Prepare & Upload Application Package
This guide covers the complete process of preparing and uploading your application package for Armada Edge Platform marketplace certification.
Package Requirements
Required Components
Your application package must include:
package_components:
container_images:
- images_pushed_to_registry: true
- all_architectures_supported: true
- images_properly_tagged: true
kubernetes_manifests:
- deployment_yaml: true
- service_yaml: true
- ingress_yaml: true
- configmap_yaml: true
- secret_yaml: true
- pvc_yaml: true
- rbac_yaml: true
- network_policy_yaml: true
helm_charts:
- chart_yaml: true
- values_yaml: true
- templates_directory: true
- dependencies_resolved: true
documentation:
- readme_md: true
- install_md: true
- configuration_md: true
- troubleshooting_md: true
- api_documentation: true
security_artifacts:
- vulnerability_scan_results: true
- sbom_file: true
- image_signatures: true
Container Images
Image Requirements
Container image specifications:
image_requirements:
base_images:
- ubuntu:22.04
- alpine:3.18
- debian:bullseye-slim
- distroless/static:nonroot
architecture_support:
- linux/amd64: true
- linux/arm64: true
- windows/amd64: false # If applicable
image_standards:
- non_root_user: true
- security_scanned: true
- properly_tagged: true
- size_optimized: true
Image Preparation
Prepare your container images:
# Build multi-architecture images
docker buildx build --platform linux/amd64,linux/arm64 \
-t your-registry/myapp:v1.2.0 \
--push .
# Sign images with Cosign
cosign sign --key cosign.key your-registry/myapp:v1.2.0
# Generate SBOM
trivy image --format cyclonedx your-registry/myapp:v1.2.0 > sbom.json
# Scan for vulnerabilities
trivy image --severity HIGH,CRITICAL your-registry/myapp:v1.2.0
Registry Configuration
Configure container registry access:
registry_configuration:
primary_registry:
registry_url: "registry.example.com"
authentication_required: true
public_registry: false
access_credentials:
username_provided: true
token_provided: true
service_account_provided: false
image_details:
base_repository: "mycompany/myapp"
image_naming_convention: "myapp:v{version}"
supported_architectures: ["linux/amd64", "linux/arm64"]
image_tags:
- tag: "v1.2.0"
description: "Latest stable release"
update_frequency: "every_release"
recommended_for: "production"
Kubernetes Manifests
Required Manifests
Create all required Kubernetes manifests:
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
labels:
app: myapp
spec:
replicas: 3
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: registry.example.com/myapp:v1.2.0
ports:
- containerPort: 8080
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
readinessProbe:
httpGet:
path: /ready
port: 8080
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
selector:
app: myapp
ports:
- port: 80
targetPort: 8080
type: ClusterIP
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myapp-service
port:
number: 80
Configuration Management
Create ConfigMaps and Secrets:
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: myapp-config
data:
APP_ENV: "production"
LOG_LEVEL: "INFO"
DATABASE_URL: "postgresql://db:5432/myapp"
REDIS_URL: "redis://redis:6379"
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: myapp-secrets
type: Opaque
data:
# Base64 encoded values
db-password: <base64-encoded-password>
api-key: <base64-encoded-api-key>
Helm Charts
Chart Structure
Create a complete Helm chart:
# Chart.yaml
apiVersion: v2
name: myapp
description: A Helm chart for MyApp
type: application
version: 0.1.0
appVersion: "1.2.0"
keywords:
- webapp
- api
home: https://github.com/mycompany/myapp
sources:
- https://github.com/mycompany/myapp
maintainers:
- name: Your Name
email: your.email@company.com
dependencies:
- name: postgresql
version: 12.x.x
repository: https://charts.bitnami.com/bitnami
# values.yaml
app:
name: myapp
image:
repository: registry.example.com/myapp
tag: "1.2.0"
pullPolicy: IfNotPresent
replicas: 3
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
database:
enabled: true
type: postgresql
host: postgresql
port: 5432
name: myapp
user: myapp
password: ""
ingress:
enabled: true
className: nginx
hosts:
- host: myapp.example.com
paths:
- path: /
pathType: Prefix
Chart Templates
Create template files:
# templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "myapp.fullname" . }}
labels:
{{- include "myapp.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.app.replicas }}
selector:
matchLabels:
{{- include "myapp.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "myapp.selectorLabels" . | nindent 8 }}
spec:
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag }}"
imagePullPolicy: {{ .Values.app.image.pullPolicy }}
ports:
- containerPort: 8080
resources:
{{- toYaml .Values.app.resources | nindent 12 }}
Documentation Requirements
Required Documentation
Create comprehensive documentation:
# README.md
# MyApp
## Overview
Brief description of your application and its key features.
## Quick Start
```bash
# Install with Helm
helm install myapp ./charts/myapp
# Or with kubectl
kubectl apply -f manifests/
Configuration
Describe configuration options and environment variables.
Troubleshooting
Common issues and their solutions.
```markdown
# INSTALL.md
# Installation Guide
## Prerequisites
- Kubernetes 1.20+
- Helm 3.8+
- Container registry access
## Installation Steps
1. Add Helm repository
2. Update dependencies
3. Install chart
4. Verify deployment
## Configuration
Detailed configuration options.
API Documentation
Provide API documentation:
# OpenAPI/Swagger specification
openapi: 3.0.0
info:
title: MyApp API
version: 1.2.0
description: API documentation for MyApp
paths:
/health:
get:
summary: Health check endpoint
responses:
'200':
description: Application is healthy
/api/v1/data:
get:
summary: Get data
responses:
'200':
description: Data retrieved successfully
Security Artifacts
Vulnerability Scanning
Perform security scanning:
# Scan container images
trivy image --severity HIGH,CRITICAL your-registry/myapp:v1.2.0
# Scan application dependencies
trivy fs --severity HIGH,CRITICAL .
# Generate scan report
trivy image --format json --output scan-report.json your-registry/myapp:v1.2.0
SBOM Generation
Generate Software Bill of Materials:
# Generate SBOM with Trivy
trivy image --format cyclonedx your-registry/myapp:v1.2.0 > sbom.json
# Or with Syft
syft your-registry/myapp:v1.2.0 -o cyclonedx-json > sbom.json
SBOM Content:
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"version": 1,
"metadata": {
"timestamp": "2024-01-15T10:00:00Z",
"tools": [
{
"vendor": "Aqua Security",
"name": "Trivy",
"version": "0.40.0"
}
]
},
"components": [
{
"type": "application",
"name": "myapp",
"version": "1.2.0",
"purl": "pkg:docker/registry.example.com/myapp@1.2.0"
}
]
}
Image Signing
Sign your container images:
# Generate signing keys
cosign generate-key-pair
# Sign image
cosign sign --key cosign.key your-registry/myapp:v1.2.0
# Verify signature
cosign verify --key cosign.pub your-registry/myapp:v1.2.0
Package Assembly
Create Package Structure
Organize your package:
# Create package directory
mkdir myapp-package-v1.2.0
cd myapp-package-v1.2.0
# Create subdirectories
mkdir manifests charts docs security
# Copy files
cp -r ../manifests/* manifests/
cp -r ../charts/* charts/
cp -r ../docs/* docs/
cp ../sbom.json security/
cp ../scan-report.json security/
Package Contents
Final package structure:
myapp-package-v1.2.0/
├── manifests/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ ├── secret.yaml
│ ├── pvc.yaml
│ ├── rbac.yaml
│ └── network-policy.yaml
├── charts/
│ ├── Chart.yaml
│ ├── values.yaml
│ ├── values-production.yaml
│ └── templates/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ ├── secret.yaml
│ ├── pvc.yaml
│ ├── rbac.yaml
│ ├── network-policy.yaml
│ ├── _helpers.tpl
│ └── NOTES.txt
├── docs/
│ ├── README.md
│ ├── INSTALL.md
│ ├── CONFIGURATION.md
│ ├── TROUBLESHOOTING.md
│ └── API.md
├── security/
│ ├── sbom.json
│ ├── scan-report.json
│ └── image-signatures/
└── metadata.yaml
Metadata File
Create package metadata:
# metadata.yaml
app_name: "MyApp"
version: "1.2.0"
publisher_name: "MyCompany Inc."
submission_date: "2024-01-15"
assessment_type: "new_application"
# Container registry information
container_registry:
registry_url: "registry.example.com"
authentication_required: true
images:
- "mycompany/myapp:v1.2.0"
- "mycompany/myapp-frontend:v1.2.0"
- "mycompany/myapp-backend:v1.2.0"
# Resource requirements
resources:
cpu_requests: "500m"
cpu_limits: "1000m"
memory_requests: "512Mi"
memory_limits: "1Gi"
storage_required: "10Gi"
# Compatibility
compatibility:
kubernetes_min_version: "1.20.0"
kubernetes_max_tested: "1.25.4"
container_runtimes: ["containerd", "cri-o"]
# Security
security:
vulnerability_scan_completed: true
sbom_generated: true
images_signed: true
scan_tool: "Trivy"
scan_date: "2024-01-15"
Upload Process
Package Compression
Compress your package:
# Create compressed package
tar -czf myapp-package-v1.2.0.tar.gz myapp-package-v1.2.0/
# Verify package contents
tar -tzf myapp-package-v1.2.0.tar.gz
Upload to Platform
Upload your package:
# Upload to certification portal
curl -X POST \
-H "Authorization: Bearer $API_TOKEN" \
-F "package=@myapp-package-v1.2.0.tar.gz" \
-F "metadata=@metadata.yaml" \
https://certification.armada-systems.com/api/v1/submissions
Upload Verification
Verify upload success:
# Check upload status
curl -H "Authorization: Bearer $API_TOKEN" \
https://certification.armada-systems.com/api/v1/submissions/$SUBMISSION_ID
# Expected response
{
"submission_id": "sub_12345",
"status": "uploaded",
"package_size": "15.2MB",
"upload_date": "2024-01-15T10:30:00Z",
"next_step": "security_scan"
}
Package Validation
Pre-Upload Validation
Validate your package before upload:
# Run validation script
./validate-package.sh myapp-package-v1.2.0/
# Check for required files
./check-requirements.py myapp-package-v1.2.0/
# Validate Helm chart
helm lint charts/myapp/
# Test deployment
helm install test-release charts/myapp --dry-run
Validation Checklist
Complete validation checklist:
validation_checklist:
package_structure:
- [ ] All required directories present
- [ ] All required files included
- [ ] No unnecessary files included
- [ ] File permissions correct
container_images:
- [ ] Images pushed to registry
- [ ] Images properly tagged
- [ ] Images security scanned
- [ ] Images signed
- [ ] SBOM generated
kubernetes_manifests:
- [ ] All manifests valid YAML
- [ ] All manifests apply successfully
- [ ] Resource limits defined
- [ ] Health checks configured
- [ ] Security policies applied
helm_charts:
- [ ] Chart passes helm lint
- [ ] Dependencies resolved
- [ ] Values properly documented
- [ ] Chart installs successfully
documentation:
- [ ] README.md complete
- [ ] Installation guide provided
- [ ] Configuration documented
- [ ] Troubleshooting guide included
- [ ] API documentation provided
Next Steps
After uploading your package:
- Monitor Progress: Track certification progress
- Respond to Issues: Address any findings
- Provide Additional Info: If requested
- Prepare for Testing: Be ready for deployment testing
For upload assistance, contact:
- Technical Support: certification@armada-systems.com
- Upload Issues: upload-support@armada-systems.com