feat: adds instructions

Author: UncleGedd

.github/workflows/build-test.yaml

@@ -0,0 +1,35 @@
+# Copyright 2025 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: Test UDS RKE2 Demo
+
+on:
+  pull_request:
+    paths-ignore:
+      - "**.md"
+      - "docs/**"
+      - "CODEOWNERS"
+  workflow_dispatch
+  workflow_call:
+
+jobs:
+  test-clean-install:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Install UDS CLI
+        uses: defenseunicorns/setup-uds@ab842abcad1f7a3305c2538e3dd1950d0daacfa5 # v1.0.1
+        with:
+          # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+          version: v0.27.11
+
+      - name: Create and deploy the uds-rke2-demo bundle
+        run: uds run --no-progress
+
+      - name: Validate uds-rke2-demo bundle
+        run: uds run validate --no-progress
+
+      - name: Debug Output
+        if: ${{ always() }}
+        uses: ./.github/actions/debug-output

.gitignore

@@ -0,0 +1,9 @@
+.cache/
+.idea/
+build/
+.DS_Store
+*.tar.zst
+zarf-sbom
+tmp/
+zarf-config.yaml
+*.tar

LICENSE

@@ -1,2 +1,72 @@
 # uds-rke2-demo
-Configuration to deploy UDS on VM-based RKE2 clusters
+
+This repo provides configuration and automation for deploying UDS Core on RKE2 with an emphasis on on-prem installations. The code in this repo is meant to accompany the official UDS docs.
+
+
+## Quickstart (using Lima)
+
+This quickstart is for users who want to deploy UDS RKE2 on a local Ubuntu VM using Lima.
+
+### Host System requirements
+
+The following requirements assume you will be running a VM locally using Lima
+
+- 32GB RAM
+- 14 CPU cores
+
+
+### Prerequisites
+
+- [Lima](https://lima-vm.io/docs/installation/)
+- [UDS CLI](https://github.com/defenseunicorns/uds-cli/tree/main?tab=readme-ov-file#install)
+
+
+The following command creates a Lima Ubuntu VM with an RKE2 cluster, and installs UDS Core:
+
+```
+uds run
+```
+
+
+## Quickstart (RKE2 already running)
+
+This quickstart assumes an RKE2 cluster is running and is accessible via the CLI.
+
+### System Requirements
+
+The following are recommended compute requirements for the system that the RKE2 instance is running on:
+
+- 20GB RAM
+- 10 CPU cores
+
+### Prerequisites
+
+- [UDS CLI](https://github.com/defenseunicorns/uds-cli/tree/main?tab=readme-ov-file#install)
+
+Assuming you are connected to the RKE2 cluster, the following command will install UDS Core and and its prerequisites
+
+```
+uds run install
+```
+
+## Accessing UDS Core apps
+
+After installing UDS Core and the post-installation configs, find the IP of the installed ingresses with:
+```
+kubectl get ingress istio-admin-https -n istio-admin-gateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
+```
+
+> [!NOTE]  
+> It takes a moment for the NGINX controller to assign an IP to the ingress resources, so the IP may not show up right away.
+
+After getting the IP, use `/etc/hosts` to enable resolution of UDS Core app hostnames, for example:
+```
+# /etc/hosts
+
+...
+
+192.168.64.3 keycloak.admin.uds.dev grafana.admin.uds.dev sso.uds.dev neuvector.admin.uds.dev
+
+```
+
+UDS Core apps should now be accessible via the host machine's web browser.

README.md

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/.helmignore

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: uds-dev-stack
+description: UDS dev stack chart
+type: application
+version: 0.15.2

chart/Chart.yaml

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "uds-dev-stack.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "uds-dev-stack.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "uds-dev-stack.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "uds-dev-stack.labels" -}}
+helm.sh/chart: {{ include "uds-dev-stack.chart" . }}
+{{ include "uds-dev-stack.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "uds-dev-stack.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "uds-dev-stack.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "uds-dev-stack.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "uds-dev-stack.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

chart/templates/_helpers.tpl

@@ -0,0 +1,11 @@
+# Copyright 2025 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-custom
+  namespace: kube-system
+data:
+  uds.override: |
+{{ .Values.coreDnsOverrides | indent 4 }}

chart/templates/core-dns-custom.yaml

@@ -0,0 +1,127 @@
+# Copyright 2025 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: local-path-provisioner-service-account
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: local-path-provisioner-role
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "nodes", "persistentvolumeclaims", "configmaps" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "endpoints", "persistentvolumes", "pods" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "create", "patch" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "storageclasses" ]
+    verbs: [ "get", "list", "watch" ]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: local-path-provisioner-bind
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: local-path-provisioner-role
+subjects:
+  - kind: ServiceAccount
+    name: local-path-provisioner-service-account
+    namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: local-path-provisioner
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: local-path-provisioner
+  template:
+    metadata:
+      labels:
+        app: local-path-provisioner
+    spec:
+      serviceAccountName: local-path-provisioner-service-account
+      containers:
+        - name: local-path-provisioner
+          image: {{.Values.images.localPathProvisioner.repository}}:{{.Values.images.localPathProvisioner.tag}}
+          imagePullPolicy: IfNotPresent
+          command:
+            - local-path-provisioner
+            - --debug
+            - start
+            - --config
+            - /etc/config/config.json
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/config/
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+      volumes:
+        - name: config-volume
+          configMap:
+            name: local-path-config
+
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: local-path
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+provisioner: rancher.io/local-path
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Delete
+allowVolumeExpansion: true
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: local-path-config
+  namespace: {{ .Release.Namespace }}
+data:
+  config.json: |-
+    {
+            "sharedFileSystemPath": "/opt/local-path-provisioner-rwx"
+    }
+  setup: |-
+    #!/bin/sh
+    set -eu
+    mkdir -m 0777 -p "$VOL_DIR"
+  teardown: |-
+    #!/bin/sh
+    set -eu
+    rm -rf "$VOL_DIR"
+  helperPod.yaml: |-
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      name: helper-pod
+    spec:
+      containers:
+      - name: helper-pod
+        image: {{.Values.images.busybox.repository}}:{{.Values.images.busybox.tag}}
+        imagePullPolicy: IfNotPresent
+        # This runs as root to have permissions on the host filesystem
+        securityContext:
+          runAsUser: 0
+          runAsGroup: 0

chart/templates/localpath-rwx.yaml

@@ -0,0 +1,16 @@
+# Copyright 2025 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: dev
+  namespace: {{ .Release.Namespace }}
+spec:
+  addresses:
+    - "###ZARF_VAR_BASE_IP###.200-###ZARF_VAR_BASE_IP###.215"
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: empty