Zarf - DevSecOps for Air Gap

Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments.

📦 Out of the Box Features

Automate Kubernetes deployments in disconnected environments
Automate Software Bill of Materials (SBOM) generation
Provide a web dashboard for viewing SBOM output
Create and verify package signatures with cosign
Publish, pull, and deploy packages from an OCI registry
Powerful component lifecycle actions
Deploy a new cluster while fully disconnected with K3s or into any existing cluster using a kube config
Builtin logging stack with Loki
Builtin Git server with Gitea
Builtin Docker registry
Builtin K9s Dashboard for managing a cluster from the terminal
Mutating Webhook to automatically update Kubernetes pod's image path and pull secrets as well as Flux Git Repository URLs and secret references
Builtin command to find images and resources from a Helm chart
Tunneling capability to connect to Kubernetes resources without network routing, DNS, TLS or Ingress configuration required

🛠️ Configurable Features

Customizable variables and package templates with defaults and user prompting
Composable packages to include multiple sub-packages/components
Component-level OS/architecture filtering

Demo

https://www.youtube.com/watch?v=WnOYlFVVKDE

Getting Started

To try Zarf out for yourself, visit the "Try It Now" section on our website, and if you want to learn more about Zarf and its use cases visit docs.zarf.dev.

From the docs you can learn more about installation, using the CLI, making packages, and the Zarf package schema.

Using Zarf in Github workflows? Check out the setup-zarf action. Install any version of Zarf and its init package with zero added dependencies.

Developing

To contribute, please see our Contributor Guide. Below is an architectural diagram showing the basics of how Zarf functions which you can read more about here.