A curated set of Carvel packages to build an engineering platform supporting application developers with paved paths to production on Kubernetes.
-
Kubernetes 1.25+
-
Carvel
kctrlCLI. -
Carvel kapp-controller deployed in your Kubernetes cluster. You can install it with Carvel
kapp(recommended choice) orkubectl.kapp deploy -a kapp-controller -y \ -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml
Add the Kadras package repository to your Kubernetes cluster:
kctrl package repository add -r kadras-packages \
--url ghcr.io/kadras-io/kadras-packages \
-n kadras-packages --create-namespaceInstallation without package repository
The recommended way of installing the Engineering Platform package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly usingkapp or kubectl.
kubectl create namespace kadras-packages
kapp deploy -a engineering-platform-package -n kadras-packages -y \
-f https://github.com/kadras-io/engineering-platform/releases/latest/download/metadata.yml \
-f https://github.com/kadras-io/engineering-platform/releases/latest/download/package.ymlInstall the Engineering Platform package:
kctrl package install -i engineering-platform \
-p engineering-platform.packages.kadras.io \
-v ${VERSION} \
-n kadras-packagesNote You can find the
${VERSION}value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.kctrl package available list -p engineering-platform.packages.kadras.io -n kadras-packages
Verify the installed packages and their status:
kctrl package installed list -n kadras-packagesDocumentation, tutorials and examples for this package are available in the docs folder.
The Engineering Platform package can be customized via a values.yml file.
platform:
platform:
profile: serving
ingress:
domain: thomasvitale.comReference the values.yml file from the kctrl command when installing or upgrading the package.
kctrl package install -i engineering-platform \
-p engineering-platform.packages.kadras.io \
-v ${VERSION} \
-n kadras-packages \
--values-file values.ymlThe Engineering Platform package has the following configurable properties.
Configurable properties
| Config | Default | Description |
|---|---|---|
platform.profile |
full |
The platform profile to install. Options: full, serving. |
platform.supply_chain |
basic |
The type of supply chain to deploy. Options: basic, advanced. |
platform.namespace |
kadras-packages |
The namespace where to install the platform. |
platform.excluded_packages |
[] |
A list of packages to exclude from being installed. |
platform.ca_cert_data |
"" |
PEM-encoded certificate data to trust TLS connections with a custom CA. |
platform.infrastructure_provider |
"" |
The underlying infrastructure provider. Options are local and vsphere. This field is not required, but it enables better validation and defaulting if provided. |
platform.ingress.domain |
"" |
The base domain name the platform will use to configure the Ingress controller. It must be a valid DNS name. |
platform.ingress.issuer.type |
private |
The type of ClusterIssuer the platform will use to enable TLS communications. Options: private, letsencrypt_staging, letsencrypt, custom. |
platform.ingress.issuer.name |
"" |
A reference to a custom ClusterIssuer previously created on the cluster where the platform will be installed. Required when the type is custom. |
platform.ingress.issuer.email |
"" |
The email address that Let's Encrypt will use to send info on expiring certificates or other issues. Required when the type is letsencrypt_staging or letsencrypt. |
platform.oci_registry.server |
"" |
The server of the OCI Registry where the platform will publish OCI images. Example: "ghcr.io". |
platform.oci_registry.repository |
"" |
The repository in the OCI Registry where the platform will publish OCI images. Example: "my-org". |
platform.oci_registry.secret.name |
"" |
The name of the Secret holding the credentials to access the OCI registry. The credentials should provide read-only access to the OCI registry except when installing the platform with one of these profiles: full, dev, build. |
platform.oci_registry.secret.namespace |
kadras-packages |
The namespace of the Secret holding the credentials to access the OCI registry. |
platform.cosign.secret.name |
"" |
The name of the Secret holding the Cosign key pair. |
platform.cosign.secret.namespace |
kadras-packages |
The namespace of the Secret holding the Cosign key pair. |
platform.git.server |
https://github.com |
The server hosting the Git repositories used by the plaform. |
platform.git.secret.name |
"" |
The name of the Secret holding the credentials to access the Git server. The credentials should provide read-only access to the Git server except when installing the platform with one of these profiles: full, build. |
platform.git.secret.namespace |
kadras-packages |
The namespace of the Secret holding the credentials to access the Git server. |
Each Kadras package included in the platform can be configured independently.
| Config | Default | Description |
|---|---|---|
buildpacks.catalog |
{} |
Configuration for the Buildpacks Catalog package. |
buildpacks.kpack |
{} |
Configuration for the Kpack package. |
cartographer.core |
{} |
Configuration for the Cartographer Core package including Cartographer and Cartographer Conventions. |
cartographer.blueprints |
{} |
Configuration for the Cartographer Blueprints package. |
cartographer.delivery |
{} |
Configuration for the Cartographer Delivery package. |
cartographer.supply_chains |
{} |
Configuration for the Cartographer Supply Chains package. |
cert_manager.core |
{} |
Configuration for the Cert Manager package. |
cert_manager.issuers |
{} |
Configuration for the Cert Manager Issuers package. |
contour |
{} |
Configuration for the Contour package. |
conventions.spring_boot |
{} |
Configuration for the Spring Boot Conventions package. |
flux |
{} |
Configuration for the Flux package. |
knative.serving |
{} |
Configuration for the Knative Serving package. |
kyverno.core |
{} |
Configuration for the Kyverno package. |
metrics_server |
{} |
Configuration for the Metrics Server package. |
secretgen_controller |
{} |
Configuration for the Secretgen Controller package. |
tekton.catalog |
{} |
Configuration for the Tekton Catalog package. |
tekton.pipelines |
{} |
Configuration for the Tekton Pipelines package. |
workspace_provisioner |
{} |
Configuration for the Workspace Provisioner package. |
The security process for reporting vulnerabilities is described in SECURITY.md.
This project is licensed under the Apache License 2.0. See LICENSE for more information.
This package is inspired by the App Toolkit package used in Tanzu Community Edition before its retirement and the open-source example of Tanzu Application Platform by Scott Rosenberg.