Skip to main content

zarf init

Prepares a k8s cluster for the deployment of Zarf packages

Synopsis

Injects a docker registry as well as other optional useful things (such as a git server and a logging stack) into a k8s cluster under the 'zarf' namespace to support future application deployments. If you do not have a k8s cluster already configured, this command will give you the ability to install a cluster locally.

This command looks for a zarf-init package in the local directory that the command was executed from. If no package is found in the local directory and the Zarf CLI exists somewhere outside of the current directory, Zarf will failover and attempt to find a zarf-init package in the directory that the Zarf binary is located in.

zarf init [flags]

Examples


# Initializing without any optional components:
$ zarf init

# Initializing w/ Zarfs internal git server:
$ zarf init --components=git-server

# Initializing w/ Zarfs internal git server and PLG stack:
$ zarf init --components=git-server,logging

# Initializing w/ an internal registry but with a different nodeport:
$ zarf init --nodeport=30333

# Initializing w/ an external registry:
$ zarf init --registry-push-password={PASSWORD} --registry-push-username={USERNAME} --registry-url={URL}

# Initializing w/ an external git server:
$ zarf init --git-push-password={PASSWORD} --git-push-username={USERNAME} --git-url={URL}

# Initializing w/ an external artifact server:
$ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNAME} --artifact-url={URL}

# NOTE: Not specifying a pull username/password will use the push user for pulling as well.

Options

      --adopt-existing-resources        Adopts any pre-existing K8s resources into the Helm charts managed by Zarf. ONLY use when you have existing deployments you want Zarf to takeover.
--artifact-push-token string [alpha] API Token for the push-user to access the artifact registry
--artifact-push-username string [alpha] Username to access to the artifact registry Zarf is configured to use. User must be able to upload package artifacts.
--artifact-url string [alpha] External artifact registry url to use for this Zarf cluster
--components string Specify which optional components to install. E.g. --components=git-server,logging
--confirm Confirms package deployment without prompting. ONLY use with packages you trust. Skips prompts to review SBOM, configure variables, select optional components and review potential breaking changes.
--git-pull-password string Password for the pull-only user to access the git server
--git-pull-username string Username for pull-only access to the git server
--git-push-password string Password for the push-user to access the git server
--git-push-username string Username to access to the git server Zarf is configured to use. User must be able to create repositories via 'git push' (default "zarf-git-user")
--git-url string External git server url to use for this Zarf cluster
-h, --help help for init
-k, --key string Path to public key file for validating signed packages
--nodeport int Nodeport to access a registry internal to the k8s cluster. Between [30000-32767]
--registry-pull-password string Password for the pull-only user to access the registry
--registry-pull-username string Username for pull-only access to the registry
--registry-push-password string Password for the push-user to connect to the registry
--registry-push-username string Username to access to the registry Zarf is configured to use (default "zarf-push")
--registry-secret string Registry secret value
--registry-url string External registry url address to use for this Zarf cluster
--set stringToString Specify deployment variables to set on the command line (KEY=value) (default [])
--skip-webhooks [alpha] Skip waiting for external webhooks to execute as each package component is deployed
--storage-class string Specify the storage class to use for the registry and git server. E.g. --storage-class=standard
--timeout duration Timeout for Helm operations such as installs and rollbacks (default 15m0s)

Options inherited from parent commands

  -a, --architecture string   Architecture for OCI images and Zarf packages
--insecure Allow access to insecure registries and disable other recommended security enforcements such as package checksum and signature validation. This flag should only be used if you have a specific reason and accept the reduced security posture.
-l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info")
--no-color Disable colors in output
--no-log-file Disable log file creation
--no-progress Disable fancy UI progress bars, spinners, logos, etc
--tmpdir string Specify the temporary directory to use for intermediate files
--zarf-cache string Specify the location of the Zarf cache directory (default "~/.zarf-cache")

SEE ALSO

  • zarf - DevSecOps for Airgap