Let's Talk Bundling - Documenting Life

**NOTE: TLDR at the end** A thing people don't really talk about outside of secure environment development is the best way to bundle code, images, ect to build in the air gapped environment. ...ok slight detour. I don't care what you think about people who do this. I make sure I'm not out on the street and honestly I really enjoy working with active and retired service members. It gives my life purpose when I know my work is directly helping people. If that bothers you then send me a check and we can both feel better. Anyway back to secure systems. It's just your normal system without sweet internet access. Because of that you want to make sure that anything you need to build is available. Enter the million dollar question, "How do we make sure everything we need makes it to the system?". It's a question I hate and I've seem multiple ways to solve the problem. I'm going to talk about the 3 main ones I've used and then recommend my favorite with reasons why. I also want to mention here that my pov will mostly be in relation to working with Kubernetes clusters (tis my thing). ## Normal Tar or RPM Ah we start with the tried and true method of moving items. If you are wondering why I didn't say zip it's because we talking Linux baby! I also didn't say deb because everyone loves Daddy Red Hat. lol This form of packaging is tried and true. I can't say anything too bad about it, but it can also get hard to keep it consistent. Version control should help but now you are writing scripts to run scripts to move things around. Hopefully you bundled those scripts too. It's just not as streamlined. If you keep going this route I suggest having a solid checklist before and after your bundle. I've been on a system 3+ hours in just to realize we missed 1 important file. It's not fun at all and who knows how long it will take you to get that 1 thing sent over. Now let's take a look at the next option. ## Git Bundle Honestly I dislike this option. It was an option that wasn't a tar or rpm and sounded good. In practice this hurt my head. Devops is all about good processes (to me). I really hated this process. I felt like I was always unsure of having all the things we needed and I'm not sure if my team felt the same. We didn't really temperature check honestly. This route also ignores any images are anything you might be trying to move as well. At this point I think we should intro my new favorite option. ## Zarf Ah finally all my experience has led me to using this wonderful tool that allows me to grab all types of code repos, images, and scripts into one big beautiful package. At first glance looked like another stupid fancy tool, but then I saw the light. I can tell it to grab all my images and repos and it give me a nice little bundle. You can then tell it "when you unpack run these scripts to put everything in the right place". Now I'm unsure if this tool can take files with it (I think it can), but for that I suggest you have your scripts already on the system. Anyway the easiness of a setup and deploy just blew me. I make sure everything is properly labeled in the file and I can easily setup my cluster. It was crazy really. --- So all this to say if you are in the business of moving over all the things to make your system work and want to cut down on some stress look into zarf. I don't really push for products but this one has been nice to work with. It's almost like when I first discovered automation. I had that feeling of "this is nice...is it real?" and then I of course messed things up and had to redeploy and it was just so easy and consistent. This is in fact real and worth a try. There are 10001 and one ways to move files, images, scripts, rpms, ect, but I encourage you to pick the one that makes your process easiest and consistent. > If you don't want to read the TLDR is that you should use Zarf. It's the most compatible with a Kubernetes/distributed systems. It just bundles things up so cleanly in the tar and it's like a super script when you run `zarf deploy`. Best thing ever introduced to me.