
+  fsGroup: 2000
+  runAsGroup: 2000

packages/zarf-registry/zarf.yaml

@@ -2,6 +2,11 @@ kind: ZarfPackageConfig
 metadata:
   name: init-package-zarf-registry
 
+values:
+  files:
+    values.yaml
+  # TODO add schema
+
 variables:
   - name: REGISTRY_EXISTING_PVC
     description: "Optional: Use an existing PVC for the registry instead of creating a new one. If this is set, the REGISTRY_PVC_SIZE variable will be ignored."
@@ -192,6 +197,7 @@ components:
         namespace: zarf
         files:
           - configmap.yaml
+        template: true
     charts:
       - name: docker-registry
         releaseName: zarf-docker-registry