From ee488b394693ff64f2902db4130205ab49e9f095 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Tue, 1 Apr 2025 14:15:11 -0600
Subject: [PATCH 1/7] ZEP-0023: Zarf Named Configs

Signed-off-by: Wayne Starr <me@racer159.com>
---
 0023-zarf-named-configs/README.md | 274 ++++++++++++++++++++++++++++++
 0023-zarf-named-configs/zep.yaml  |  25 +++
 2 files changed, 299 insertions(+)
 create mode 100644 0023-zarf-named-configs/README.md
 create mode 100644 0023-zarf-named-configs/zep.yaml

diff --git a/0023-zarf-named-configs/README.md b/0023-zarf-named-configs/README.md
new file mode 100644
index 0000000..2af923d
--- /dev/null
+++ b/0023-zarf-named-configs/README.md
@@ -0,0 +1,274 @@
+<!--
+**Note:** When your ZEP is complete, all of these comment blocks should be removed.
+
+To get started with this template:
+
+- [ ] **Create an issue in zarf-dev/proposals.**
+  When creating a proposal issue, complete all fields in that template. One of
+  the fields asks for a link to the ZEP, which you can leave blank until the ZEP
+  is filed. Then, go back and add the link.
+- [ ] **Make a copy of this template directory.**
+  Name it `NNNN-short-descriptive-title`, where `NNNN` is the issue number
+  (with no leading zeroes).
+- [ ] **Fill out as much of the zep.yaml file as you can.**
+  At minimum, complete the "Title", "Authors", "Status", and date-related fields.
+- [ ] **Fill out this file as best you can.**
+  Focus on the "Summary" and "Motivation" sections first. If you've already discussed
+  the idea with the Technical Steering Committee, this part should be easier.
+- [ ] **Create a PR for this ZEP.**
+  Assign it to members of the Technical Steering Committee who are sponsoring this process.
+- [ ] **Merge early and iterate.**
+  Don’t get bogged down in the details—focus on getting the goals clarified and the
+  ZEP merged quickly. You can fill in the specifics incrementally in later PRs.
+
+Just because a ZEP is merged doesn't mean it's complete or approved. Any ZEP marked
+as `provisional` is a working document and subject to change. You can mark unresolved
+sections like this:
+
+```
+<<[UNRESOLVED optional short context or usernames ]>>
+Stuff that is being argued.
+<<[/UNRESOLVED]>>
+```
+
+When editing ZEPs, aim for focused, single-topic PRs to keep discussions clear. If
+you disagree with a section, open a new PR with suggested changes.
+
+Each ZEP covers one "feature" or "enhancement" throughout its lifecycle. You don’t
+need a new ZEP for moving from beta to GA. If new details emerge, edit the existing
+ZEP. Once a feature is "implemented", major changes should go in new ZEPs.
+
+The latest instructions for this template can be found in [this repo](/NNNN-zep-template/README.md).
+
+**Note:** PRs to move a ZEP to `implementable`, or significant changes to an
+`implementable` ZEP, must be approved by all ZEP approvers. If an approver is no
+longer appropriate, updates to the list must be approved by the remaining approvers.
+-->
+
+# ZEP-0023: Zarf Named Configs
+
+<!--
+Keep the title short simple and descriptive. It should clearly convey what
+the ZEP is going to cover.
+-->
+
+<!--
+A table of contents helps reviewers quickly navigate the ZEP and highlights
+any additional information provided beyond the standard ZEP template.
+-->
+
+<!-- toc -->
+- [Summary](#summary)
+- [Motivation](#motivation)
+  - [Goals](#goals)
+  - [Non-Goals](#non-goals)
+- [Proposal](#proposal)
+  - [User Stories (Optional)](#user-stories-optional)
+    - [Story 1](#story-1)
+    - [Story 2](#story-2)
+  - [Risks and Mitigations](#risks-and-mitigations)
+- [Design Details](#design-details)
+  - [Test Plan](#test-plan)
+      - [Prerequisite testing updates](#prerequisite-testing-updates)
+      - [Unit tests](#unit-tests)
+      - [e2e tests](#e2e-tests)
+  - [Graduation Criteria](#graduation-criteria)
+  - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
+  - [Version Skew Strategy](#version-skew-strategy)
+- [Implementation History](#implementation-history)
+- [Drawbacks](#drawbacks)
+- [Alternatives](#alternatives)
+- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
+<!-- /toc -->
+
+## Summary
+
+<!--
+This section is key for creating high-quality, user-focused documentation
+like release notes or a roadmap. You should gather this info before
+implementation starts to keep the focus on development, not writing. ZEP
+editors should ensure the `Summary` is clear and useful for a broad audience.
+
+A good summary should be at least a paragraph long.
+
+Follow the [documentation style guide] for this section and the rest of the ZEP.
+Keep line lengths reasonable to make it easier for reviewers to provide
+feedback and reduce unnecessary changes.
+
+[documentation style guide]: https://docs.zarf.dev/contribute/style-guide/
+-->
+
+## Motivation
+
+<!--
+This section is for explicitly listing the motivation, goals, and non-goals of
+this ZEP.  Describe why the change is important and the benefits to users. You
+can also optionally include links to [experience reports], [community slacks],
+or other references to show the community's interest in the ZEP.
+
+[experience reports]: https://go.dev/wiki/ExperienceReports
+[openssf slack]: https://openssf.slack.com/archives/C07AKUMBDMJ
+[kubernetes slack]: https://kubernetes.slack.com/archives/C03B6BJAUJ3
+-->
+
+### Goals
+
+<!--
+List the specific goals of the ZEP. What is it trying to achieve? How will we
+know that this has succeeded?
+-->
+
+### Non-Goals
+
+<!--
+What is out of scope for this ZEP? Listing non-goals helps to focus discussion
+and make progress.
+-->
+
+## Proposal
+
+<!--
+This is where you explain the specifics of the proposal. Provide enough detail
+for reviewers to clearly understand what you're proposing, but avoid including
+too many specifics like API designs or implementation details. Focus on the
+desired outcome and how success will be measured. The "Design Details" section
+below is for the real nitty-gritty.
+-->
+
+### User Stories (Optional)
+
+<!--
+Detail the things that people will be able to do if this ZEP is implemented.
+Include as much detail as possible so that people can understand the "how" of
+the system. The goal here is to make this feel real for users without getting
+bogged down.
+-->
+
+#### Story 1
+
+#### Story 2
+
+### Risks and Mitigations
+
+<!--
+What are the risks of this proposal, and how do we mitigate? Think broadly.
+For example, consider both security and how this will impact the larger
+Zarf ecosystem.
+
+How will security be reviewed, and by whom?
+
+How will UX be reviewed, and by whom?
+-->
+
+## Design Details
+
+<!--
+This section should contain enough information that the specifics of your
+change are understandable. This may include API specs (though not always
+required) or even code snippets. If there's any ambiguity about HOW your
+proposal will be implemented, this is the place to discuss that.
+-->
+
+### Test Plan
+
+<!--
+**Note:** *Not required until targeted at a release.*
+The goal is to ensure that we don't accept proposals with inadequate testing.
+
+All code is expected to have adequate tests (eventually with coverage
+expectations). Please adhere to the [Zarf testing guidelines][testing-guidelines]
+when drafting this test plan.
+
+[testing-guidelines]: https://docs.zarf.dev/contribute/testing/
+-->
+
+[ ] I/we understand the owners of the involved components may require updates to
+existing tests to make this code solid enough prior to committing the changes necessary
+to implement this proposal.
+
+### Graduation Criteria
+
+<!--
+**Note:** *Not required until you're targeting a release.*
+
+Define what needs to happen for this feature to move from alpha to beta to GA
+(General Availability). Focus on key signals or criteria that show the feature
+is ready for each stage.
+
+Consider the following stages when setting graduation criteria:
+- Alpha: Feature is behind a feature flag, basic tests in place.
+- Beta: Gather feedback from users, complete core features, add more tests.
+- GA: Prove real-world usage, complete rigorous testing, gather feedback.
+
+In general, features should wait at least two releases between Beta and GA to
+allow time for feedback. For features moving to GA, include conformance tests
+to ensure stability and compatibility.
+
+#### Deprecation
+If this feature will eventually be deprecated, plan for it:
+- Announce deprecation and support policy.
+- Wait at least two versions before fully removing it.
+-->
+
+### Upgrade / Downgrade Strategy
+
+<!--
+If applicable, how will the component be upgraded and downgraded? Make sure
+this is in the test plan.
+
+Consider the following in developing an upgrade/downgrade strategy for this
+proposal:
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  package definition or deployment required to make on upgrade, in order to
+  maintain previous behavior?
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  package definition or deployment required to make on upgrade, in order to
+  make use of the proposal?
+-->
+
+### Version Skew Strategy
+
+<!--
+If applicable, how will the component handle version skew with other
+components? What are the guarantees? Make sure this is in the test plan.
+
+Consider the following in developing a version skew strategy for this
+proposal:
+- Does this proposal involve coordinating behavior between components?
+  - (i.e. the Zarf Agent and CLI? The init package and the CLI?)
+-->
+
+## Implementation History
+
+<!--
+Major milestones in the lifecycle of a ZEP should be tracked in this section.
+Major milestones might include:
+- the `Summary` and `Motivation` sections being merged, signaling acceptance of the ZEP
+- the `Proposal` section being merged, signaling agreement on a proposed design
+- the date implementation started
+- the first Zarf release where an initial version of the ZEP was available
+- the version of Zarf where the ZEP graduated to general availability
+- when the ZEP was retired or superseded
+-->
+
+## Drawbacks
+
+<!--
+Why should this ZEP _not_ be implemented?
+-->
+
+## Alternatives
+
+<!--
+What other approaches did you consider, and why did you rule them out? These do
+not need to be as detailed as the proposal, but should include enough
+information to express the idea and why it was not acceptable.
+-->
+
+## Infrastructure Needed (Optional)
+
+<!--
+Use this section if you need things from the project. Examples include a new repo,
+cloud infrastructure for testing or GitHub details. Listing these here
+allows the process to get these resources to be started right away.
+-->
diff --git a/0023-zarf-named-configs/zep.yaml b/0023-zarf-named-configs/zep.yaml
new file mode 100644
index 0000000..70bd9c3
--- /dev/null
+++ b/0023-zarf-named-configs/zep.yaml
@@ -0,0 +1,25 @@
+schema-version: 1.0.0
+
+title: Zarf Named Configs
+zep-number: 0023
+authors:
+  - "@racer159"
+status: implementable
+creation-date: 2025-04-01
+reviewers:
+  - "@zarf-dev"
+approvers:
+  - "@zarf-dev"
+
+# The target maturity stage in the current dev cycle for this ZEP.
+stage: alpha
+
+# The most recent milestone for which work toward delivery of this ZEP has been
+# done. This can be the current (upcoming) milestone, if it is being actively
+# worked on.
+latest-milestone: "NA"
+
+# The milestone at which this feature was, or is targeted to be, at each stage.
+milestone:
+  alpha: "NA"
+  stable: "v1.0"

From 3a7ea1fee4e0f35aaf02378072cd4f217647e769 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Tue, 1 Apr 2025 17:18:41 -0600
Subject: [PATCH 2/7] port info from 0017

Signed-off-by: Wayne Starr <me@racer159.com>
---
 0023-zarf-named-configs/README.md | 175 +++++++++---------------------
 1 file changed, 49 insertions(+), 126 deletions(-)

diff --git a/0023-zarf-named-configs/README.md b/0023-zarf-named-configs/README.md
index 2af923d..443d624 100644
--- a/0023-zarf-named-configs/README.md
+++ b/0023-zarf-named-configs/README.md
@@ -83,160 +83,93 @@ any additional information provided beyond the standard ZEP template.
 
 ## Summary
 
-<!--
-This section is key for creating high-quality, user-focused documentation
-like release notes or a roadmap. You should gather this info before
-implementation starts to keep the focus on development, not writing. ZEP
-editors should ensure the `Summary` is clear and useful for a broad audience.
-
-A good summary should be at least a paragraph long.
-
-Follow the [documentation style guide] for this section and the rest of the ZEP.
-Keep line lengths reasonable to make it easier for reviewers to provide
-feedback and reduce unnecessary changes.
-
-[documentation style guide]: https://docs.zarf.dev/contribute/style-guide/
--->
+This ZEP proposes to enable a namespace override for charts similar to the namespace override [functionality available in UDS CLI](https://uds.defenseunicorns.com/reference/bundles/overrides/#namespace).  This would allow namespaces of charts within a Zarf package to be overridden so that multiples of the same Zarf package could be deployed to the same cluster under different namespaces (without needing to maintain variants of the same package).
 
 ## Motivation
 
-<!--
-This section is for explicitly listing the motivation, goals, and non-goals of
-this ZEP.  Describe why the change is important and the benefits to users. You
-can also optionally include links to [experience reports], [community slacks],
-or other references to show the community's interest in the ZEP.
-
-[experience reports]: https://go.dev/wiki/ExperienceReports
-[openssf slack]: https://openssf.slack.com/archives/C07AKUMBDMJ
-[kubernetes slack]: https://kubernetes.slack.com/archives/C03B6BJAUJ3
--->
+Doing this allows more flexibility with certain Zarf packages where you may want to have multiples of them installed in the cluster with slightly different configurations (such as [GitLab Runners](https://github.com/defenseunicorns/uds-package-gitlab-runner)).  Right now the release namespace of any chart has to be hardcoded into the package and will be overwritten even if the chart allows namespace overrides for some manifests within the chart.  The current behavior is also different from what Helm does by default which may not be what users of Zarf expect (Helm allows the use of the `namespace` flag on install to set the Chart's namespace without it needing to be baked into the Chart).
 
 ### Goals
 
-<!--
-List the specific goals of the ZEP. What is it trying to achieve? How will we
-know that this has succeeded?
--->
+- Provide a way for an already created Zarf package containing Helm Charts to be easily installed more than once with different configurations
 
 ### Non-Goals
 
-<!--
-What is out of scope for this ZEP? Listing non-goals helps to focus discussion
-and make progress.
--->
+- Move away from the declarative nature of Zarf packages
 
 ## Proposal
 
-<!--
-This is where you explain the specifics of the proposal. Provide enough detail
-for reviewers to clearly understand what you're proposing, but avoid including
-too many specifics like API designs or implementation details. Focus on the
-desired outcome and how success will be measured. The "Design Details" section
-below is for the real nitty-gritty.
--->
+The proposed solution is to introduce a new named override config to Zarf to allow for a managed way to provide overrides for namespaces and eventually different values.  This allows for potential future override expansion while also forcing the overrides to be named and versioned to a package rather than be as fluid as an existing zarf-config file helping reduce declarative loss. These overrides could also eventually be signed as an artifact if desired.
 
 ### User Stories (Optional)
 
-<!--
-Detail the things that people will be able to do if this ZEP is implemented.
-Include as much detail as possible so that people can understand the "how" of
-the system. The goal here is to make this feel real for users without getting
-bogged down.
--->
-
 #### Story 1
 
-#### Story 2
+**As** Jacquline **I want** to be able to set namespace overrides **so that** I can install the same package with different configurations in different namespaces.
+
+**Given** I have a Zarf Package with a chart named `my-chart` in a component named `my-component`
+**And** I have a new ZarfOverrideConfig created from the following
+```yaml
+kind: ZarfOverrideConfig
+metadata:
+  name: test-override
+  ref: oci://my-registry/test:0.1.0
+  version: 0.1.0
+
+overrides:
+  my-component:
+    my-chart:
+      namespace: new-namespace
+```
+**When** I deploy that package with a `--override` like the below:
+```yaml
+zarf package deploy oci://my-registry/test:0.1.0 --override oci://my-registry/test-override:0.1.0
+```
+**Then** Zarf will change the chart's release namespace to `new-namespace`
 
 ### Risks and Mitigations
 
-<!--
-What are the risks of this proposal, and how do we mitigate? Think broadly.
-For example, consider both security and how this will impact the larger
-Zarf ecosystem.
-
-How will security be reviewed, and by whom?
-
-How will UX be reviewed, and by whom?
--->
+TODO - (@WSTARR)
 
 ## Design Details
 
-<!--
-This section should contain enough information that the specifics of your
-change are understandable. This may include API specs (though not always
-required) or even code snippets. If there's any ambiguity about HOW your
-proposal will be implemented, this is the place to discuss that.
--->
+TODO - (@WSTARR) - We need to discuss format if we co with named configs.  Items of discussion:
 
-### Test Plan
-
-<!--
-**Note:** *Not required until targeted at a release.*
-The goal is to ensure that we don't accept proposals with inadequate testing.
+1. How will named override configs reference the Zarf package they are attached to.
+2. Would named override configs have a local format (or be OCI only)
+3. How would publishing / pulling overrides work in practice
 
-All code is expected to have adequate tests (eventually with coverage
-expectations). Please adhere to the [Zarf testing guidelines][testing-guidelines]
-when drafting this test plan.
+This proposal will affect the release namespace of a chart (or manifest) so that the Helm release secrets and any templates that use the `.Release.Namespace` template would use the newly provided namespace.  This would ensure that charts wouldn't affect the history or objects of prior deployments and would be able to properly install alongside one another.  This would not affect namespaces that are defined under .Values as those would still be controlled by the package configuration and Zarf variables as they are today.
 
-[testing-guidelines]: https://docs.zarf.dev/contribute/testing/
--->
+### Test Plan
 
-[ ] I/we understand the owners of the involved components may require updates to
+[X] I/we understand the owners of the involved components may require updates to
 existing tests to make this code solid enough prior to committing the changes necessary
 to implement this proposal.
 
-### Graduation Criteria
+##### Prerequisite testing updates
 
-<!--
-**Note:** *Not required until you're targeting a release.*
+NA - This is a modification of existing behavior that should not require prerequisite testing updates.
 
-Define what needs to happen for this feature to move from alpha to beta to GA
-(General Availability). Focus on key signals or criteria that show the feature
-is ready for each stage.
+##### Unit tests
 
-Consider the following stages when setting graduation criteria:
-- Alpha: Feature is behind a feature flag, basic tests in place.
-- Beta: Gather feedback from users, complete core features, add more tests.
-- GA: Prove real-world usage, complete rigorous testing, gather feedback.
+TODO - (@WSTARR)
 
-In general, features should wait at least two releases between Beta and GA to
-allow time for feedback. For features moving to GA, include conformance tests
-to ensure stability and compatibility.
+##### e2e tests
 
-#### Deprecation
-If this feature will eventually be deprecated, plan for it:
-- Announce deprecation and support policy.
-- Wait at least two versions before fully removing it.
--->
+TODO - (@WSTARR)
+
+### Graduation Criteria
+
+TODO - (@WSTARR)
 
 ### Upgrade / Downgrade Strategy
 
-<!--
-If applicable, how will the component be upgraded and downgraded? Make sure
-this is in the test plan.
-
-Consider the following in developing an upgrade/downgrade strategy for this
-proposal:
-- What changes (in invocations, configurations, API use, etc.) is an existing
-  package definition or deployment required to make on upgrade, in order to
-  maintain previous behavior?
-- What changes (in invocations, configurations, API use, etc.) is an existing
-  package definition or deployment required to make on upgrade, in order to
-  make use of the proposal?
--->
+NA - There would be no upgrade / downgrade of cluster installed components
 
 ### Version Skew Strategy
 
-<!--
-If applicable, how will the component handle version skew with other
-components? What are the guarantees? Make sure this is in the test plan.
-
-Consider the following in developing a version skew strategy for this
-proposal:
-- Does this proposal involve coordinating behavior between components?
-  - (i.e. the Zarf Agent and CLI? The init package and the CLI?)
--->
+NA - This proposal doesn't impact how Zarf's components interact
 
 ## Implementation History
 
@@ -253,22 +186,12 @@ Major milestones might include:
 
 ## Drawbacks
 
-<!--
-Why should this ZEP _not_ be implemented?
--->
+TODO - (@WSTARR)
 
 ## Alternatives
 
-<!--
-What other approaches did you consider, and why did you rule them out? These do
-not need to be as detailed as the proposal, but should include enough
-information to express the idea and why it was not acceptable.
--->
+
 
 ## Infrastructure Needed (Optional)
 
-<!--
-Use this section if you need things from the project. Examples include a new repo,
-cloud infrastructure for testing or GitHub details. Listing these here
-allows the process to get these resources to be started right away.
--->
+NA - This change requires no additional infrastructure as it is internal to Zarf's operation.

From 7b8a77b577fa4134f7c43a0fefa535d330004bae Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 3 Apr 2025 14:01:35 -0600
Subject: [PATCH 3/7] a bit more detail

Signed-off-by: Wayne Starr <me@racer159.com>
---
 0023-zarf-named-configs/README.md | 20 +++++++++++---------
 0023-zarf-named-configs/zep.yaml  |  4 ++++
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/0023-zarf-named-configs/README.md b/0023-zarf-named-configs/README.md
index 443d624..d0c59f1 100644
--- a/0023-zarf-named-configs/README.md
+++ b/0023-zarf-named-configs/README.md
@@ -83,34 +83,36 @@ any additional information provided beyond the standard ZEP template.
 
 ## Summary
 
-This ZEP proposes to enable a namespace override for charts similar to the namespace override [functionality available in UDS CLI](https://uds.defenseunicorns.com/reference/bundles/overrides/#namespace).  This would allow namespaces of charts within a Zarf package to be overridden so that multiples of the same Zarf package could be deployed to the same cluster under different namespaces (without needing to maintain variants of the same package).
+This ZEP proposes to allow configuration specific to a Zarf package deployment to be able to be named, versioned and published to a registry so that it can simplify the deployment experience for end users.
 
 ## Motivation
 
-Doing this allows more flexibility with certain Zarf packages where you may want to have multiples of them installed in the cluster with slightly different configurations (such as [GitLab Runners](https://github.com/defenseunicorns/uds-package-gitlab-runner)).  Right now the release namespace of any chart has to be hardcoded into the package and will be overwritten even if the chart allows namespace overrides for some manifests within the chart.  The current behavior is also different from what Helm does by default which may not be what users of Zarf expect (Helm allows the use of the `namespace` flag on install to set the Chart's namespace without it needing to be baked into the Chart).
+This proposal comes from a desire to even further lower the barrier to entry for the deploy persona by pre-baking some deployment configuration for a Zarf package into named configurations that can be selected from.  In some environments a user deploying a Zarf package may not have system administrator experience and an SRE may want to pre-configure the package for them to make the package even more declarative and easier to manage.  Additionally many Zarf packages cross security domains and so might not be able to contain their related configuration inside the package at create time.  Having a way to marry the package with the configuration within the deployment environment would help with this as well.
 
 ### Goals
 
-- Provide a way for an already created Zarf package containing Helm Charts to be easily installed more than once with different configurations
+- Provide a way for Zarf packages to reference pre-baked configurations during deployments
+- Enhance the declarative design of Zarf
 
 ### Non-Goals
 
-- Move away from the declarative nature of Zarf packages
+- Provide configuration outside of the deployment of the package
+- Include security relevant deployment configuration in the registry (i.e. package signing keys)
 
 ## Proposal
 
-The proposed solution is to introduce a new named override config to Zarf to allow for a managed way to provide overrides for namespaces and eventually different values.  This allows for potential future override expansion while also forcing the overrides to be named and versioned to a package rather than be as fluid as an existing zarf-config file helping reduce declarative loss. These overrides could also eventually be signed as an artifact if desired.
+The proposed solution introduces a new named configuration type to Zarf to allow for a managed way to provide deployment configuration for a package.  This would include most options that are available in a `zarf-config` file under `package.deploy` including the new options mentioned in [ZEP-0021](../0021-zarf-values/README.md) and [ZEP-0017](../0017-chart-namespace-overrides/README.md).  This file would refer to a specific Zarf package name and version and itself would have a reference for itself.  This would then be published in a registry and could be refered to on `zarf package deploy` or `zarf dev deploy`.
 
 ### User Stories (Optional)
 
 #### Story 1
 
-**As** Jacquline **I want** to be able to set namespace overrides **so that** I can install the same package with different configurations in different namespaces.
+**As** Jacquline **I want** to be able to pre-bake package configuration **so that** I can provide a more declarative package to Ashton.
 
 **Given** I have a Zarf Package with a chart named `my-chart` in a component named `my-component`
-**And** I have a new ZarfOverrideConfig created from the following
+**And** I have a new ZarfNamedConfig created from the following
 ```yaml
-kind: ZarfOverrideConfig
+kind: ZarfNamedConfig
 metadata:
   name: test-override
   ref: oci://my-registry/test:0.1.0
@@ -190,7 +192,7 @@ TODO - (@WSTARR)
 
 ## Alternatives
 
-
+TODO - (@WSTARR)
 
 ## Infrastructure Needed (Optional)
 
diff --git a/0023-zarf-named-configs/zep.yaml b/0023-zarf-named-configs/zep.yaml
index 70bd9c3..9c305e1 100644
--- a/0023-zarf-named-configs/zep.yaml
+++ b/0023-zarf-named-configs/zep.yaml
@@ -11,6 +11,10 @@ reviewers:
 approvers:
   - "@zarf-dev"
 
+see also:
+  - "/0021-zarf-values"
+  - "/0017-chart-namespace-overrides"
+
 # The target maturity stage in the current dev cycle for this ZEP.
 stage: alpha
 

From ce56960fa0b0164c9568dbbd57c7e041174518e0 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 3 Apr 2025 15:02:58 -0600
Subject: [PATCH 4/7] a little more

Signed-off-by: Wayne Starr <me@racer159.com>
---
 0023-zarf-named-configs/README.md | 58 ++++++++++++++++++++++---------
 1 file changed, 41 insertions(+), 17 deletions(-)

diff --git a/0023-zarf-named-configs/README.md b/0023-zarf-named-configs/README.md
index d0c59f1..7f7a2ee 100644
--- a/0023-zarf-named-configs/README.md
+++ b/0023-zarf-named-configs/README.md
@@ -109,8 +109,27 @@ The proposed solution introduces a new named configuration type to Zarf to allow
 
 **As** Jacquline **I want** to be able to pre-bake package configuration **so that** I can provide a more declarative package to Ashton.
 
-**Given** I have a Zarf Package with a chart named `my-chart` in a component named `my-component`
-**And** I have a new ZarfNamedConfig created from the following
+**Given** I have a Zarf Package created from the below:
+```yaml
+metadata:
+  kind: ZarfPackageConfig
+  name: example
+  version: 0.1.0
+  namespace: example
+
+variables:
+  - name: EXAMPLE
+
+values:
+  - values-default.yaml
+
+components:
+  - name: first
+    ...
+  - name: second
+    ...
+```
+**And** I have a new ZarfNamedConfig published from the following
 ```yaml
 kind: ZarfNamedConfig
 metadata:
@@ -118,30 +137,35 @@ metadata:
   ref: oci://my-registry/test:0.1.0
   version: 0.1.0
 
-overrides:
-  my-component:
-    my-chart:
-      namespace: new-namespace
+components: [ first ]
+
+namespace: new-namespace
+
+set:
+  EXAMPLE: example
+
+values:
+  - values-override.yaml
+
+adopt-existing-resources: true
 ```
-**When** I deploy that package with a `--override` like the below:
-```yaml
-zarf package deploy oci://my-registry/test:0.1.0 --override oci://my-registry/test-override:0.1.0
+**When** I deploy that package with a `--config` like the below:
+```bash
+zarf package deploy oci://my-registry/test:0.1.0 --config oci://my-registry/test-override:0.1.0
 ```
-**Then** Zarf will change the chart's release namespace to `new-namespace`
+**Then** Zarf will set the deploy options in accordance with the referenced config
 
 ### Risks and Mitigations
 
-TODO - (@WSTARR)
+This would make it easy to potentially accidentaly store secrets in the registry which is not desireable.  We should add documentation about this and potentially prevent the storage of variables that are marked `sensitive` in named configs.
 
 ## Design Details
 
 TODO - (@WSTARR) - We need to discuss format if we co with named configs.  Items of discussion:
 
-1. How will named override configs reference the Zarf package they are attached to.
-2. Would named override configs have a local format (or be OCI only)
-3. How would publishing / pulling overrides work in practice
-
-This proposal will affect the release namespace of a chart (or manifest) so that the Helm release secrets and any templates that use the `.Release.Namespace` template would use the newly provided namespace.  This would ensure that charts wouldn't affect the history or objects of prior deployments and would be able to properly install alongside one another.  This would not affect namespaces that are defined under .Values as those would still be controlled by the package configuration and Zarf variables as they are today.
+1. How will named configs reference the Zarf package they are attached to.
+2. Would named configs have a local format (or be OCI only)
+3. How would publishing / pulling named configs work in practice
 
 ### Test Plan
 
@@ -171,7 +195,7 @@ NA - There would be no upgrade / downgrade of cluster installed components
 
 ### Version Skew Strategy
 
-NA - This proposal doesn't impact how Zarf's components interact
+NA - This proposal is an entirely new feature and does not impact existing behavior
 
 ## Implementation History
 

From cfac732bf6783bbf3f05c538635cd77dd5bc9b89 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 3 Apr 2025 17:39:51 -0600
Subject: [PATCH 5/7] more deets

Signed-off-by: Wayne Starr <me@racer159.com>
---
 0023-zarf-named-configs/README.md | 56 ++++++++++++++++++++++---------
 1 file changed, 41 insertions(+), 15 deletions(-)

diff --git a/0023-zarf-named-configs/README.md b/0023-zarf-named-configs/README.md
index 7f7a2ee..a979ff8 100644
--- a/0023-zarf-named-configs/README.md
+++ b/0023-zarf-named-configs/README.md
@@ -83,7 +83,7 @@ any additional information provided beyond the standard ZEP template.
 
 ## Summary
 
-This ZEP proposes to allow configuration specific to a Zarf package deployment to be able to be named, versioned and published to a registry so that it can simplify the deployment experience for end users.
+This ZEP proposes to allow configuration specific to a Zarf package deployment to be named, versioned and published to a registry so that it can simplify the deployment experience for end users.
 
 ## Motivation
 
@@ -129,11 +129,16 @@ components:
   - name: second
     ...
 ```
-**And** I have a new ZarfNamedConfig published from the following
+**And** I have a new configuration published from the following
 ```yaml
+# option 1
 kind: ZarfNamedConfig
+# option 2
+kind: ZarfDeployConfig
+# option 3
+kind: ZarfConfig
 metadata:
-  name: test-override
+  name: test-config
   ref: oci://my-registry/test:0.1.0
   version: 0.1.0
 
@@ -151,21 +156,18 @@ adopt-existing-resources: true
 ```
 **When** I deploy that package with a `--config` like the below:
 ```bash
-zarf package deploy oci://my-registry/test:0.1.0 --config oci://my-registry/test-override:0.1.0
+zarf package deploy oci://my-registry/test:0.1.0 --config oci://my-registry/test-config:0.1.0
 ```
 **Then** Zarf will set the deploy options in accordance with the referenced config
 
 ### Risks and Mitigations
 
-This would make it easy to potentially accidentaly store secrets in the registry which is not desireable.  We should add documentation about this and potentially prevent the storage of variables that are marked `sensitive` in named configs.
+This would make it easy to potentially accidentally store secrets in the registry which is not desireable.  We should add documentation about this and potentially prevent the storage of variables that are marked `sensitive` in named configs.
 
 ## Design Details
 
-TODO - (@WSTARR) - We need to discuss format if we co with named configs.  Items of discussion:
-
-1. How will named configs reference the Zarf package they are attached to.
-2. Would named configs have a local format (or be OCI only)
-3. How would publishing / pulling named configs work in practice
+<!-- This is negotiable and would like to hear others' thoughts on a local format for named configs vs having them be OCI-only -->
+Named configs would be created and published through a set of new CLI commands (`zarf config create` and `zarf config publish`).  This would pull together any referenced files or necessary artifacts and either create a local `tar.zst` or publish an OCI reference similar to a package.
 
 ### Test Plan
 
@@ -179,15 +181,15 @@ NA - This is a modification of existing behavior that should not require prerequ
 
 ##### Unit tests
 
-TODO - (@WSTARR)
+Unit tests would need to be added to ensure that the config was passed into the package deploy library interface correctly.
 
 ##### e2e tests
 
-TODO - (@WSTARR)
+Additional end to end tests would need to be added to ensure that the CLI flags and Viper config properly configured Zarf to use the published config.  Config publishing from the CLI would also need to be tested.
 
 ### Graduation Criteria
 
-TODO - (@WSTARR)
+Pending review / community input these changes would be moved from alpha status and be marked as stable within Zarf's Package definition.  This would be based on user adoption of the feature and confidence in its continued stability.
 
 ### Upgrade / Downgrade Strategy
 
@@ -212,11 +214,35 @@ Major milestones might include:
 
 ## Drawbacks
 
-TODO - (@WSTARR)
+This is limited to only the package deployment options and does not allow for the full range of options that one may want to change in a Zarf package.  This means that while an SRE can set configuration for a package they cannot override the package contents in any way and would need to contact the original package creator for assistance.
 
 ## Alternatives
 
-TODO - (@WSTARR)
+Similar to [ZEP-0017](../0017-chart-namespace-overrides/README.md) we could allow for Zarf package remixing:
+
+**Given** I have a Zarf Package with a chart named `my-chart` in a component named `my-component`
+**And** I have a new ZarfRemixConfig created from the following
+```yaml
+kind: ZarfRemixConfig
+metadata:
+  name: test-override
+  version: 0.1.0
+  ref: oci://my-registry/test:0.1.0
+
+remix:
+  my-component:
+    my-chart:
+      namespace: new-namespace
+```
+**When** I create a new package from that with:
+```bash
+zarf package create zarf-remix.yaml
+```
+**Then** Zarf will change the chart's release namespace to `new-namespace` in the new package
+**And When** I deploy that package
+**Then** the chart will be in the `new-namespace` namespace.
+
+To allow multiple configured packages to be created from one base package. This has the potential though to introduce Zarf package sprawl and could clog a registry with references to Zarf packages that are mostly the same.
 
 ## Infrastructure Needed (Optional)
 

From f888d83668ba1cb067d8978351151b7d49abdd56 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 3 Apr 2025 18:05:44 -0600
Subject: [PATCH 6/7] add more info

Signed-off-by: Wayne Starr <me@racer159.com>
---
 0023-zarf-named-configs/README.md | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/0023-zarf-named-configs/README.md b/0023-zarf-named-configs/README.md
index a979ff8..35d0161 100644
--- a/0023-zarf-named-configs/README.md
+++ b/0023-zarf-named-configs/README.md
@@ -87,7 +87,7 @@ This ZEP proposes to allow configuration specific to a Zarf package deployment t
 
 ## Motivation
 
-This proposal comes from a desire to even further lower the barrier to entry for the deploy persona by pre-baking some deployment configuration for a Zarf package into named configurations that can be selected from.  In some environments a user deploying a Zarf package may not have system administrator experience and an SRE may want to pre-configure the package for them to make the package even more declarative and easier to manage.  Additionally many Zarf packages cross security domains and so might not be able to contain their related configuration inside the package at create time.  Having a way to marry the package with the configuration within the deployment environment would help with this as well.
+This proposal comes from a desire to even further lower the barrier to entry for the deploy persona by pre-baking some deployment configuration for a Zarf package into named configurations that can be selected from.  In some environments a user deploying a Zarf package may not have system administrator experience and an SRE may want to pre-configure the package for them to make the package even more declarative and easier to manage.  Additionally many Zarf packages cross security domains and might not be able to contain their related configuration inside the package at create time.  Having a way to marry the package with the configuration within the deployment environment would help with this as well.
 
 ### Goals
 
@@ -101,7 +101,7 @@ This proposal comes from a desire to even further lower the barrier to entry for
 
 ## Proposal
 
-The proposed solution introduces a new named configuration type to Zarf to allow for a managed way to provide deployment configuration for a package.  This would include most options that are available in a `zarf-config` file under `package.deploy` including the new options mentioned in [ZEP-0021](../0021-zarf-values/README.md) and [ZEP-0017](../0017-chart-namespace-overrides/README.md).  This file would refer to a specific Zarf package name and version and itself would have a reference for itself.  This would then be published in a registry and could be refered to on `zarf package deploy` or `zarf dev deploy`.
+The proposed solution introduces a new named configuration type to Zarf to allow for a managed way to provide deployment configuration for a package.  This would include most options that are available in a `zarf-config` file under `package.deploy` including the new options mentioned in [ZEP-0021](../0021-zarf-values/README.md) and [ZEP-0017](../0017-chart-namespace-overrides/README.md).  This file would be tied to a specific Zarf package name and version in addition to its own name and version.  This configuration could then be published in a registry and/or be referenced on `zarf package deploy` or `zarf dev deploy`.
 
 ### User Stories (Optional)
 
@@ -138,8 +138,11 @@ kind: ZarfDeployConfig
 # option 3
 kind: ZarfConfig
 metadata:
-  name: test-config
-  ref: oci://my-registry/test:0.1.0
+  name: example-config
+  version: 0.1.0
+
+package:
+  name: example
   version: 0.1.0
 
 components: [ first ]
@@ -156,7 +159,7 @@ adopt-existing-resources: true
 ```
 **When** I deploy that package with a `--config` like the below:
 ```bash
-zarf package deploy oci://my-registry/test:0.1.0 --config oci://my-registry/test-config:0.1.0
+zarf package deploy oci://my-registry/example:0.1.0 --config oci://my-registry/example-config:0.1.0
 ```
 **Then** Zarf will set the deploy options in accordance with the referenced config
 
@@ -167,7 +170,9 @@ This would make it easy to potentially accidentally store secrets in the registr
 ## Design Details
 
 <!-- This is negotiable and would like to hear others' thoughts on a local format for named configs vs having them be OCI-only -->
-Named configs would be created and published through a set of new CLI commands (`zarf config create` and `zarf config publish`).  This would pull together any referenced files or necessary artifacts and either create a local `tar.zst` or publish an OCI reference similar to a package.
+Named configs would be created and published through a set of new CLI commands (`zarf config create` and `zarf config publish`).  This would pull together any referenced files or necessary artifacts and either create a local `tar.zst` or publish an OCI reference similar to a package.  This config would then be referenced and applied during a package deployment.
+
+Because package configurations refer to packages a `zarf config list oci://<registry>/<package>` command would also be added that, for an OCI reference, would list the available named configs for that package.
 
 ### Test Plan
 

From 2e730cf592b1a52d25f1b81e614db25aecaf4127 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Sat, 5 Apr 2025 13:53:48 -0600
Subject: [PATCH 7/7] more info

Signed-off-by: Wayne Starr <me@racer159.com>
---
 0023-zarf-named-configs/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/0023-zarf-named-configs/README.md b/0023-zarf-named-configs/README.md
index 35d0161..0d357bd 100644
--- a/0023-zarf-named-configs/README.md
+++ b/0023-zarf-named-configs/README.md
@@ -87,7 +87,7 @@ This ZEP proposes to allow configuration specific to a Zarf package deployment t
 
 ## Motivation
 
-This proposal comes from a desire to even further lower the barrier to entry for the deploy persona by pre-baking some deployment configuration for a Zarf package into named configurations that can be selected from.  In some environments a user deploying a Zarf package may not have system administrator experience and an SRE may want to pre-configure the package for them to make the package even more declarative and easier to manage.  Additionally many Zarf packages cross security domains and might not be able to contain their related configuration inside the package at create time.  Having a way to marry the package with the configuration within the deployment environment would help with this as well.
+This proposal comes from a desire to even further lower the barrier to entry for the deploy persona by pre-baking some deployment configuration for a Zarf package into named configurations that can be selected from.  In some environments a user deploying a Zarf package may not have system administrator experience and an SRE may want to pre-configure the package for them to make the package even more declarative and easier to manage.  Additionally many Zarf packages cross security domains and might not be able to contain their related configuration inside the package at create time.  Having a way to marry the package with the configuration within the deployment environment would help with this as well.  Some packages also may have a set of configurations that could be selected from (i.e. `device1`, `device2`, `device3`) that would be useful to manage sets of similar but different deployments.
 
 ### Goals
 
@@ -96,7 +96,7 @@ This proposal comes from a desire to even further lower the barrier to entry for
 
 ### Non-Goals
 
-- Provide configuration outside of the deployment of the package
+- Provide configuration outside of the deployment of the package (i.e. geared towards the Ashton persona)
 - Include security relevant deployment configuration in the registry (i.e. package signing keys)
 
 ## Proposal