Open in app

Sign in

Write

Sign in

Deploying DOS Games on a Kubernetes Cluster with Zarf

Brandi McCall
Defense Unicorns
Published in
9 min readJun 2, 2023

Prerequisites:

  • A running Kubernetes cluster
  • Basic Kubernetes knowledge
  • kubectl installed
  • Git/GitHub knowledge
  • GitHub account

Objectives:

  • Learn about what Zarf is and how it helps deliver secure software to air gap environments
  • Install Zarf CLI
  • Create a Zarf package from a Zarf DOS games GitHub repository
  • Deploy the Zarf DOS games package
  • Start playing your favorite DOS games

What is Zarf?

Zarf is an open source tool developed by Defense Unicorns with the goal of enabling continuous software delivery in air gap environments. An air gap environment is one that is disconnected from the internet, often for security measures, and is typically used in classified settings. Examples of sectors that use air gap environments include military or government computer network systems, financial computer systems, and industrial control systems. Zarf makes it possible to deploy packages and applications in these air gap environments. Benefits of Zarf include:

  • Free open source tool available for public use
  • Kubernetes distribution agnostic
  • Automates SBOM creation
  • Securely deliver packages to run apps in a disconnected environment
  • Deploy apps declaratively without internet connectivity

The Zarf repo can be found here:

GitHub - defenseunicorns/zarf: DevSecOps for Air Gap & Limited-Connection Systems…

Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a…

github.com

Zarf Flow in Air Gap Environments

Let’s take a moment to talk about using Zarf to support an air gap environment. Some parts of this process will require internet connectivity while others will not. Below is the general flow of Zarf:

Internet Connected Environment:

  • A person defines the zarf.yaml file, which includes all of the software artifacts needed (like images, dependencies, etc.) to deploy a particular application. An example zarf.yaml file can be found here.
  • A package is created from the zarf.yaml file using the zarf package create command. This package is created in the form of a single tarball file. The tarball file is placed on some sort of medium (think a physical storage drive) and is physically carried to the air gap environment.
  • The zarf init package must be downloaded from the internet (if not already on the host machine) and carried across the air gap on a physical medium device (can be the same as the application package medium device).

Air Gap Environment:

  • In the air gap environment, another person (the package installer) accepts the medium device, connects it to the host computer, and runs zarf init . This command installs the ‘init’ package, which is a special Zarf package that initializes a Kubernetes cluster in the air gap environment if one does not already exist.
  • The package installer then installs the application package (the tarball file created earlier) with the zarf package deploy command.
  • The application package is now deployed on the Kubernetes cluster in the air gap environment and is ready for interaction.

Getting Started

To use Zarf, you first need a running Kubernetes cluster. In the case of an air gap environment, the cluster would be deployed with the zarf init command. Because I am writing this in a connected environment, I already have a k3d cluster up and running. Zarf is distro-agnostic, meaning it works with all major distributions of Kubernetes, so it is fine if your cluster is not k3d. If you do not yet have a Kubernetes distribution installed on your local machine, you can choose one of the following popular choices:

k3d

kind

minikube

kubeadmin

Once you confirm that you have a Kubernetes cluster running, move on to the next section.

Install Zarf CLI

Zarf CLI installation instructions can be found here and if you’re working on a Mac with Homebrew installed, you can use the following commands:

brew tap defenseunicorns/tap
brew install zarf

By installing the Zarf CLI, we can now use zarf commands. Once installation is complete, check the version with:

zarf version

In the next few steps we will clone the Zarf gaming repository to demonstrate how to deploy DOS games using Zarf.

Clone the Zarf Repository

Make a directory where you want to clone the Zarf repo and navigate to that directory. Clone the Zarf repo to your local machine:

git clone https://github.com/defenseunicorns/zarf.git

Change into the zarf/examples/dos-games directory.

cd zarf/examples/dos-games

Within the dos-games directory we have several sub-directories that include an image, manifests, and a zarf.yaml file.

The zarf.yaml file contains the components to be deployed. The components define the capabilities that Zarf will provide, and is a required part of the zarf.yaml file. Composing a zarf.yaml file is beyond the scope of this tutorial, but to understand more about what is required, visit the official Package Components documentation.

DOS package zarf.yaml file

Create Zarf Package

The following command creates a package consisting of resources and dependencies defined in the zarf.yaml file and the other files within the same working directory:

zarf package create

A few things to note about this command:

  • It must be run in the same directory as the zarf.yaml file
  • It must be run with internet connectivity

You can later deploy the package without internet connectivity, but internet is required for package creation. After running zarf package create you will be asked a few questions:

  • Create this Zarf package?
  • Specify a maximum file size for this package in Megabytes

Answer Yes for the first question, and for the second, enter “0” to override this feature. If the package exceeds your stated desired size, it will be broken down into multiple files. There are certain situations where a package installer may be limited on disk space, requiring the tarball file to be broken down into multiple package files. For this tutorial, we want a single tarball file, so use “0” to override this question.

If we run ls again, we now see a new file called zarf-package-dos-games-arm64.tar.zst . When we ran zarf package create , it packaged all of the files/directories needed into a single tarball file, which becomes our application package.

If you look closely at the package YAML, you can see it is pulling in the manifest files from the local directory and a Docker image.

Zarf Init

Now that the package is created and for lack of a better word, packaged into a single tarball file, we need to install the Zarf init package, which is different than the application package. zarf init can be run with or without internet connectivity, thus making it usable in air gap situations. The ‘init’ package deploys a Kubernetes k3s cluster if a cluster is not already running and features Gitea and logging options. It creates a namespace within your cluster to house your pods, services, and secrets. The Zarf init package includes the following components:

kind: ZarfInitConfig
metadata:
  name: init
  description: "Used to establish a new Zarf cluster"

components:
  - name: k3s
    import:
      path: packages/distros/k3s

  # This package moves the injector & registries binaries
  - name: zarf-injector
    required: true
    import:
      path: packages/zarf-registry

  # Creates the temporary seed-registry
  - name: zarf-seed-registry
    required: true
    import:
      path: packages/zarf-registry

  # Creates the permanent registry
  - name: zarf-registry
    required: true
    import:
      path: packages/zarf-registry

  # Creates the pod+git mutating webhook
  - name: zarf-agent
    required: true
    import:
      path: packages/zarf-agent

  # (Optional) Adds logging to the cluster
  - name: logging
    import:
      path: packages/logging-pgl

  # (Optional) Adds a git server to the cluster
  - name: git-server
    import:
      path: packages/gitea

The zarf agent is a component installed by zarf init that is responsible for changing the request for resources in-flight during a zarf package deploy to point to local in-cluster resources instead of resources that reside on the internet (this is a key component of using Zarf in an air gap).

To install the Zarf init package, use the following command:

zarf init

The output will give you the option to review SBOMs:

It will then ask you a series of questions:

  • Deploy this Zarf package? Yes
  • Deploy the logging component? Optional
  • Deploy the git-server component? Yes

Once zarf init is complete, the CLI will output application Username and Password information, as well as the commands to connect to those applications. Save the Username and Passwords in a safe place.

Zarf Package Deploy

After installing the Zarf init package, we are now ready to install the DOS gaming (application) package we created earlier onto our local Kubernetes cluster. This command can be used in air gap environments without internet connectivity. Use the following command:

zarf package deploy

Choose the package file with the tab button. Alternatively, you could type in zarf package deploy zarf-package-dos-games-arm64.tar.zst .

Review SBOMs if needed by pasting the given link in your browser:

You will again be asked:

  • Deploy this Zarf package? Yes

Once deployment is complete, you should see something like this:

The Zarf CLI outputs commands to connect to the DOS games. To see all available games, use:

zarf connect games

This command uses a port-forward to open a tunnel from your local machine to the Gitea server in the cluster. The DOS games landing page will automatically open in your default web browser. You should see something like this:

If you click on a particular game you can start playing!

When you are finished mastering the world of platform gaming, navigate back to your terminal and use ctrl + C to close the tunnel.

Conclusion and Clean Up

In this tutorial we used the open source tool Zarf to deploy a package of DOS games on a local Kubernetes cluster. We discussed how Zarf can be used to package internet applications and their dependencies, and then deploy them in air gap environments. This tool helps facilitate continuous software delivery in the most challenging conditions.

To clean up what we just created, use the following command:

zarf destroy --confirm --remove-components

Confirm your packages and components were deleted with:

zarf package list

For more information on Zarf and its uses, check out the Resources below. As always, thank you so much for following along, and continue watching for more DevOps tutorials!

Resources

Click here to learn more about Zarf and view the Zarf documentation.

For a full list and explanation of Zarf commands, add help to any Zarf command, or visit here and select “CLI Commands” on the left side menu.

For more Zarf tutorials, visit here.

--

--

Brandi McCall
Defense Unicorns

Written by Brandi McCall

1K Followers
Editor for

DevOps Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams