A tiny (<1MiB) binary statically-linked with musl in order to fit as a configmap.
See how it gets used during the zarf-init process in the 'init' package reference documentation.
zarf-injector <SHA256> [bind_address][bind_address] defaults to 0.0.0.0:5000. A user may want to change it to [::]:5000 to enable IPv6
The zarf-injector binary serves 2 purposes during 'init'.
- It re-assembles a multi-part tarball that was split into multiple ConfigMap entries (located at
./zarf-payload-*) back intopayload.tar.gz, then extracts it to the/zarf-seeddirectory. It also checks that the SHA256 hash of the re-assembled tarball matches the first (and only) argument provided to the binary. - It runs a pull-only, insecure, HTTP OCI compliant registry server on port 5000 that serves the contents of the
/zarf-seeddirectory (which is of the OCI layout format).
This enables a distro-agnostic way to inject real registry:3 image into a running cluster, thereby enabling air-gapped deployments.
- Install Rust using https://rustup.rs/
- Install cross with
make install-cross - Install Docker or Podman and have it running
Install build-essential
sudo apt-get update
sudo apt-get install build-essentialThen build
make injectorWhichever arch. of musl used, add to toolchain
rustup toolchain install --force-non-host stable-x86_64-unknown-linux-musl
Then build
make injector
This will build into target/*--unknown-linux-musl/release
Due to the ConfigMap size limit (1MiB for binary data), we need to make sure the binary is small enough to fit.
make check-sizesInjector sizes:
AMD64 injector: 1011736b
ARM64 injector: 917512bBuild your injector by following the steps above then run the following the test directory:
zarf package create
zarf init --confirm