Zarf installation and upgrade for CPSH extended capabilities

This following instructions detail the process of installing the Zarf command-line interface (CLI) and initializing the target Kubernetes cluster for the CPSH extended capabilities deployment.

To begin:

  1. Download and install Zarf if you haven't done so already.
  2. (Optional) Run the Zarf initialization.

Initialize the cluster

This step bootstraps the cluster by installing the infrastructure necessary for Zarf (internal registry, agent, etc.).

  1. Download the standard Zarf init package to your local working directory.

    2. Copy 
    zarf tools download-init -a amd64

    Note The -a flag specifies the architecture for the package. By default, zarf tools download-init downloads the package for the architecture of your local machine. For example, if you are using a Mac with arm64, it downloads the arm64 version. However, if your local machine uses a different architecture than your cluster (such as EKS, which is amd64), you must include the -a flag for both the download and initialization steps to avoid an architecture mismatch.

  2. Execute the following initialization command to initialize the cluster, enable the registry proxy, and apply specific Kubernetes taints and tolerations required for CPSH node groups:

    3. Copy 
    zarf --log-level=debug init \
      --features=registry-proxy=true \
      --registry-mode=proxy \
      -a amd64 \
      --confirm \
      --set REGISTRY_HPA_MAX=1 \
      --set PROXY_TOLERATIONS='[{"effect":"NoSchedule","key":"collibra.com/node-storage","operator":"Equal","value":"local"},{"effect":"NoSchedule","key":"collibra.com/team","operator":"Equal","value":"techlin"}]'

Initialization Command Details

Parameter Value/Setting Purpose
--features=registry-proxy=true true Enables the Zarf registry proxy feature.
--registry-mode=proxy proxy Sets the internal Zarf registry to run in proxy mode.
--set REGISTRY_HPA_MAX=1 1 Sets the maximum Horizontal Pod Autoscaler replicas for the Zarf registry to 1.
--set PROXY_TOLERATIONS='[...]' Specific JSON array Applies Kubernetes tolerations to the Zarf proxy components, ensuring they run on the dedicated techlin node group with local storage.
--confirm   Skips interactive prompts and automatically confirms the installation.

Update

Standard method

To update Zarf using the standard method, reinstall the new Zarf version and re-run the initialization steps using the same parameters:

Note This is applicable if the newer Zarf version is backward compatible.

Copy 
zarf init [...]

Hard method

If Zarf needs to be updated and the new version is incompatible with the previous, or init parameters needs to be changed, you must first remove and then reinstall.

Note This method forces Zarf to forget about previously installed packages, potentially leading to issues.

Run the following if current installed packages can be removed:

Copy 
zarf destroy --remove-components --confirm
zarf init [...]

If current installed packages can not be removed:

  1. Backup the current Zarf secrets matching previously installed packages:

    2. Copy 
    kubectl get secrets -n zarf -o name |grep 'zarf-package-cpsh'
    kubectl get secrets -n zarf zarf-package-cpsh-platform -o yaml >zarf-package-cpsh-platform-secret.yaml
    kubectl get secrets -n zarf zarf-package-cpsh-lineage -o yaml >zarf-package-cpsh-lineage-secret.yaml
    kubectl get secrets -n zarf zarf-package-cpsh-edge-fips -o yaml >zarf-package-cpsh-edge-fips-secret.yaml
    kubectl get secrets -n zarf zarf-package-cpsh-observability -o yaml >zarf-package-cpsh-observability-secret.yaml

  2. Run Zarf destroy:

    3. Copy 
    zarf destroy --confirm

  3. Re-run Zarf init:

    4. Copy 
    zarf init [...]

  4. Restore the Zarf secrets for previously installed packages:

    5. Copy 
    kubectl create -n zarf -f zarf-package-cpsh-platform-secret.yaml
    kubectl create -n zarf -f zarf-package-cpsh-lineage-secret.yaml
    kubectl create -n zarf -f zarf-package-cpsh-edge-fips-secret.yaml
    kubectl create -n zarf -f zarf-package-cpsh-observability-secret.yaml

  5. Remove the Zarf ignore annotation from existing namespaces:

    6. Copy 
    kubectl label ns collibra-control zarf.dev/agent-
    kubectl label ns collibra-edge zarf.dev/agent-
    kubectl label ns collibra-instance zarf.dev/agent-
    kubectl label ns collibra-observability zarf.dev/agent-

  6. Re-install the cpsh-* packages (the Zarf registry is empty now, this will re-push the container images). The workload should not usually be updated.

Operations

Periodically, you should prune the internal Zarf container registry to manage its size. To do this, run the following command:

Copy 
zarf tools registry prune

This command will remove the container images that are not currently being used by any Zarf packages (such as old versions of the cpsh-* packages). These images can be re-pushed to the registry by re-installing the corresponding Zarf package.