Skip to content

Commit

Permalink
merge pull request #12 from zackbradys/main
Browse files Browse the repository at this point in the history 
updates/upgrades for hauler `v1.0.0`
  • Loading branch information
@zackbradys
zackbradys authored Feb 20, 2024
2 parents 9bbeb33 + 9b06072 commit 372a4f9
Show file tree
Hide file tree
Showing 69 changed files with 7,366 additions and 3,228 deletions.
18 changes: 17 additions & 1 deletion docs/airgap-workflow.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,20 @@ sidebar_label: Airgap Workflow

![hauler-workflow-diagram](/img/hauler-workflow-diagram.png)

Airgap Workflow Documentation pending a future release!
## What's an Airgap?

An airgap is a highly secure environment that is physically isolated from external connectivity (usually the internet), ensuring complete isolation from other environments by preventing unauthorized access or data transfers.

### Example Use Cases

- **Government and Military:** These airgaps protect sensitive government and military information and critical defense infrastructure, ensuring that classified data remains secure and inaccessible to unauthorized entities.
- **Critical Infrastructure:** These airgaps secure power grids, water supply systems, and transportation networks from cyber threats, shielding them from potential disruptions and ensuring their continuous operation.
- **Financial Institutions:** These airgaps safeguard financial transactions and customer data from cyberattacks, maintaining the trust and integrity of financial systems.
- **Research Facilities:** These airgaps protect valuable research data, intellectual property, and proprietary information, preserving the integrity and confidentiality of research efforts.

## Challenges of an Airgap

- **Data Transfers:** Transferring data in and out of an airgapped system is complex due to the lack of network connectivity, often necessitating the use of physical media, trusted intermediaries, and meticulous approval processes to ensure data security.
- **Usability vs. Security Balance:** Balancing security with usability in airgapped environments can be intricate, as the limited convenience poses challenges for user interactions and system operations.
- **Maintenance Complexity:** Regular system updates, package and dependency updates, and overall maintenance can be challenging in airgapped systems, as the limited network connectivity complicates the process, requiring meticulous planning and execution.
- **Costly Implementation:** Implementing and maintaining airgapped systems can be costly, demanding specialized workflows, protocols, and security measures to uphold the system's integrity and security.
10 changes: 5 additions & 5 deletions docs/core-concepts.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ At the heart of Hauler lies the concept of a `Haul`. A `Haul` is a compressed ar

### Community Collections

While `collections` (and `contents`) are built into Hauler, our goal is to empower users to define their own `collections`. This way, you can tailor Hauler to your unique requirements and take full control of your artifacts.
While `collections` (and `contents`) are built into Hauler, our goal is to empower operators to define their own `collections`. This way, you can tailor Hauler to your unique requirements and take full control of your artifacts.

### RGS Carbide Collections

Expand All @@ -42,12 +42,12 @@ While `collections` (and `contents`) are built into Hauler, our goal is to empow

:::

In Hauler's terminology, `content` refers to artifacts such as images, charts, or files. These are the fundamental types of resources that Hauler understands and manages. To understand the term better, let's break it down:
In Hauler's terminology, `content` refers to artifacts such as **container images, helm charts, or files.** These are the fundamental types of artifacts for `Hauler`. To understand it a little bit better, let's break it down:

- `Content`: The fundamental type of artifacts that Hauler recognizes (images, charts, and files).
- `Artifact`: Anything that can be represented as an OCI (Open Container Initiative) artifact.
- OCI Artifacts provide a standardized way to store arbitrary files, making it easier to manage content efficiently.
- `Artifact`: Anything that can be represented as an OCI (Open Container Initiative) Compliant Artifact.
- OCI Compliant Artifacts provide a standardized way to store arbitrary files, making it easier to manage content efficiently.

### Declaritive Content

While manually adding content to `Hauler` is a straightforward way to get started, we recommend a much more sustainable approach. `Hauler` provides a declaritive approach for each `content` type, allowing you to define all the `content` within a manifest. This approach ensures a more reproducable workflow for managing the lifecycle of your `hauls`.
While manually adding content to `Hauler` is an easy way to get started, there is a more sustainable approach... `Hauler` provides a declaritive and programmatic approach by allowing operators to define `content` within a configuration file, known as a manifest. This approach ensures a more reproducable workflow for managing the lifecycle of your `hauls`. Check it out [here](guides-references/manifests.md)!
9 changes: 9 additions & 0 deletions docs/feedback.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
title: Feedback
description: Feedback for Hauler
sidebar_label: Feedback
---

Feedback is **critical** to us to continue to improve `Hauler` and accelerate your mission.

For any issues, concerns, or questions, please open an issue: https://github.com/rancherfederal/hauler/issues
71 changes: 4 additions & 67 deletions docs/guides-references/carbide-customers.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,72 +6,9 @@ sidebar_label: RGS Carbide Customers

For all supported customers of Rancher Government Solutions, under the umbrella of Rancher Government Carbide, there is addon functionality within `Hauler`.

`Hauler` has the the ability to reference pre-defined `Hauler` manifests from the Carbide Secured Registry (CSR). `Hauler` is built to allow users to fetch, store, package, and distribute content and collections, but most users may be unsure of what to fetch, store, package, and distribue and that is where our supported customers are able to leverage these pre-defined manifests for all of the Rancher products. Below are some of the available `product` flags.
`Hauler` has the the ability to reference `Collections` from the Carbide Secured Registry (CSR). `Hauler` is built to allow operators to fetch, store, package, and distribute content and collections, but most operators may be unsure of what to fetch, store, package, and distribue and that is where our supported customers are able to leverage these pre-defined manifests for all of the Rancher products. Below are some of the available `product` flags.

RGS Carbide Setup Documentation: https://rancherfederal.github.io/carbide-docs/docs/intro
Please see the **[Carbide Documentation](https://rancherfederal.github.io/carbide-docs/docs/intro)** for easily fetching, packing, and distributing Carbide with the `hauler store sync --products <product>=<product-version>`. Please know that we are actively working to improve this workflow.

RGS Carbide Public Key: https://raw.githubusercontent.com/rancherfederal/carbide-releases/main/carbide-key.pub

### Example Workflow for Carbide

Please see the [Carbide Documentation](https://rancherfederal.github.io/carbide-docs/docs/registry-docs/downloading-images) for easily fetching and packing Carbide. We are actively working to improve this workflow.

### Example Workflow for RKE2

```bash
# with signature verification
hauler store sync --products rke2=v1.26.13+rke2r1 --key carbide-key.pub --platform linux/amd64

# without signature verification
hauler store sync --products rke2=v1.26.13+rke2r1 --platform linux/amd64
```

### Example Workflow for K3S

```bash
# with signature verification
hauler store sync --products k3s=v1.26.13-k3s2 --key carbide-key.pub --platform linux/amd64

# without signature verification
hauler store sync --products k3s=v1.26.13-k3s2 --platform linux/amd64
```

### Example Workflow for Rancher

```bash
# with signature verification
hauler store sync --products rancher=v2.8.2 --key carbide-key.pub --platform linux/amd64

# without signature verification
hauler store sync --products rancher=v2.8.2 --platform linux/amd64
```

### Example Workflow for Cert-Manager

```bash
# with signature verification
hauler store sync --products cert-manager=v1.14.2 --key carbide-key.pub --platform linux/amd64

# without signature verification
hauler store sync --products cert-manager=v1.14.2 --platform linux/amd64
```

### Example Workflow for Longhorn

```bash
# with signature verification
hauler store sync --products longhorn=v1.6.0 --key carbide-key.pub --platform linux/amd64

# without signature verification
hauler store sync --products longhorn=v1.6.0 --platform linux/amd64
```

### Example Workflow for NeuVector

```bash
# with signature verification
hauler store sync --products neuvector=v2.7.3 --key carbide-key.pub --platform linux/amd64

# without signature verification
hauler store sync --products neuvector=v2.7.3 --platform linux/amd64
```
- [Connected Environments](https://rancherfederal.github.io/carbide-docs/docs/registry-docs/copying-images)
- [Disconnected Environments](https://rancherfederal.github.io/carbide-docs/docs/registry-docs/downloading-images)
34 changes: 19 additions & 15 deletions docs/guides-references/cluster-images.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,18 @@ sidebar_label: Fetch Cluster Images

It may be difficult to understand exactly what `content` is actively within your environment. Below is a simple way to generate a list of all images running in your environment, store it as an environment variable, and show the list by echoing the environment variable.

## Fetch Cluster Images

```bash
export IMAGE_LIST=$(kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" |tr -s '[[:space:]]' '\n' |sort |uniq -c | cut -c 9-)
echo "$IMAGE_LIST"
# fetch all images in the cluster, remove duplicates, alphabetize, and put on a newline
export IMAGE_LIST=$(kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" | sed 's/ /\n/g' | sort | uniq)
```

### Example Output
## Example Output

```yaml
```bash
# view the list of images from the cluster
echo $IMAGE_LIST
index.docker.io/rancher/hardened-etcd:v3.5.1-k3s1-build20220112
index.docker.io/rancher/hardened-kubernetes:v1.23.5-rke2r1-build20220316
index.docker.io/rancher/rke2-cloud-provider:v0.0.3-build20211118
Expand All @@ -26,31 +30,31 @@ rancher/klipper-helm:v0.7.0-build20220315
rancher/nginx-ingress-controller:nginx-1.0.2-hardened4
```

### Hauler Manifest using the Images
## Generate Hauler Manifest

```yaml
IMAGE_LIST_MODIFIED=$(cat "$IMAGE_LIST" | sed 's/^/ - name: /')
# sed, stream editor, appends 2 spaces of indentation denotes
# an entry in a list, then adds name: to match expected syntax
```
```bash
# add the required formatting for the image list
export IMAGE_LIST_MODIFIED=$(echo "${IMAGE_LIST} | sed 's/^/ - name: /'")

```yaml title="hauler-manfiest.yaml"
# create the hauler manifest with the updated image list
cat << EOF >> hauler-manifest.yaml
apiVersion: content.hauler.cattle.io/v1alpha1
kind: Images
metadata:
name: hauler-cluster-images-example
name: hauler-cluster-images
spec:
images:
$IMAGE_LIST_MODIFIED
EOF
```

### Resulting Hauler Manifest
## Resulting Hauler Manifest

```yaml title="hauler-manfiest.yaml"
```yaml title="hauler-manifest.yaml"
apiVersion: content.hauler.cattle.io/v1alpha1
kind: Images
metadata:
name: hauler-cluster-images-example
name: hauler-cluster-images
spec:
images:
- name: index.docker.io/rancher/hardened-etcd:v3.5.1-k3s1-build20220112
Expand Down
97 changes: 51 additions & 46 deletions docs/guides-references/command-line/hauler-store.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ sidebar_label: Hauler Store
* Interact with Hauler's embedded content store.

```yaml
Interact with hauler's embedded content store

Usage:
hauler store [flags]
hauler store [command]
Expand All @@ -23,7 +25,7 @@ Available Commands:
info Print out information about the store
load Load a content store from a store archive
save Save a content store to a store archive
serve Expose the content of a local store through an OCI compliant server
serve Expose the content of a local store through an OCI compliant registry or file server
sync Sync content to the embedded content store

Flags:
Expand Down Expand Up @@ -63,6 +65,25 @@ Global Flags:
Use "hauler store add [command] --help" for more information about a command.
```

#### `hauler store add image`:

* Add an image to the content store.

```yaml
Usage:
hauler store add image [flags]

Flags:
-h, --help help for image
-k, --key string (Optional) Path to the key for digital signature verification
-p, --platform string (Optional) Specific platform to save. i.e. linux/amd64. Defaults to all if flag is omitted.

Global Flags:
--cache string Location of where to store cache data (defaults to $XDG_CACHE_DIR/hauler)
-l, --log-level string (default "info")
-s, --store string Location to create store at (default "store")
```

#### `hauler store add chart`:

* Add a local or remote chart to the content store.
Expand Down Expand Up @@ -122,25 +143,6 @@ Global Flags:
-s, --store string Location to create store at (default "store")
```

#### `hauler store add image`:

* Add an image to the content store.

```yaml
Usage:
hauler store add image [flags]

Flags:
-h, --help help for image
-k, --key string (Optional) Path to the key for digital signature verification
-p, --platform string (Optional) Specific platform to save. i.e. linux/amd64. Defaults to all if flag is omitted.

Global Flags:
--cache string Location of where to store cache data (defaults to $XDG_CACHE_DIR/hauler)
-l, --log-level string (default "info")
-s, --store string Location to create store at (default "store")
```

#### `hauler store copy`:

* Copy all store contents to another OCI registry.
Expand All @@ -159,7 +161,7 @@ Flags:
Global Flags:
--cache string Location of where to store cache data (defaults to $XDG_CACHE_DIR/hauler)
-l, --log-level string (default "info")
-s, --store string Location to create store at (default "store")h
-s, --store string Location to create store at (default "store")
```

#### `hauler store extract`:
Expand Down Expand Up @@ -197,7 +199,7 @@ Aliases:
Flags:
-h, --help help for info
-o, --output string Output format (table, json) (default "table")
-t, --type string Filter on type (image, chart, file) (default "all")
-t, --type string Filter on type (image, chart, file, sigs, atts, sbom) (default "all")

Global Flags:
--cache string Location of where to store cache data (defaults to $XDG_CACHE_DIR/hauler)
Expand Down Expand Up @@ -231,7 +233,7 @@ Usage:
hauler store save [flags]

Flags:
-f, --filename string Name of archive (default "pkg.tar.zst")
-f, --filename string Name of archive (default "haul.tar.zst")
-h, --help help for save

Global Flags:
Expand All @@ -240,25 +242,49 @@ Global Flags:
-s, --store string Location to create store at (default "store")
```

#### `hauler store sync`:

* Sync content to the embedded content store.

```yaml
Usage:
hauler store sync [flags]

Flags:
-f, --files strings Path to content files
-h, --help help for sync
-k, --key string (Optional) Path to the key for signature verification
-p, --platform string (Optional) Specific platform to save. i.e. linux/amd64. Defaults to all if flag is omitted.
--products strings Used for RGS Carbide customers to supply a product and version and Hauler will retrieve the images. i.e. '--product rancher=v2.7.6'

Global Flags:
--cache string Location of where to store cache data (defaults to $XDG_CACHE_DIR/hauler)
-l, --log-level string (default "info")
-s, --store string Location to create store at (default "store")
```

#### `hauler store serve`:

* Expose the content of a local store through an OCI compliant server.
* Expose the content of a local store through an OCI compliant registry or file server.

```yaml
Usage:
hauler store serve [flags]
hauler store serve [command]

Available Commands:
fileserver Serve the file server
registry Serve the embedded registry

Flags:
-h, --help help for serve
-h, --help help for serve

Global Flags:
--cache string Location of where to store cache data (defaults to $XDG_CACHE_DIR/hauler)
-l, --log-level string (default "info")
-s, --store string Location to create store at (default "store")

Use "hauler store serve [command] --help" for more information about a command.
```

#### `hauler store serve registry`:
Expand Down Expand Up @@ -299,24 +325,3 @@ Global Flags:
-l, --log-level string (default "info")
-s, --store string Location to create store at (default "store")
```

#### `hauler store sync`:

* Sync content to the embedded content store.

```yaml
Usage:
hauler store sync [flags]

Flags:
-f, --files strings Path to content files
-h, --help help for sync
-k, --key string (Optional) Path to the key for signature verification
-p, --platform string (Optional) Specific platform to save. i.e. linux/amd64. Defaults to all if flag is omitted.
--products strings Used for RGS Carbide customers to supply a product and version and Hauler will retrieve the images. i.e. '--product rancher=v2.7.6'

Global Flags:
--cache string Location of where to store cache data (defaults to $XDG_CACHE_DIR/hauler)
-l, --log-level string (default "info")
-s, --store string Location to create store at (default "store")h
```
3 changes: 1 addition & 2 deletions docs/guides-references/command-line/hauler.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,8 @@ Usage:

Available Commands:
completion Generates completion scripts for various shells
download Download OCI content from a registry and populate it on disk
help Help about any command
serve Run one or more of hauler's embedded servers types
login Log in to a registry
store Interact with hauler's embedded content store
version Print the current version

Expand Down
7 changes: 7 additions & 0 deletions docs/guides-references/hauler-collections/community-collections.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: Hauler Community Collections
description: Hauler Community Collections Documentation
sidebar_label: Community Collections
---

Hauler Community Collections are pending a future release!
Loading

0 comments on commit 372a4f9

Please sign in to comment.