diff --git a/README.md b/README.md index d7f86c1..1394d24 100644 --- a/README.md +++ b/README.md @@ -3,12 +3,28 @@ This repository contains a collection of **Zarf packages** designed to deploy and manage a complete Rocket.Chat ecosystem in air-gapped or restricted environments. Zarf is an open-source tool designed to simplify the delivery of software into air-gapped, secure, or highly regulated environments by bundling all necessary dependencies into [packages](https://docs.zarf.dev/ref/packages/). +## Verifying packages + +Write our public key to a file (`rc-zarf.pub`): +``` +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGRlNyEmY/vgPSXrlPvOZbp1xeCPg +6M7EC9Ojs5IT5QD0n3+XCexASrnRLQ2NWJscOKBhVoybjeSpSY/sAImuDQ== +-----END PUBLIC KEY----- +``` + +Then: +``` +zarf package verify oci://ghcr.io/rocketchat/: --key rc-zarf.pub +``` +You can also [deploy with signature verification](https://docs.zarf.dev/tutorials/5-package-signing-and-verification/#step-6-deploy-with-signature-verification). + ## Deploying packages It is recommended that your Kubernetes cluster contains at least 3 nodes with 2 vCPUs, 6 GiB memory and 100G disk each. For testing, you can decrease storage and mongod limits. There's a README.md in each package folder with variables and defaults. -### Init the cluster +### Requirement: init the cluster ``` KUBECONFIG= zarf init [--storage-class longhorn] [--confirm] diff --git a/airlock/zarf.yaml b/airlock/zarf.yaml index 31f976e..a9877a3 100644 --- a/airlock/zarf.yaml +++ b/airlock/zarf.yaml @@ -37,3 +37,4 @@ variables: description: "The admin password for workspaces cluster" prompt: true default: b4n4n4-5up3r + diff --git a/cert-manager/zarf.yaml b/cert-manager/zarf.yaml index 521559f..75291f5 100644 --- a/cert-manager/zarf.yaml +++ b/cert-manager/zarf.yaml @@ -56,3 +56,4 @@ variables: description: "Specific configuration for the cert-manager webhook" default: "{hostNetwork: true, securePort: 10260}" + diff --git a/launchcontrol/zarf.yaml b/launchcontrol/zarf.yaml index 942fd92..9b2cb52 100644 --- a/launchcontrol/zarf.yaml +++ b/launchcontrol/zarf.yaml @@ -27,3 +27,4 @@ variables: - name: LAUNCHCONTROL_CLUSTER_ISSUER description: "A cert-manager's ClusterIssuer name to be used for TLS ingress" default: ca-issuer + diff --git a/longhorn/zarf.yaml b/longhorn/zarf.yaml index df6630c..b28a26d 100644 --- a/longhorn/zarf.yaml +++ b/longhorn/zarf.yaml @@ -99,3 +99,4 @@ components: echo "Registry already on Longhorn. No action taken." fi + diff --git a/mongodb-kubernetes/zarf.yaml b/mongodb-kubernetes/zarf.yaml index bdfc379..ec9e3cc 100644 --- a/mongodb-kubernetes/zarf.yaml +++ b/mongodb-kubernetes/zarf.yaml @@ -80,3 +80,4 @@ variables: description: "The cluster admin password" prompt: true default: b4n4n4-5up3r + diff --git a/monitoring/zarf.yaml b/monitoring/zarf.yaml index 89aa49a..f11e13c 100644 --- a/monitoring/zarf.yaml +++ b/monitoring/zarf.yaml @@ -67,3 +67,4 @@ variables: prompt: true default: 30Gi + diff --git a/server-workspace/zarf.yaml b/server-workspace/zarf.yaml index d19c2cd..dc51d52 100644 --- a/server-workspace/zarf.yaml +++ b/server-workspace/zarf.yaml @@ -81,3 +81,4 @@ variables: - name: WORKSPACE_LICENSE description: "Workspace license" default: "" +