/supply-chains

A Carvel package providing supply chains to build golden paths to production for applications and functions, from source code to deployment in a Kubernetes cluster.

Primary LanguageMakefileApache License 2.0Apache-2.0

Supply Chains

Test Workflow Release Workflow The SLSA Level 3 badge The Apache 2.0 license badge Follow us on Twitter

A Carvel package configuring a set of reusable supply chains, templates and pipelines to provide Kubernetes-native paved paths to production using Crossplane.

It handles several activities like source code watching, testing, building, scanning, configuring, delivering, and deploying.

🚀  Getting Started

Prerequisites

  • Kubernetes 1.29+

  • Carvel kctrl CLI.

  • Carvel kapp-controller deployed in your Kubernetes cluster. You can install it with Carvel kapp (recommended choice) or kubectl.

    kapp deploy -a kapp-controller -y \
  -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml

Dependencies

Supply Chains requires the Crossplane package. You can install it from the Kadras package repository.

Installation

Add the Kadras package repository to your Kubernetes cluster:

kctrl package repository add -r kadras-packages \
  --url ghcr.io/kadras-io/kadras-packages \
  -n kadras-packages --create-namespace
Installation without package repository The recommended way of installing the Supply Chains package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly using kapp or kubectl. 
kubectl create namespace kadras-packages
kapp deploy -a supply-chains-package -n kadras-packages -y \
  -f https://github.com/kadras-io/supply-chains/releases/latest/download/metadata.yml \
  -f https://github.com/kadras-io/supply-chains/releases/latest/download/package.yml

Install the Supply Chains package:

kctrl package install -i supply-chains \
  -p supply-chains.packages.kadras.io \
  -v ${VERSION} \
  -n kadras-packages

Note You can find the ${VERSION} value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.

kctrl package available list -p supply-chains.packages.kadras.io -n kadras-packages

Verify the installed packages and their status:

kctrl package installed list -n kadras-packages

📙  Documentation

Documentation, tutorials and examples for this package are available in the docs folder. For documentation specific to Crossplane, check out crossplane.io.

🎯  Configuration

The Supply Chains package can be customized via a values.yml file.

service_account: secure-supply-chain

Reference the values.yml file from the kctrl command when installing or upgrading the package.

kctrl package install -i supply-chains \
  -p supply-chains.packages.kadras.io \
  -v ${VERSION} \
  -n kadras-packages \
  --values-file values.yml

Values

The Supply Chains package has the following configurable properties.

Configurable properties
Config Default Description
service_account supply-chain The default ServiceAccount used by the supply chain.

🛡️  Security

The security process for reporting vulnerabilities is described in SECURITY.md.

🖊️  License

This project is licensed under the Apache License 2.0. See LICENSE for more information.