Publish & Deploy Packages w/OCI
Introduction
In this tutorial, we are going to run through how to publish a Zarf package to an OCI compliant registry, allowing end users to pull and deploy packages without needing to build locally, or transfer the package to their environment.
System Requirements
- Internet access to download resources or upload packages
- Access to a registry (this tutorial uses Docker Hub)
Prerequisites
For following along locally, please ensure the following prerequisites are met:
- Zarf binary installed on your
$PATH: (Installing Zarf) - Access to a Registry supporting the OCI Distribution Spec, this tutorial will be using Docker Hub
- Access to a cluster that has been initialized with zarf.
Youtube Tutorial
Working with OCI Packages
This tutorial will require a registry to be configured (see prerequisites for more information). The below sets up some variables for us to use when logging into the registry:
With those set, you can tell Zarf to login to your registry with the following:
If you do not have the Docker CLI installed, you may need to create a Docker compliant auth config file manually:
Publish Package
First, create a valid Zarf package definition (zarf.yaml), with the metadata.version key set.
Create the package locally:
Then publish the package to the registry:
Your package tarball may be named differently based on your machine's architecture. For example, if you are running on an AMD64 machine, the tarball will be named zarf-package-helm-oci-chart-amd64-0.0.1.tar.zst.
The name and reference of this OCI artifact is derived from the package metadata, e.g.: helm-oci-chart:0.0.1-arm64
To modify, edit zarf.yaml and re-run zarf package create .
The above publish command publishes a fully-built package that is ready to deploy to a cluster, but this isn't the only kind of package you can publish to an OCI registry.
If you specify a path to a directory containing a zarf.yaml (as you would on zarf package create) you can create a skeleton package that is importable into other packages using component composability. These can be inspected like normal Zarf packages but cannot be deployed as they haven't been fully created yet.
Inspect Package
Inspecting a Zarf package stored in an OCI registry is the same as inspecting a local package and has the same flags:
Deploy Package
Deploying a package stored in an OCI registry is nearly the same experience as deploying a local package:
Pull Package
Packages can be saved to the local disk in order to deploy a package multiple times without needing to fetch it every time.
Removal
- Use the
zarf package listcommand to get a list of the installed packages. This will give you the name of the games package to remove it.
- Use the
zarf package removecommand to remove thehelm-oci-chartpackage. Don't forget the--confirmflag. Otherwise you'll receive an error.
Troubleshooting
Failed to publish package: version is required for publishing
You attempted to publish a package with no version metadata.
- Open the zarf.yaml file.
- Add a version attribute to the package metadata
- Recreate the package with the
zarf package createcommand. - Publish the package. The filename will now have the version as part of it.
Failed to publish, http: server gave HTTP response to HTTPS client
You attempted to publish a package to an insecure registry, using http instead of https.
- Use the
--insecureflag. Note that this is not suitable for production workloads.
Unable to connect to the Kubernetes cluster.
If you receive this error, either you don't have a Kubernetes cluster, your cluster is down, or your cluster is unreachable.
- Check your kubectl configuration, then try again. For more information about kubectl configuration see Configure Access to Multiple Clusters from the Kubernetes documentation.
If you need to setup a cluster, you can perform the following.
- Deploy a Kubernetes cluster with the Creating a K8s Cluster with Zarf tutorial.
- Perform the Initialize a cluster tutorial.
After that you can try deploying the package again.
Secrets "zarf-state" not found.
If you receive this error when zarf is attempting to deploy any component, this means you have not initialized the kubernetes cluster. This is one of the prerequisites for this tutorial. Perform the Initialize a cluster tutorial, then try again.