zarf-dev · AustinAbro321 · Jul 11, 2025 · Jul 13, 2025 · Jul 14, 2025 · Jul 17, 2025
@@ -78,8 +78,8 @@ jobs:
         if: always()
         uses: ./.github/actions/save-logs
 
-      - name: Send trigger to Slack on workflow failure
-        if: failure()
-        uses: ./.github/actions/slack
-        with:
-          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+      # - name: Send trigger to Slack on workflow failure
+      #   if: failure()
+      #   uses: ./.github/actions/slack
+      #   with:
+      #     slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -36,3 +36,12 @@ managedNodeGroups:
     PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###"
   iam:
     instanceRolePermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###"
+- instanceType: "t4g.small"
+  name: ###ZARF_VAR_EKS_CLUSTER_NAME###-arm64-ng
+  minSize: 3
+  maxSize: 6
+  spot: true
+  tags:
+    PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###"
+  iam:
+    instanceRolePermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###"
@@ -8,6 +8,9 @@ persistence:
 
 replicaCount: ###ZARF_VAR_GIT_SERVER_REPLICA_COUNT###
 
+nodeSelector:
+  kubernetes.io/arch: "###ZARF_PKG_ARCHITECTURE###"
+
 gitea:
   admin:
     username: "###ZARF_GIT_PUSH###"

@@ -17,6 +17,8 @@ spec:
         # Don't mutate this pod, that would be sad times
         zarf.dev/agent: ignore
     spec:
+      nodeSelector:
+        kubernetes.io/arch: "###ZARF_PKG_ARCHITECTURE###"
       imagePullSecrets:
         - name: private-registry
       priorityClassName: system-node-critical

@@ -26,6 +26,10 @@ spec:
       annotations:
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
     spec:
+{{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .  | indent 8 }}
+{{- end }}
       serviceAccountName: {{ include "docker-registry.serviceAccountName" . }}
       {{- if .Values.imagePullSecrets }}
       imagePullSecrets:

@@ -87,3 +87,5 @@ serviceAccount:
   create: false
   name: ""
   annotations: {}
+
+nodeSelector: {}
@@ -62,3 +62,6 @@ serviceAccount:
   name: "###ZARF_VAR_REGISTRY_SERVICE_ACCOUNT_NAME###"
   annotations:
     ###ZARF_VAR_REGISTRY_SERVICE_ACCOUNT_ANNOTATIONS###
+
+nodeSelector:
+  kubernetes.io/arch: "###ZARF_PKG_ARCHITECTURE###"
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/zarf-dev/zarf/src/pkg/state"
+	"github.com/zarf-dev/zarf/src/pkg/variables"
 
 	"helm.sh/helm/v3/pkg/action"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -87,6 +88,8 @@ func UpdateZarfAgentValues(ctx context.Context, opts InstallUpgradeOptions) erro
 		return err
 	}
 
+	arch := deployment.Spec.Template.Spec.NodeSelector["kubernetes.io/arch"]
+
 	// List the releases to find the current agent release name.
 	listClient := action.NewList(actionConfig)
 	releases, err := listClient.Run()
@@ -115,6 +118,11 @@ func UpdateZarfAgentValues(ctx context.Context, opts InstallUpgradeOptions) erro
 			if err != nil {
 				return fmt.Errorf("error setting up the templates: %w", err)
 			}
+			if arch != "" {
+				applicationTemplates["###ZARF_PKG_ARCHITECTURE###"] = &variables.TextTemplate{
+					Value: arch,
+				}
+			}
 			opts.VariableConfig.SetApplicationTemplates(applicationTemplates)
 
 			err = UpdateReleaseValues(ctx, chart, map[string]interface{}{}, opts)

@@ -40,16 +40,18 @@ func TestGetSanitizedTemplateMap(t *testing.T) {
 		{
 			name: "Sensitive and non-sensitive entries",
 			input: map[string]*variables.TextTemplate{
-				"###ZARF_GIT_AUTH_PULL###": {Sensitive: true, Value: "secret1"},
-				"###ZARF_GIT_AUTH_PUSH###": {Sensitive: true, Value: "secret2"},
-				"###ZARF_GIT_PUSH###":      {Sensitive: false, Value: "zarf-git-user"},
-				"###ZARF_GIT_PULL###":      {Sensitive: false, Value: "zarf-git-read-user"},
+				"###ZARF_GIT_AUTH_PULL###":    {Sensitive: true, Value: "secret1"},
+				"###ZARF_GIT_AUTH_PUSH###":    {Sensitive: true, Value: "secret2"},
+				"###ZARF_GIT_PUSH###":         {Sensitive: false, Value: "zarf-git-user"},
+				"###ZARF_GIT_PULL###":         {Sensitive: false, Value: "zarf-git-read-user"},
+				"###ZARF_PKG_ARCHITECTURE###": {Sensitive: false, Value: "amd64"},
 			},
 			expected: map[string]string{
-				"###ZARF_GIT_AUTH_PULL###": "**sanitized**",
-				"###ZARF_GIT_AUTH_PUSH###": "**sanitized**",
-				"###ZARF_GIT_PULL###":      "zarf-git-read-user",
-				"###ZARF_GIT_PUSH###":      "zarf-git-user",
+				"###ZARF_GIT_AUTH_PULL###":    "**sanitized**",
+				"###ZARF_GIT_AUTH_PUSH###":    "**sanitized**",
+				"###ZARF_GIT_PULL###":         "zarf-git-read-user",
+				"###ZARF_GIT_PUSH###":         "zarf-git-user",
+				"###ZARF_PKG_ARCHITECTURE###": "amd64",
 			},
 		},
 		{

@@ -35,7 +35,7 @@ import (
 )
 
 // StartInjection initializes a Zarf injection into the cluster.
-func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, injectorSeedSrcs []string) error {
+func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, architecture string, injectorSeedSrcs []string) error {
 	l := logger.From(ctx)
 	start := time.Now()
 	// Stop any previous running injection before starting.
@@ -93,7 +93,7 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string,
 	// TODO: Remove use of passing data through global variables.
 	config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort)
 
-	pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq)
+	pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq, architecture)
 	_, err = c.Clientset.CoreV1().Pods(*pod.Namespace).Apply(ctx, pod, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName})
 	if err != nil {
 		return fmt.Errorf("error creating pod in cluster: %w", err)
@@ -308,7 +308,7 @@ func hasBlockingTaints(taints []corev1.Taint) bool {
 	return false
 }
 
-func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum string, resReq *v1ac.ResourceRequirementsApplyConfiguration) *v1ac.PodApplyConfiguration {
+func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum string, resReq *v1ac.ResourceRequirementsApplyConfiguration, architecture string) *v1ac.PodApplyConfiguration {
 	executeMode := int32(0777)
 	userID := int64(1000)
 	groupID := int64(2000)
@@ -367,6 +367,9 @@ func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum s
 								WithType(corev1.SeccompProfileTypeRuntimeDefault),
 						),
 				).
+				WithNodeSelector(map[string]string{
+					"kubernetes.io/arch": architecture,
+				}).
 				WithContainers(
 					v1ac.Container().
 						WithName("injector").

@@ -107,7 +107,7 @@ func TestInjector(t *testing.T) {
 		_, err = layout.Write(filepath.Join(tmpDir, "seed-images"), idx)
 		require.NoError(t, err)
 
-		err = c.StartInjection(ctx, tmpDir, t.TempDir(), nil)
+		err = c.StartInjection(ctx, tmpDir, t.TempDir(), "amd64", nil)
 		require.NoError(t, err)
 
 		podList, err := cs.CoreV1().Pods(state.ZarfNamespaceName).List(ctx, metav1.ListOptions{})
@@ -163,7 +163,7 @@ func TestBuildInjectionPod(t *testing.T) {
 				corev1.ResourceCPU:    resource.MustParse("1"),
 				corev1.ResourceMemory: resource.MustParse("256Mi"),
 			})
-	pod := buildInjectionPod("injection-node", "docker.io/library/ubuntu:latest", []string{"foo", "bar"}, "shasum", resReq)
+	pod := buildInjectionPod("injection-node", "docker.io/library/ubuntu:latest", []string{"foo", "bar"}, "shasum", resReq, "amd64")
 	require.Equal(t, "injector", *pod.Name)
 	b, err := json.MarshalIndent(pod, "", "  ")
 	require.NoError(t, err)

@@ -98,6 +98,9 @@
       }
     ],
     "restartPolicy": "Never",
+    "nodeSelector": {
+      "kubernetes.io/arch": "amd64"
+    },
     "nodeName": "injection-node",
     "securityContext": {
       "runAsUser": 1000,

@@ -83,7 +83,7 @@ type DeployResult struct {
 // Deploy takes a reference to a `layout.PackageLayout` and deploys the package. If successful, returns a list of components that were successfully deployed and the associated variable config.
 func Deploy(ctx context.Context, pkgLayout *layout.PackageLayout, opts DeployOptions) (DeployResult, error) {
 	l := logger.From(ctx)
-	l.Info("starting deploy", "package", pkgLayout.Pkg.Metadata.Name)
+	l.Info("starting deploy", "package", pkgLayout.Pkg.Metadata.Name, "architecture", pkgLayout.Pkg.Metadata.Architecture)
 	start := time.Now()
 	if opts.NamespaceOverride != "" {
 		if err := OverridePackageNamespace(pkgLayout.Pkg, opts.NamespaceOverride); err != nil {
@@ -289,7 +289,7 @@ func (d *deployer) deployInitComponent(ctx context.Context, pkgLayout *layout.Pa
 
 	// Before deploying the seed registry, start the injector
 	if isSeedRegistry {
-		err := d.c.StartInjection(ctx, pkgLayout.DirPath(), pkgLayout.GetImageDirPath(), component.Images)
+		err := d.c.StartInjection(ctx, pkgLayout.DirPath(), pkgLayout.GetImageDirPath(), pkgLayout.Pkg.Metadata.Architecture, component.Images)
 		if err != nil {
 			return nil, err
 		}
@@ -351,6 +351,13 @@ func (d *deployer) deployComponent(ctx context.Context, pkgLayout *layout.Packag
 	}
 
 	applicationTemplates, err := template.GetZarfTemplates(ctx, component.Name, d.s)
+
+	// This variable needs to be set from the package metadata architecture
+	// This might be able to be expanded to include all the .metadata settings
+	applicationTemplates["###ZARF_PKG_ARCHITECTURE###"] = &variables.TextTemplate{
+		Value: pkgLayout.Pkg.Metadata.Architecture,
+	}
+
 	if err != nil {
 		return nil, err
 	}
@@ -626,6 +633,7 @@ func setupState(ctx context.Context, c *cluster.Cluster, pkg v1alpha1.ZarfPackag
 	if s == nil {
 		return nil, errors.New("cluster state should not be nil")
 	}
+	s.Architecture = pkg.Metadata.Architecture
 	if pkg.Metadata.YOLO && s.Distro != "YOLO" {
 		l.Warn("This package is in YOLO mode, but the cluster was already initialized with 'zarf init'. " +
 			"This may cause issues if the package does not exclude any charts or manifests from the Zarf Agent using " +

@@ -64,6 +64,10 @@ func testHelmChartsExample(t *testing.T) {
 	defer e2e.CleanFiles(t, fmt.Sprintf("zarf-package-helm-charts-local-tgz-%s-0.0.1.tar.zst", e2e.Arch))
 
 	// Create a package that needs dependencies
+	stdOut, stdErr, err = e2e.Zarf(t, "tools", "helm", "repo", "add", "gitlab", "https://charts.gitlab.io/")
+	require.NoError(t, err, stdOut, stdErr)
+	stdOut, stdErr, err = e2e.Zarf(t, "tools", "helm", "repo", "update", "gitlab")
+	require.NoError(t, err, stdOut, stdErr)
 	chartDepsPath := filepath.Join("src", "test", "packages", "25-chart-deps")
 	stdOut, stdErr, err = e2e.Zarf(t, "package", "create", chartDepsPath, "--tmpdir", tmpdir, "--confirm")
 	require.NoError(t, err, stdOut, stdErr)