{"id":38094455,"url":"https://github.com/Microsoft/fabrikate","last_synced_at":"2026-01-24T10:00:52.740Z","repository":{"id":56161612,"uuid":"161809588","full_name":"microsoft/fabrikate","owner":"microsoft","description":"Making GitOps with Kubernetes easier one component at a time","archived":true,"fork":false,"pushed_at":"2021-01-15T01:43:56.000Z","size":782,"stargazers_count":39,"open_issues_count":39,"forks_count":4,"subscribers_count":4,"default_branch":"develop","last_synced_at":"2026-01-21T18:52:34.594Z","etag":null,"topics":["cluster","flux","gitops","kubernetes-cluster"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/microsoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-14T16:07:54.000Z","updated_at":"2025-11-25T19:23:20.000Z","dependencies_parsed_at":"2022-08-15T13:50:44.048Z","dependency_job_id":null,"html_url":"https://github.com/microsoft/fabrikate","commit_stats":null,"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/microsoft/fabrikate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Ffabrikate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Ffabrikate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Ffabrikate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Ffabrikate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/microsoft","download_url":"https://codeload.github.com/microsoft/fabrikate/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Ffabrikate/sbom","scorecard":{"id":643326,"data":{"date":"2025-08-11","repo":{"name":"github.com/microsoft/fabrikate","commit":"b70f3c3ea1cf257d24717f62d9d4ec3f4c457e35"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":9,"reason":"Found 28/30 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: downloadThenRun not pinned by hash: .devcontainer/Dockerfile:11-27","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 1.0.0-alpha.1 not signed: https://api.github.com/repos/microsoft/fabrikate/releases/33477680","Warn: release artifact 1.0.0-alpha0 not signed: https://api.github.com/repos/microsoft/fabrikate/releases/33419903","Warn: release artifact 0.17.3 not signed: https://api.github.com/repos/microsoft/fabrikate/releases/21699060","Warn: release artifact 0.17.2 not signed: https://api.github.com/repos/microsoft/fabrikate/releases/21518270","Warn: release artifact 0.17.0 not signed: https://api.github.com/repos/microsoft/fabrikate/releases/21272778","Warn: release artifact 1.0.0-alpha.1 does not have provenance: https://api.github.com/repos/microsoft/fabrikate/releases/33477680","Warn: release artifact 1.0.0-alpha0 does not have provenance: https://api.github.com/repos/microsoft/fabrikate/releases/33419903","Warn: release artifact 0.17.3 does not have provenance: https://api.github.com/repos/microsoft/fabrikate/releases/21699060","Warn: release artifact 0.17.2 does not have provenance: https://api.github.com/repos/microsoft/fabrikate/releases/21518270","Warn: release artifact 0.17.0 does not have provenance: https://api.github.com/repos/microsoft/fabrikate/releases/21272778"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/microsoft/.github/SECURITY.md:1","Info: Found linked content: github.com/microsoft/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/microsoft/.github/SECURITY.md:1","Info: Found text in security policy: github.com/microsoft/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"25 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7","Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T11:24:34.883Z","repository_id":56161612,"created_at":"2025-08-21T11:24:34.883Z","updated_at":"2025-08-21T11:24:34.883Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28724374,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T08:27:05.734Z","status":"ssl_error","status_checked_at":"2026-01-24T08:27:01.197Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cluster","flux","gitops","kubernetes-cluster"],"created_at":"2026-01-16T21:00:23.268Z","updated_at":"2026-01-24T10:00:52.735Z","avatar_url":"https://github.com/microsoft.png","language":"Go","funding_links":[],"categories":["Configuration Management"],"sub_categories":[],"readme":"# Fabrikate\n\n[![Build Status][azure-devops-build-status]][azure-devops-build-link]\n[![Go Report Card][go-report-card-badge]][go-report-card]\n\nFabrikate helps make operating Kubernetes clusters with a\n[GitOps](https://www.weave.works/blog/gitops-operations-by-pull-request)\nworkflow more productive. It allows you to write\n[DRY](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself) resource\ndefinitions and configuration for multiple environments while leveraging the\nbroad [Helm chart ecosystem](https://github.com/helm/charts), capture higher\nlevel definitions into abstracted and shareable components, and enable a\n[GitOps](https://www.weave.works/blog/gitops-operations-by-pull-request)\ndeployment workflow that both simplifies and makes deployments more auditable.\n\nIn particular, Fabrikate simplifies the frontend of the GitOps workflow: it\ntakes a high level description of your deployment, a target environment\nconfiguration (eg. `qa` or `prod`), and renders the Kubernetes resource\nmanifests for that deployment utilizing templating tools like\n[Helm](https://helm.sh). It is intended to run as part of a CI/CD pipeline such\nthat with every commit to your Fabrikate deployment definition triggers the\ngeneration of Kubernetes resource manifests that an in-cluster GitOps pod like\n[Weaveworks' Flux](https://github.com/weaveworks/flux) watches and reconciles\nwith the current set of applied resource manifests in your Kubernetes cluster.\n\n## Installation\n\nYou have a couple options:\n\n### Official Release\n\nGrab the latest releases from the\n[releases page](https://github.com/microsoft/fabrikate/releases) and place it\ndrop it into your `$PATH`.\n\n### Building From Source\n\nYou have a couple options to build from source:\n\n**Using `go get`:**\n\nUse `go get` to build and install the bleeding edge (i.e `develop`) version into\n`$GOPATH/bin`:\n\n```bash\n(cd \u0026\u0026 GO111MODULE=on go get github.com/microsoft/fabrikate/cmd/fab@develop)\n```\n\n**Cloning locally:**\n\n```bash\ngit clone https://github.com/microsoft/fabrikate\ncd fabrikate\ngo build -o fab cmd/fab/main.go\n```\n\n## Getting Started\n\nFirst, install the latest `fab` cli on your local machine from\n[our releases](https://github.com/microsoft/fabrikate/releases), unzipping the\nappropriate binary and placing `fab` in your path. The `fab` cli tool, `helm`,\nand `git` are the only tools you need to have installed.\n\n**NOTE** Fabrikate supports Helm 3, do not use Helm 2.\n\nLet's walk through building an example Fabrikate definition to see how it works\nin practice. First off, let's create a directory for our cluster definition:\n\n```sh\n$ mkdir mycluster\n$ cd mycluster\n```\n\nThe first thing I want to do is pull in a common set of observability and\nservice mesh platforms so I can operate this cluster. My organization has\nsettled on a\n[cloud-native](https://github.com/microsoft/fabrikate-definitions/tree/master/definitions/fabrikate-cloud-native)\nstack, and Fabrikate makes it easy to leverage reusable stacks of infrastructure\nlike this:\n\n```sh\n$ fab add cloud-native --source https://github.com/microsoft/fabrikate-definitions --path definitions/fabrikate-cloud-native\n```\n\nSince our directory was empty, this creates a component.yaml file in this\ndirectory:\n\n```yaml\nname: mycluster\nsubcomponents:\n  - name: cloud-native\n    type: component\n    source: https://github.com/microsoft/fabrikate-definitions\n    method: git\n    path: definitions/fabrikate-cloud-native\n    branch: master\n```\n\nA Fabrikate definition, like this one, always contains a `component.yaml` file\nin its root that defines how to generate the Kubernetes resource manifests for\nits directory tree scope.\n\nThe `cloud-native` component we added is a remote component backed by a git repo\n[fabrikate-cloud-native](https://github.com/microsoft/fabrikate-definitions/tree/master/definitions/fabrikate-cloud-native).\nFabrikate definitions use remote definitions like this one to enable multiple\ndeployments to reuse common components (like this cloud-native infrastructure\nstack) from a centrally updated location.\n\nLooking inside this component at its own root `component.yaml` definition, you\ncan see that it itself uses a set of remote components:\n\n```yaml\nname: \"cloud-native\"\ngenerator: \"static\"\npath: \"./manifests\"\nsubcomponents:\n  - name: \"elasticsearch-fluentd-kibana\"\n    source: \"../fabrikate-elasticsearch-fluentd-kibana\"\n  - name: \"prometheus-grafana\"\n    source: \"../fabrikate-prometheus-grafana\"\n  - name: \"istio\"\n    source: \"../fabrikate-istio\"\n  - name: \"kured\"\n    source: \"../fabrikate-kured\"\n```\n\nFabrikate recursively iterates component definitions, so as it processes this\nlower level component definition, it will in turn iterate the remote component\ndefinitions used in its implementation. Being able to mix in remote components\nlike this makes Fabrikate deployments composable and reusable across\ndeployments.\n\nLet's look at the component definition for the\n[elasticsearch-fluentd-kibana component](https://github.com/microsoft/fabrikate-definitions/tree/master/definitions/fabrikate-elasticsearch-fluentd-kibana):\n\n```json\n{\n  \"name\": \"elasticsearch-fluentd-kibana\",\n  \"generator\": \"static\",\n  \"path\": \"./manifests\",\n  \"subcomponents\": [\n    {\n      \"name\": \"elasticsearch\",\n      \"generator\": \"helm\",\n      \"source\": \"https://github.com/helm/charts\",\n      \"method\": \"git\",\n      \"path\": \"stable/elasticsearch\"\n    },\n    {\n      \"name\": \"elasticsearch-curator\",\n      \"generator\": \"helm\",\n      \"source\": \"https://github.com/helm/charts\",\n      \"method\": \"git\",\n      \"path\": \"stable/elasticsearch-curator\"\n    },\n    {\n      \"name\": \"fluentd-elasticsearch\",\n      \"generator\": \"helm\",\n      \"source\": \"https://github.com/helm/charts\",\n      \"method\": \"git\",\n      \"path\": \"stable/fluentd-elasticsearch\"\n    },\n    {\n      \"name\": \"kibana\",\n      \"generator\": \"helm\",\n      \"source\": \"https://github.com/helm/charts\",\n      \"method\": \"git\",\n      \"path\": \"stable/kibana\"\n    }\n  ]\n}\n```\n\nFirst, we see that components can be defined in JSON as well as YAML (as you\nprefer).\n\nSecondly, we see that that this component generates resource definitions. In\nparticular, it will emit a set of static manifests from the path `./manifests`,\nand generate the set of resource manifests specified by the inlined\n[Helm templates](https://helm.sh/) definitions as it it iterates your deployment\ndefinitions.\n\nWith generalized helm charts like the ones used here, its often necessary to\nprovide them with configuration values that vary by environment. This component\nprovides a reasonable set of defaults for its subcomponents in\n`config/common.yaml`. Since this component is providing these four logging\nsubsystems together as a \"stack\", or preconfigured whole, we can provide\nconfiguration to higher level parts based on this knowledge:\n\n```yaml\nconfig:\nsubcomponents:\n  elasticsearch:\n    namespace: elasticsearch\n    injectNamespace: true\n    config:\n      client:\n        resources:\n          limits:\n            memory: \"2048Mi\"\n  elasticsearch-curator:\n    namespace: elasticsearch\n    injectNamespace: true\n    config:\n      cronjob:\n        successfulJobsHistoryLimit: 0\n      configMaps:\n        config_yml: |-\n          ---\n          client:\n            hosts:\n              - elasticsearch-client.elasticsearch.svc.cluster.local\n            port: 9200\n            use_ssl: False\n  fluentd-elasticsearch:\n    namespace: fluentd\n    injectNamespace: true\n    config:\n      elasticsearch:\n        host: \"elasticsearch-client.elasticsearch.svc.cluster.local\"\n  kibana:\n    namespace: kibana\n    injectNamespace: true\n    config:\n      files:\n        kibana.yml:\n          elasticsearch.url: \"http://elasticsearch-client.elasticsearch.svc.cluster.local:9200\"\n```\n\nThis `common` configuration, which applies to all environments, can be mixed\nwith more specific configuration. For example, let's say that we were deploying\nthis in Azure and wanted to utilize its `managed-premium` SSD storage class for\nElasticsearch, but only in `azure` deployments. We can build an `azure`\nconfiguration that allows us to do exactly that, and Fabrikate has a convenience\nfunction called `set` that enables to do exactly that:\n\n```\n$ fab set --environment azure --subcomponent cloud-native.elasticsearch data.persistence.storageClass=\"managed-premium\" master.persistence.storageClass=\"managed-premium\"\n```\n\nThis creates a file called `config/azure.yaml` that looks like this:\n\n```yaml\nsubcomponents:\n  cloud-native:\n    subcomponents:\n      elasticsearch:\n        config:\n          data:\n            persistence:\n              storageClass: managed-premium\n          master:\n            persistence:\n              storageClass: managed-premium\n```\n\nNaturally, an observability stack is just the base infrastructure we need, and\nour real goal is to deploy a set of microservices. Furthermore, let's assume\nthat we want to be able to split the incoming traffic for these services between\n`canary` and `stable` tiers with [Istio](https://istio.io) so that we can more\nsafely launch new versions of the service.\n\nThere is a Fabrikate component for that as well called\n[fabrikate-istio-service](https://github.com/microsoft/fabrikate-definitions/tree/master/definitions/fabrikate-istio)\nthat we'll leverage to add this service, so let's do just that:\n\n```\n$ fab add simple-service --source https://github.com/microsoft/fabrikate-definitions --path definitions/fabrikate-istio\n```\n\nThis component creates these traffic split services using the config applied to\nit. Let's create a `prod` config that does this for a `prod` cluster by creating\n`config/prod.yaml` and placing the following in it:\n\n```yaml\nsubcomponents:\n  simple-service:\n    namespace: services\n    config:\n      gateway: my-ingress.istio-system.svc.cluster.local\n      service:\n        dns: simple.mycompany.io\n        name: simple-service\n        port: 80\n      configMap:\n        PORT: 80\n      tiers:\n        canary:\n          image: \"timfpark/simple-service:441\"\n          replicas: 1\n          weight: 10\n          port: 80\n          resources:\n            requests:\n              cpu: \"250m\"\n              memory: \"256Mi\"\n            limits:\n              cpu: \"1000m\"\n              memory: \"512Mi\"\n\n        stable:\n          image: \"timfpark/simple-service:440\"\n          replicas: 3\n          weight: 90\n          port: 80\n          resources:\n            requests:\n              cpu: \"250m\"\n              memory: \"256Mi\"\n            limits:\n              cpu: \"1000m\"\n              memory: \"512Mi\"\n```\n\nThis defines a service that is exposed on the cluster via a particular gateway\nand dns name and port. It also defines a traffic split between two backend\ntiers: `canary` (10%) and `stable` (90%). Within these tiers, we also define the\nnumber of replicas and the resources they are allowed to use, along with the\ncontainer that is deployed in them. Finally, it also defines a ConfigMap for the\nservice, which passes along an environmental variable to our app called `PORT`.\n\nFrom here we could add definitions for all of our microservices in a similar\nmanner, but in the interest of keeping this short, we'll just do one of the\nservices here.\n\nWith this, we have a functionally complete Fabrikate definition for our\ndeployment. Let's now see how we can use Fabrikate to generate resource\nmanifests for it.\n\nFirst, let's install the remote components and helm charts:\n\n```sh\n$ fab install\n```\n\nThis installs all of the required components and charts locally and we can now\ngenerate the manifests for our deployment with:\n\n```sh\n$ fab generate prod azure\n```\n\nThis will iterate through our deployment definition, collect configuration\nvalues from `azure`, `prod`, and `common` (in that priority order) and generate\nmanifests as it descends breadth first. You can see the generated manifests in\n`./generated/prod-azure`, which has the same logical directory structure as your\ndeployment definition.\n\nFabrikate is meant to used as part of a CI / CD pipeline that commits the\ngenerated manifests checked into a repo so that they can be applied from a pod\nwithin the cluster like [Flux](https://github.com/weaveworks/flux), but if you\nhave a Kubernetes cluster up and running you can also apply them directly with:\n\n```sh\n$ cd generated/prod-azure\n$ kubectl apply --recursive -f .\n```\n\nThis will cause a very large number of containers to spin up (which will take\ntime to start completely as Kubernetes provisions persistent storage and\ndownloads the containers themselves), but after three or four minutes, you\nshould see the full observability stack and Microservices running in your\ncluster.\n\n## Documentation\n\nWe have complete details about how to use and contribute to Fabrikate in these\ndocumentation items:\n\n- [Component Definitions](./docs/component.md)\n- [Config Definitions](./docs/config.md)\n- [Command Reference](./docs/commands.md)\n- [Authentication / Personal Access Tokens (PAT) / `access.yaml`](./docs/auth.md)\n- [Contributing](./docs/contributing.md)\n- [Comparisons against other release management tools](./docs/comparisons.md)\n\n## Community\n\n[Please join us on Slack](https://join.slack.com/t/bedrockco/shared_invite/enQtNjIwNzg3NTU0MDgzLWRiYzQxM2ZmZjQ2NGE2YjA2YTJmMjg3ZmJmOTQwOWY0MTU3NDVkNDJkZDUyMDExZjIxNTg5NWY3MTI3MzFiN2U)\nfor discussion and/or questions.\n\n## Bedrock\n\nWe maintain a sister project called\n[Bedrock](https://github.com/microsoft/bedrock). Bedrock provides automata that\nmake operationalizing Kubernetes clusters with a GitOps deployment workflow\neasier, automating a\n[GitOps](https://www.weave.works/blog/gitops-operations-by-pull-request)\ndeployment model leveraging [Flux](https://github.com/weaveworks/flux), and\nprovides automation for building a CI/CD pipeline that automatically builds\nresource manifests from Fabrikate defintions.\n\n\u003c!-- refs --\u003e\n\n[azure-devops-build-status]:\n  https://tpark.visualstudio.com/fabrikate/_apis/build/status/microsoft.fabrikate?branchName=master\n[azure-devops-build-link]:\n  https://tpark.visualstudio.com/fabrikate/_build/latest?definitionId=35\u0026branchName=master\n[go-report-card]: https://goreportcard.com/report/github.com/microsoft/fabrikate\n[go-report-card-badge]:\n  https://goreportcard.com/badge/github.com/microsoft/fabrikate\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMicrosoft%2Ffabrikate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FMicrosoft%2Ffabrikate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMicrosoft%2Ffabrikate/lists"}