Support for Zarf in a Connected Environment

[UncleGedd]

Is your feature request related to a problem? Please describe.
I'd like to use Zarf for declarative deployments, but I'm not deploying in an airgapped environment. In other words, I don't need the Gitea server, container registry or mutating webhook.

Describe the solution you'd like
I'd like to be able to create a Zarf package that doesn't depend on the Gitea server, container registry or Zarf agent. In other words, I want to use Zarf without its mutating webhook.

Describe alternatives you've considered

• I know I can add the zarf-agent=ignore label to namespaces, but I'd like to not deploy the agent at all
• Technically, I could just use the Gitea server and container registry, but the resulting package is >10GB and it was error-prone during creation (I had issues related to caching); this is not tenable for my non-platform dev audience to use.

Additional context
Why I want to use Zarf even though I'm not in an airgapped environment:

• Instead of having app teams fork my IaC/CaC, I want an immutable artifact that can be deployed that abstracts away some of the complexity around K8s, Flux, etc.
• This artifact needs to be immutable so I can ensure app teams don't change the IaC/CaC and inadvertently violate security controls
• I want non-platform devs to be able to easily perform cluster upgrades

[jeff-mccoy]

Some questions as this is a pretty fundamental shift for zarf that I'm not sure will be super easy and will break full portability/some planned enforcement things:

• Was this a big bang deployment? What was the total binary size?
• Can you clarify you had issues creating packages, but not deploying, or both?
• What were the cache issues? When I've seen these they were often a one-off and not a continual issue once the offending entry was resolved.
• How are you distributing your package? Via OCI, file transfer or just giving users a repo and having them create the package?
• To clarify the issue isn't the webhook or other init package assets as much as a very large package having trouble being built, correct?
• If these components were removed would you still deploy everything through zarf?

Technically you can do this now, though we consider it somewhat of an anti-pattern today. Some methods (all these assume you don't specify images or repos in later zarf packages):

• use a custom init package without the extra stuff
• remove or disable the agent in a secondary package (to avoid creating your own init)
• the webhook ignore label works on namespaces too, so you can create a namespace label for the namespaces you don't want zarf to care about

[UncleGedd]

• Was this a big bang deployment? What was the total binary size?
  • it's Big Bang + some 3rd party apps on EKS; I don't recall the total binary size
• Can you clarify you had issues creating packages, but not deploying, or both?
  • I had issues with SBOM generation during package creation, but this was resolved by clearing the Zarf cache. Understood the SBOM generation is not mandatory
• What were the cache issues? When I've seen these they were often a one-off and not a continual issue once the offending entry was resolved.
  • Not sure exactly, but clearing the cache fixed the issue
• How are you distributing your package? Via OCI, file transfer or just giving users a repo and having them create the package?
  • Haven't nailed this down, but I'd like to attach the package to Github Releases
• To clarify the issue isn't the webhook or other init package assets as much as a very large package having trouble being built, correct?
  • Negative. My org simply doesn't want to use the container registry or Gitea server because we are already connected to external ones
• If these components were removed would you still deploy everything through zarf?
  • I want to use Zarf to create a declarative upgrade process

[jeff-mccoy]

@UncleGedd and I have met and discussed this issue now and have a lightweight way ahead in PR #1105 that I do not believe breaks the core design of Zarf, but allows a lighter transition into Zarf's declarative style.